Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adware-driven browser redirection to various PC fix sites


  • This topic is locked This topic is locked
27 replies to this topic

#1 jwm4

jwm4

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 AM

Posted 19 June 2017 - 05:02 PM

Sites to which i am redirected include:
  • zrryzi.com
  • land.pckeep.software
  • reimageplus.com
  • pcassistance.co
  • thunbreakablebrain.net
  • promos.mcafee.com
  • support.desk.me
  • mini-sites.net
  • capacitorexterminator.com
  • grandaxis.com
This occurs on 2 PC's with the same Google Chrome browser account. I've tried deleting all Chrome data, resetting Chrome on both PC's, unlinking Chrome from sync'd user account, running adwcleaner, Malwarebytes, junkware removal, SuperAntipyware and sometimes get temporary relief, but it ALWAYS comes back.
 
I clearly need your expert assistance to look deeper and more thoroughly. Look forward to hearing from you!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-06-2017 01
Ran by jwm4 (administrator) on DELL9530 (19-06-2017 16:02:43)
Running from C:\Users\jwm4.LOCAL\Desktop
Loaded Profiles: jwm4 (Available Profiles: Jim & jwm4)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Secure System
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Stardock Software, Inc) C:\Program Files (x86)\EdgeRunner\Multiplicity\MultiSrv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Stardock Software, Inc) C:\Program Files (x86)\EdgeRunner\Multiplicity\MP2Control.exe
(Stardock) C:\Program Files (x86)\EdgeRunner\Multiplicity\MultiPLV64.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Stardock Software, Inc) C:\Program Files (x86)\EdgeRunner\Multiplicity\Multipl2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Stardock Software, Inc) C:\Program Files (x86)\EdgeRunner\Multiplicity\MP2Drag.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Pushbullet Inc) C:\Users\jwm4.LOCAL\AppData\Local\Pushbullet\bin\pushbullet_client.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8712960 2015-10-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MA3Firmware] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-23] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369248 2015-07-21] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [atom] => C:\ProgramData\SquirrelMachineInstalls\atom.exe --checkInstall
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-06-16] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1165\G2AWinLogon_x64.dll [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\Run: [Notezilla] => [X]
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [345600 2015-07-01] (Pushbullet inc)
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2017-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7956384 2017-06-01] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
Startup: C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-04-03]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2017-04-06]
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-04-03]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2017-04-06]
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.10
Tcpip\..\Interfaces\{21e76e63-a116-425a-8a1b-61ef760e3938}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{a958142f-c6fc-471f-b552-3db3050ad871}: [DhcpNameServer] 192.168.1.10

Internet Explorer:
==================
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\Software\Microsoft\Internet Explorer\Main,Start Page = about:NewsFeed
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-16] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-16] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-27] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-05-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-27] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-01-05] (LastPass)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-16] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: jlwkg9ad.default
FF ProfilePath: C:\Users\jwm4.LOCAL\AppData\Roaming\Mozilla\Firefox\Profiles\jlwkg9ad.default [2017-06-19]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-12]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-01] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default [2017-06-19]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-01]
CHR Extension: (Allow Copy - Click to activate on this tab) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\abidndjnodakeaicodfpgcnlkpppapah [2017-06-13]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-06-01]
CHR Extension: (Text URL Linker) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegfbpchoheaflicfmggkmlmcccpjpgd [2017-06-01]
CHR Extension: (ChromeAccess) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeoigbhkilbllfomkmmilbfochhlgdmh [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-01]
CHR Extension: (WUTemp extension) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\baahcllkjamainfhhdimbnipdlaeappd [2017-06-01]
CHR Extension: (Open with Microsoft Office Online Viewer) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcknfcclbcpdeopdopomkdbjmldgdeld [2017-06-01]
CHR Extension: (Adguard AdBlocker) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-06-01]
CHR Extension: (ColorZilla) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2017-06-01]
CHR Extension: (MEGA) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-06-19]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-01]
CHR Extension: (History 2) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp [2017-06-01]
CHR Extension: (Pushbullet) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2017-06-01]
CHR Extension: (Clear Cache) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2017-06-01]
CHR Extension: (Copy All Urls) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\djdmadneanknadilpjiknlnanaolmbfk [2017-06-01]
CHR Extension: (Last Tab Standing) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopnnfglheodcopccdllffcijjeenkj [2017-06-01]
CHR Extension: (Add to Wunderlist) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnddeddcgdllibmaodanoonljfdmooc [2017-06-01]
CHR Extension: (Session Buddy) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-06-13]
CHR Extension: (Adobe Acrobat) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-01]
CHR Extension: (Tabs Outliner) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2017-06-01]
CHR Extension: (Copytables) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdpkppgmlalfkphpibadldikjimijon [2017-06-01]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2017-06-01]
CHR Extension: (Photo Zoom for Twitter) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc [2017-06-01]
CHR Extension: (Recent History) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmkfdfomhhlonpbnpiibloacemdhjjm [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-01]
CHR Extension: (Search in background tab) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikfhablannhlgejpiklhbkonjkakodf [2017-06-01]
CHR Extension: (Feedly Subscribe Button) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbbnddjfcllebfcnihfgmdplgaiejepc [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-13]
CHR Extension: (Vanilla Cookie Manager) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj [2017-06-01]
CHR Extension: (Wappalyzer) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2017-06-13]
CHR Extension: (Open SEO Stats(Formerly: PageRank Status)) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo [2017-06-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-06-13]
CHR Extension: (Super Simple Highlighter) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlhjgianpocpoppaiihmlpgcoehlhio [2017-06-01]
CHR Extension: (Video Bookmarks) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpgpmmooejhfhojndincjeonokodggj [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibkclpciafdglkjkcibmohobjkcfkaef [2017-06-01]
CHR Extension: (Table Capture) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebpjdmgckacbodjpijphcplhebcmeop [2017-06-01]
CHR Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2017-06-01]
CHR Extension: (Quick Tabs) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnjfeinjfmenlddahdjdmgpbokiacbbb [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbgplcfihfeioiaddclapccnefggiddn [2017-06-01]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-06-01]
CHR Extension: (Zoom) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2017-06-13]
CHR Extension: (mobile browser emulator) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbofcampnkjmiomohpbaihdcbjhbfepf [2017-06-01]
CHR Extension: (Image Backtrace!) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\llegpclcdlmjgegelelbbddjcpbhdfbm [2017-06-01]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2017-06-01]
CHR Extension: (Flashcontrol) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2017-06-01]
CHR Extension: (Copy as plain text - amaz.in/g) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkkcgjeddgdnikkeoinjgbocghokolck [2017-06-01]
CHR Extension: (Cellect) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcoeiihmfepcagkdeoodgnegkddcpop [2017-06-01]
CHR Extension: (feedly) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2017-06-01]
CHR Extension: (Save to Pocket) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-06-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2017-06-13]
CHR Extension: (ColorPick Eyedropper) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2017-06-01]
CHR Extension: (Black and White) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\onpphpnfgidbadcijndjfiecbbjdecop [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-01]
CHR Extension: (Chrome Media Router) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-14]
CHR Extension: (RightToCopy) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmcimdddlobkphnofejmeidjblideca [2017-06-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2015-07-21] (Microsoft Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-09] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-06-16] (Dropbox, Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [229376 2016-05-13] (Dell Inc.)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4366288 2016-08-31] (SecureMix LLC)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-06-24] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-06-03] (Paramount Software UK Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1385280 2013-12-10] (Microsoft Corp.)
R2 Multiplicity; C:\Program Files (x86)\EdgeRunner\Multiplicity\MultiSrv.exe [209216 2015-07-16] (Stardock Software, Inc)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-10-03] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-23] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [220440 2017-04-12] (Stardock Software, Inc)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [32728 2017-04-25] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [2231296 2017-06-13] (Microsoft Corporation)
R2 vmms; C:\WINDOWS\system32\vmms.exe [14414336 2017-06-13] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 UPWSvc; C:\ProgramData\UserProfileMigrationService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-08-29] (OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50664 2015-10-30] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [22016 2017-06-13] (Microsoft Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2015-08-29] ()
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [23552 2017-06-13] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3515664 2016-01-29] (Intel Corporation)
R1 networx; C:\WINDOWS\System32\drivers\networx.sys [70120 2015-08-06] (NetFilterSDK.com)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [25088 2017-06-13] (Microsoft Corporation)
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2017-06-13] (Microsoft Corporation)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [51712 2017-06-13] (Microsoft Corporation)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31232 2017-06-13] (Microsoft Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [777944 2016-03-21] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72288 2017-02-16] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [104448 2017-06-13] (Microsoft Corporation)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [31232 2017-06-13] (Microsoft Corporation)
R2 VMSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-06-13] (Microsoft Corporation)
R0 vmsproxy; C:\WINDOWS\System32\drivers\vmsproxy.sys [33696 2017-06-13] (Microsoft Corporation)
S3 VMSVSF; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-06-13] (Microsoft Corporation)
S3 VMSVSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-06-13] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-04] (Zemana Ltd.)
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-07-08] (CyberLink Corp.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-19 16:02 - 2017-06-19 16:02 - 00046574 _____ C:\Users\jwm4.LOCAL\Desktop\FRST.txt
2017-06-19 15:57 - 2017-06-19 15:57 - 02439680 _____ (Farbar) C:\Users\jwm4.LOCAL\Desktop\FRST64.exe
2017-06-19 15:41 - 2017-06-19 15:41 - 00000000 ___HD C:\OneDriveTemp
2017-06-19 12:09 - 2017-06-19 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-17 01:26 - 2017-06-17 01:26 - 00000000 ____D C:\Program Files (x86)\Macrium
2017-06-16 13:33 - 2017-06-16 13:33 - 00049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-06-16 13:33 - 2017-06-16 13:33 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-06-16 13:33 - 2017-06-16 13:33 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-06-16 13:33 - 2017-06-16 13:33 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-06-15 23:22 - 2017-06-15 23:22 - 00000000 ____D C:\Program Files\HitmanPro
2017-06-15 22:09 - 2017-06-15 22:09 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Roaming\proDAD
2017-06-15 22:08 - 2017-06-15 22:08 - 00003300 _____ C:\WINDOWS\system32\adorage-protocol.txt
2017-06-14 01:08 - 2017-06-14 01:08 - 00002485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-06-13 23:15 - 2017-06-13 23:15 - 00000000 ____D C:\Windows.old
2017-06-13 23:14 - 2017-06-13 23:14 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 05776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 04544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 03856896 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmchipset.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02231296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 02228120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02102272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-13 23:14 - 2017-06-13 23:14 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-13 23:14 - 2017-06-13 23:14 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01652736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01516448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01458592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00848288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00844696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-13 23:14 - 2017-06-13 23:14 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00751616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wnv.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00697760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-06-13 23:14 - 2017-06-13 23:14 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-06-13 23:14 - 2017-06-13 23:14 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-13 23:14 - 2017-06-13 23:14 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmusrv.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-13 23:14 - 2017-06-13 23:14 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-13 23:14 - 2017-06-13 23:14 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-06-13 23:14 - 2017-06-13 23:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-13 23:14 - 2017-06-13 23:14 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-13 23:14 - 2017-06-13 23:14 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-13 23:14 - 2017-06-13 23:14 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-13 23:12 - 2017-06-13 19:18 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-13 23:12 - 2017-03-18 02:48 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2017-06-13 23:12 - 2017-03-18 02:08 - 17777152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2017-06-13 23:12 - 2017-03-18 02:05 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2017-06-13 23:12 - 2017-03-18 02:02 - 00393216 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2017-06-13 23:12 - 2017-03-18 01:59 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2017-06-13 23:12 - 2017-03-18 01:59 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2017-06-13 23:12 - 2017-03-18 01:57 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2017-06-13 23:12 - 2017-03-18 01:53 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2017-06-13 23:12 - 2017-03-18 01:52 - 04897280 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2017-06-13 23:12 - 2017-03-18 01:49 - 01309184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2017-06-13 23:12 - 2017-03-18 01:49 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2017-06-13 23:12 - 2017-03-18 01:48 - 13785600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2017-06-13 23:12 - 2017-03-18 01:47 - 06806016 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2017-06-13 23:12 - 2017-03-18 01:46 - 00370176 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2017-06-13 23:12 - 2017-03-18 01:44 - 01977344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2017-06-13 23:12 - 2017-03-18 01:44 - 01174528 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2017-06-13 23:12 - 2017-03-18 01:44 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2017-06-13 23:12 - 2017-03-18 01:44 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2017-06-13 23:12 - 2017-03-18 01:43 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2017-06-13 23:12 - 2017-03-18 01:43 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2017-06-13 23:12 - 2017-03-18 01:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2017-06-13 23:12 - 2017-03-18 01:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll
2017-06-13 23:12 - 2017-03-18 01:41 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2017-06-13 23:12 - 2017-03-18 01:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll
2017-06-13 23:12 - 2017-03-18 01:38 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2017-06-13 23:12 - 2017-03-18 01:35 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll
2017-06-13 23:12 - 2017-03-18 01:35 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2017-06-13 23:12 - 2017-03-18 01:33 - 05141504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2017-06-13 23:12 - 2017-03-18 01:33 - 03648000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2017-06-13 23:12 - 2017-03-18 01:30 - 01480704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2017-06-13 23:12 - 2017-03-18 01:30 - 00926208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe
2017-06-13 23:12 - 2017-03-18 01:30 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2017-06-13 23:12 - 2017-03-18 01:30 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2017-06-13 23:12 - 2017-03-18 01:29 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2017-06-13 23:12 - 2017-03-18 01:29 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2017-06-13 23:12 - 2017-03-18 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll
2017-06-13 23:11 - 2017-06-13 23:11 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-13 23:09 - 2017-06-13 23:15 - 00000000 ____D C:\Program Files\Hyper-V
2017-06-13 23:09 - 2017-06-13 23:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-06-13 23:09 - 2017-06-13 23:09 - 00000000 ___SD C:\WINDOWS\system32\containers
2017-06-13 23:09 - 2017-06-13 23:09 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-06-13 23:09 - 2017-06-13 23:09 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-13 23:09 - 2017-06-13 23:09 - 00000000 ____D C:\Program Files\MSBuild
2017-06-13 23:09 - 2017-06-13 23:09 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-13 23:09 - 2017-06-13 19:22 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-13 23:09 - 2017-02-10 15:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-06-13 23:09 - 2017-02-10 15:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-13 23:09 - 2017-02-10 15:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-06-13 23:09 - 2017-02-10 15:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-13 23:09 - 2017-02-10 15:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-13 23:09 - 2017-02-10 15:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-13 21:57 - 2017-06-13 21:57 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-13 21:56 - 2017-06-13 21:56 - 00000020 ___SH C:\Users\jwm4.LOCAL\ntuser.ini
2017-06-13 19:34 - 2017-06-13 19:34 - 00000000 _SHDL C:\Users\Default\My Documents
2017-06-13 19:32 - 2017-06-13 19:33 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2017-06-13 19:32 - 2017-06-13 19:33 - 00011433 _____ C:\WINDOWS\diagerr.xml
2017-06-13 19:31 - 2017-06-19 15:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-13 19:31 - 2017-06-17 01:30 - 00003522 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{1D39F467-290C-44F6-AFBC-FF612CCC61AC}
2017-06-13 19:31 - 2017-06-13 19:31 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-06-13 19:31 - 2017-06-13 19:31 - 00003464 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{DADDA4FC-A4D6-4AEF-BCA6-A41C7190A477}
2017-06-13 19:31 - 2017-06-13 19:31 - 00003430 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-06-13 19:31 - 2017-06-13 19:31 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-13 19:31 - 2017-06-13 19:31 - 00003320 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task d31ca9b6-e88e-4b38-b514-66dcdc2daa58
2017-06-13 19:31 - 2017-06-13 19:31 - 00003312 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 60c1b5b1-2b20-4444-ad04-556611266d4c
2017-06-13 19:31 - 2017-06-13 19:31 - 00003284 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{984B9A72-2F7B-46C5-B5CE-93F9E0C1B0AA}
2017-06-13 19:31 - 2017-06-13 19:31 - 00003278 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2017-06-13 19:31 - 2017-06-13 19:31 - 00003276 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2017-06-13 19:31 - 2017-06-13 19:31 - 00003256 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-471456211-1128354712-3898517561-1001
2017-06-13 19:31 - 2017-06-13 19:31 - 00003206 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-06-13 19:31 - 2017-06-13 19:31 - 00003160 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-471456211-1128354712-3898517561-1001
2017-06-13 19:31 - 2017-06-13 19:31 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-13 19:31 - 2017-06-13 19:31 - 00003106 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 1eca1489-d8dc-47cb-9b69-1f7079ae57be
2017-06-13 19:31 - 2017-06-13 19:31 - 00003102 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task dccc58fd-18f3-45e3-a58a-43ab56de83b2
2017-06-13 19:31 - 2017-06-13 19:31 - 00003096 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2017-06-13 19:31 - 2017-06-13 19:31 - 00003084 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task f556320e-6c0a-446d-a322-2dfa48b8ead3
2017-06-13 19:31 - 2017-06-13 19:31 - 00003084 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 3b88d034-aced-4806-85fe-c9b66d7437cb
2017-06-13 19:31 - 2017-06-13 19:31 - 00002996 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2017-06-13 19:31 - 2017-06-13 19:31 - 00002982 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2017-06-13 19:31 - 2017-06-13 19:31 - 00002820 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2017-06-13 19:31 - 2017-06-13 19:31 - 00002770 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-13 19:31 - 2017-06-13 19:31 - 00002746 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-NGT-jwm4
2017-06-13 19:31 - 2017-06-13 19:31 - 00002588 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-06-13 19:31 - 2017-06-13 19:31 - 00002242 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2017-06-13 19:28 - 2017-06-13 19:28 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-13 19:28 - 2017-06-13 19:28 - 00000000 ____D C:\ProgramData\USOShared
2017-06-13 19:21 - 2017-06-13 19:29 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-06-13 19:20 - 2017-06-19 15:47 - 01008296 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-13 19:20 - 2017-06-19 15:41 - 00000000 ____D C:\Users\jwm4.LOCAL
2017-06-13 19:20 - 2017-06-13 19:30 - 00000000 ____D C:\Users\Jim
2017-06-13 19:20 - 2017-06-13 19:20 - 00941228 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-06-13 19:20 - 2017-06-13 19:20 - 00000000 _SHDL C:\Users\jwm4.LOCAL\My Documents
2017-06-13 19:20 - 2017-06-13 19:20 - 00000000 _SHDL C:\Users\Jim\My Documents
2017-06-13 19:20 - 2017-03-18 16:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-13 19:19 - 2017-06-19 15:41 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-13 19:19 - 2017-06-13 19:22 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-13 19:19 - 2017-06-13 19:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-13 19:19 - 2017-06-13 19:22 - 00000000 ____D C:\Program Files (x86)\Intel
2017-06-13 19:19 - 2017-06-13 19:19 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-06-13 19:19 - 2017-06-13 19:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-06-13 19:19 - 2017-06-13 19:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2017-06-13 19:19 - 2017-06-13 19:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-06-13 19:19 - 2017-06-13 19:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2017-06-13 19:19 - 2017-06-13 19:19 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-06-13 19:19 - 2017-06-13 19:19 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-13 19:19 - 2017-06-13 19:19 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-06-13 19:19 - 2016-08-01 08:54 - 06386744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-06-13 19:19 - 2016-08-01 08:54 - 02466360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-06-13 19:19 - 2016-08-01 08:54 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-06-13 19:19 - 2016-08-01 08:54 - 01365048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2017-06-13 19:19 - 2016-08-01 08:54 - 00547896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-06-13 19:19 - 2016-08-01 08:54 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-06-13 19:19 - 2016-08-01 08:54 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-06-13 19:19 - 2016-08-01 08:54 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-06-13 19:19 - 2016-07-28 09:02 - 07242545 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-06-13 19:19 - 2016-06-24 00:03 - 00099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-06-13 19:18 - 2017-06-19 15:39 - 00415520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-13 19:18 - 2017-06-19 14:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-13 19:18 - 2017-06-13 19:22 - 00000000 ____D C:\Program Files\Intel
2017-06-13 19:18 - 2017-06-13 19:18 - 00340711 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2017-06-13 19:18 - 2017-06-13 19:18 - 00077870 _____ C:\WINDOWS\system32\Drivers\RTWAVES30.dat
2017-06-13 19:18 - 2017-06-13 19:18 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-06-13 19:18 - 2017-06-13 19:18 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-06-13 19:18 - 2017-06-13 19:18 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-06-13 19:18 - 2017-06-13 19:18 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-06-13 19:18 - 2017-06-13 19:18 - 00000000 ____D C:\Program Files\Synaptics
2017-06-13 19:18 - 2017-06-13 19:18 - 00000000 ____D C:\Program Files\Realtek
2017-06-13 17:59 - 2017-06-13 17:59 - 00000000 ____D C:\Users\jwm4.LOCAL\.atom
2017-06-11 03:55 - 2017-06-13 21:56 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-09 01:51 - 2017-06-09 01:51 - 00001262 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-06-05 22:43 - 2017-06-13 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2017-06-02 09:34 - 2017-06-13 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2017-06-02 09:34 - 2017-06-02 09:34 - 00000000 ____D C:\Program Files (x86)\Evernote
2017-06-01 18:44 - 2017-06-15 16:01 - 00002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-30 22:03 - 2017-05-30 22:03 - 00000460 _____ C:\Users\jwm4.LOCAL\AppData\Local\OfficeMix_16_0.txt
2017-05-29 11:31 - 2017-06-13 19:29 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-29 11:31 - 2017-05-29 11:32 - 00000000 ____D C:\Program Files\UNP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-19 16:02 - 2016-09-05 04:00 - 00090937 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-06-19 16:02 - 2016-05-05 00:12 - 00000000 ____D C:\FRST
2017-06-19 15:57 - 2015-08-29 18:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-19 15:41 - 2017-04-04 15:39 - 00000000 ___RD C:\Users\jwm4.LOCAL\Creative Cloud Files
2017-06-19 15:41 - 2017-04-03 15:33 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\Pushbullet
2017-06-19 15:41 - 2017-04-03 12:09 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\Adobe
2017-06-19 15:41 - 2015-08-29 17:34 - 00000000 __SHD C:\Users\jwm4\IntelGraphicsProfiles
2017-06-19 15:40 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-19 15:40 - 2015-08-29 17:34 - 00019324 __RSH C:\ProgramData\ntuser.pol
2017-06-19 15:40 - 2015-08-29 17:33 - 00000144 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-06-19 15:39 - 2017-03-18 07:40 - 01572864 _____ C:\WINDOWS\system32\config\BBI
2017-06-19 15:39 - 2016-05-10 17:20 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-06-19 15:39 - 2016-02-21 18:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-19 15:39 - 2016-02-21 18:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-19 15:39 - 2016-02-06 02:54 - 00000500 _____ C:\WINDOWS\Tasks\Macrium-Backup-{1D39F467-290C-44F6-AFBC-FF612CCC61AC}.job
2017-06-19 13:11 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-19 13:11 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-19 12:10 - 2017-04-09 18:29 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-17 01:26 - 2016-02-06 02:11 - 00035530 _____ C:\WINDOWS\Macrium Reflect Patch Log.txt
2017-06-16 19:50 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 22:15 - 2016-05-10 17:20 - 01231180 _____ C:\WINDOWS\ZAM.krnl.trace
2017-06-15 22:11 - 2015-12-10 13:46 - 00000000 ____D C:\Program Files (x86)\Digify
2017-06-15 22:08 - 2015-09-02 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security
2017-06-15 22:00 - 2016-05-11 17:09 - 00000000 ____D C:\AdwCleaner
2017-06-14 21:17 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 21:16 - 2016-09-14 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 21:13 - 2016-07-12 16:45 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2017-06-14 21:13 - 2015-08-29 16:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 21:09 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-14 21:09 - 2015-08-29 16:49 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 04:49 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-13 23:17 - 2017-03-18 17:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-13 23:15 - 2017-03-18 17:06 - 00000000 ____D C:\WINDOWS\Setup
2017-06-13 23:15 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-13 23:15 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-13 23:15 - 2017-03-18 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-13 23:15 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-13 23:15 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-13 23:15 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-13 23:15 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-13 23:15 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-13 23:15 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-13 23:15 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-13 23:15 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-13 23:15 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-13 23:09 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\schemas
2017-06-13 23:09 - 2017-03-18 16:59 - 14414336 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe
2017-06-13 23:09 - 2017-03-18 16:59 - 04525568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvgm.exe
2017-06-13 23:09 - 2017-03-18 16:59 - 02008248 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2017-06-13 23:09 - 2017-03-18 16:59 - 01570212 _____ C:\WINDOWS\system32\WindowsVirtualization.V2.mof
2017-06-13 23:09 - 2017-03-18 16:59 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmuidevices.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 01261568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmemulateddevices.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 01149404 _____ C:\WINDOWS\system32\WindowsHyperVCluster.V2.mof
2017-06-13 23:09 - 2017-03-18 16:59 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe
2017-06-13 23:09 - 2017-03-18 16:59 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsconfig.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedStorage.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00376320 _____ C:\WINDOWS\system32\VmDataStore.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicvdev.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00341512 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmEngUM.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthstor.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedNic.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsmb.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynth3dvideo.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmSynthNic.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdynmem.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmserial.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthfcvdev.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicrdv.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\hcsdiag.exe
2017-06-13 23:09 - 2017-03-18 16:59 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpupvdev.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpcievdev.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00144967 _____ C:\WINDOWS\system32\virtmgmt.msc
2017-06-13 23:09 - 2017-03-18 16:59 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\HgsClientWmi.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmtpm.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdebug.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00135424 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsp.exe
2017-06-13 23:09 - 2017-03-18 16:59 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbusvdev.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdp4vs.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCG.exe
2017-06-13 23:09 - 2017-03-18 16:59 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCGLaunchPad.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00074656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtpm.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmmsprox.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wnvapi.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys
2017-06-13 23:09 - 2017-03-18 16:59 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\HyperVSysprepProvider.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vid.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00036696 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbresources.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationVdev.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmsproxy.sys
2017-06-13 23:09 - 2017-03-18 16:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdparser.sys
2017-06-13 23:09 - 2017-03-18 16:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ramparser.sys
2017-06-13 23:09 - 2017-03-18 16:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdvgmProxy.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdvGpuInfo.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys
2017-06-13 23:09 - 2017-03-18 16:59 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lunparser.sys
2017-06-13 23:09 - 2017-03-18 16:59 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcomputeeventlog.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocketcontrol.sys
2017-06-13 23:09 - 2017-03-18 16:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RdvgmProxy.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\synth3dvideoproxy.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifproxystub.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\HostGuardianServiceClientResources.dll
2017-06-13 23:09 - 2017-03-18 16:59 - 00012192 _____ (Microsoft Corporation) C:\WINDOWS\system32\e517e4cd-0fde-406b-b1cf-56cd97edd483_hyperv.dll
2017-06-13 23:09 - 2017-03-18 16:56 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2017-06-13 23:09 - 2017-03-18 16:56 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbusr.sys
2017-06-13 23:09 - 2017-03-18 16:56 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsp.sys
2017-06-13 23:09 - 2017-03-18 16:56 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcip.sys
2017-06-13 23:09 - 2017-03-18 16:56 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspiper.dll
2017-06-13 22:12 - 2017-04-03 12:09 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\Packages
2017-06-13 21:58 - 2017-04-03 12:10 - 00002418 _____ C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-13 21:58 - 2017-04-03 12:10 - 00000000 ___RD C:\Users\jwm4.LOCAL\OneDrive
2017-06-13 21:57 - 2017-04-03 12:09 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\ConnectedDevicesPlatform
2017-06-13 21:56 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-13 21:56 - 2016-02-20 19:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-06-13 21:56 - 2016-02-20 19:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-06-13 21:56 - 2015-08-29 16:57 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-13 19:33 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-13 19:33 - 2017-03-18 07:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-13 19:32 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Registration
2017-06-13 19:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-13 19:31 - 2017-03-18 22:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-13 19:31 - 2015-11-13 17:14 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-13 19:30 - 2017-03-18 17:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-13 19:29 - 2017-05-04 18:01 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-06-13 19:29 - 2017-05-04 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-06-13 19:29 - 2017-05-04 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-06-13 19:29 - 2017-04-27 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-13 19:29 - 2017-04-17 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-06-13 19:29 - 2017-04-13 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Power BI Desktop
2017-06-13 19:29 - 2017-04-04 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-06-13 19:29 - 2017-04-03 14:22 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2017-06-13 19:29 - 2016-02-20 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio
2017-06-13 19:29 - 2016-02-20 19:15 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2017-06-13 19:29 - 2016-02-20 19:12 - 00000000 ____D C:\WINDOWS\system32\1033
2017-06-13 19:29 - 2015-11-17 20:51 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-06-13 19:29 - 2015-10-24 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-06-13 19:29 - 2015-09-02 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communications
2017-06-13 19:29 - 2015-09-02 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud Services
2017-06-13 19:29 - 2015-09-02 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notes
2017-06-13 19:29 - 2015-09-02 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016
2017-06-13 19:22 - 2017-05-17 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2017-06-13 19:22 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-13 19:22 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-13 19:22 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-06-13 19:22 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-13 19:22 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-13 19:22 - 2016-09-05 13:11 - 00000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2017-06-13 19:22 - 2016-09-05 13:11 - 00000000 ___RD C:\WINDOWS\WebManagement
2017-06-13 19:22 - 2016-04-11 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Code Editors
2017-06-13 19:22 - 2016-02-29 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Networking
2017-06-13 19:22 - 2016-02-20 19:33 - 00000000 ____D C:\Program Files\IIS
2017-06-13 19:22 - 2016-02-06 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dev
2017-06-13 19:22 - 2016-01-17 05:58 - 00000000 ____D C:\WINDOWS\SysWOW64\ipam
2017-06-13 19:22 - 2016-01-17 05:58 - 00000000 ____D C:\WINDOWS\system32\ServerManagerInternal
2017-06-13 19:22 - 2016-01-17 05:58 - 00000000 ____D C:\WINDOWS\system32\ipam
2017-06-13 19:22 - 2016-01-17 05:58 - 00000000 ____D C:\WINDOWS\Cluster
2017-06-13 19:22 - 2016-01-17 05:58 - 00000000 ____D C:\Program Files\Update Services
2017-06-13 19:22 - 2015-11-13 14:19 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-06-13 19:22 - 2015-10-24 15:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media
2017-06-13 19:22 - 2015-09-02 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google
2017-06-13 19:22 - 2015-09-02 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2017-06-13 19:22 - 2015-09-02 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardware
2017-06-13 19:22 - 2015-08-29 20:11 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-06-13 19:21 - 2015-07-10 07:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-13 19:20 - 2017-04-03 12:10 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-06-13 19:20 - 2015-08-29 16:57 - 00000000 ____D C:\Users\Jim\AppData\Local\Packages
2017-06-13 19:19 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Help
2017-06-13 19:19 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-13 19:19 - 2015-11-12 22:15 - 00000000 ____D C:\temp
2017-06-13 19:01 - 2017-03-18 23:20 - 00000000 ___HD C:\$WINDOWS.~BT
2017-06-13 19:00 - 2017-04-06 18:10 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\EvernoteNW
2017-06-13 17:59 - 2017-04-03 12:10 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Roaming\Atom
2017-06-12 13:01 - 2015-08-29 17:40 - 00000000 ___RD C:\Dropbox
2017-06-11 03:54 - 2017-04-04 13:14 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\CrashDumps
2017-06-09 01:51 - 2017-04-03 12:09 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Roaming\Adobe
2017-06-09 01:51 - 2015-10-24 14:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-06 17:37 - 2015-08-31 18:49 - 00000000 ____D C:\ProgramData\TEMP
2017-06-05 22:43 - 2015-11-05 16:42 - 00000000 ____D C:\Program Files\Macrium
2017-06-05 22:43 - 2015-11-05 16:29 - 00000000 ____D C:\ProgramData\Macrium
2017-06-03 02:32 - 2017-03-18 17:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 02:32 - 2017-03-18 17:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-01 18:44 - 2017-05-04 14:11 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\Google
2017-06-01 18:43 - 2015-08-29 18:08 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-01 18:38 - 2017-05-04 02:03 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-05-31 13:58 - 2015-08-29 16:51 - 00565416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-30 12:53 - 2016-05-11 15:59 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-05-22 18:32 - 2017-04-07 00:24 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\LocalLow\Adobe
2017-05-20 18:57 - 2015-08-30 02:02 - 00000000 ____D C:\Program Files\Dell

==================== Files in the root of some directories =======

2015-08-31 18:24 - 2016-01-05 17:51 - 21376536 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2017-04-27 21:11 - 2017-04-27 21:11 - 0000600 _____ () C:\Users\jwm4.LOCAL\AppData\Roaming\winscp.rnd
2017-05-30 22:03 - 2017-05-30 22:03 - 0000460 _____ () C:\Users\jwm4.LOCAL\AppData\Local\OfficeMix_16_0.txt
2016-08-29 12:50 - 2016-08-29 12:50 - 0240130 _____ () C:\ProgramData\1472489347.bdinstall.bin
2016-08-29 12:50 - 2016-08-29 12:50 - 0028333 _____ () C:\ProgramData\1472489453.bdinstall.bin
2017-06-13 19:18 - 2017-06-13 19:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-08-30 00:53 - 2015-08-30 00:53 - 0000095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-08-30 00:53 - 2015-08-30 00:53 - 0000089 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2017-04-03 15:20 - 2017-04-03 15:20 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2017-06-17 01:26 - 2017-06-17 01:26 - 3371952 _____ () C:\Users\jwm4.LOCAL\AppData\Local\Temp\reflectPatch.exe
2017-06-15 22:08 - 2015-08-04 20:32 - 1173528 _____ (proDAD GmbH) C:\Users\jwm4.LOCAL\AppData\Local\Temp\uninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-13 19:18

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2017 01
Ran by jwm4 (19-06-2017 16:03:18)
Running from C:\Users\jwm4.LOCAL\Desktop
Windows 10 Pro Version 1703 (X64) (2017-06-13 23:34:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1520473142-215655016-7558556-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1520473142-215655016-7558556-503 - Limited - Disabled)
Guest (S-1-5-21-1520473142-215655016-7558556-501 - Limited - Disabled)
Jim (S-1-5-21-1520473142-215655016-7558556-1001 - Administrator - Enabled) => C:\Users\Jim
jim_4c4hzpa (S-1-5-21-1520473142-215655016-7558556-1003 - Administrator - Enabled)
jim_6552095 (S-1-5-21-1520473142-215655016-7558556-1005 - Administrator - Enabled)
jwm4 (S-1-5-21-1520473142-215655016-7558556-1002 - Administrator - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Active Directory Rights Management Services Client 2.1 (HKLM\...\{72035B28-4FE8-4312-8920-12B6E838BFE4}) (Version: 1.0.1908.0 - Microsoft Corporation)
Administrative Templates (ADMX) for Windows 10 Version 1511 (HKLM-x32\...\{39E58F1A-1DE1-4B60-8ECF-B54E2580D59C}) (Version: 1.0 - Microsoft Corporation)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.1.1.202 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_2) (Version: 17.0.2 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.9 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1) (Version: 18.1.0 - Adobe Systems Incorporated)
AirDroid 3.1.3.0 (HKLM-x32\...\AirDroid) (Version: 3.1.3.0 - Sand Studio)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{97FCE17A-EE75-465B-A844-3D458CF8B801}) (Version: 4.2.60128.3 - Microsoft Corporation)
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 7.3 - Bastien Mensink - A Must in Every Office BV)
Atom (HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\atom) (Version: 1.5.3 - GitHub Inc.)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.475.0 - Microsoft Corporation)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Categorize Plus (HKLM-x32\...\{73EB70C2-83A5-4583-AD16-3759BA129D3D}) (Version: 2.1.227 - VeranoSoft)
Citrix Online Launcher (HKLM-x32\...\{1B1BF50E-ACE8-4481-B362-89544FB1CD4B}) (Version: 1.0.357 - Citrix)
CyberLink Media Suite 13 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 13.0 - CyberLink Corp.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A10101BE-714B-42EE-B88B-5D3725B61425}) (Version: 1.4.2.2 - Dell)
Dell System Detect (HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\d24084d039586cae) (Version: 8.4.0.5 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{EEA45885-F3E3-4E7D-8435-E9C21D36C141}) (Version: 3.0.0.2840 - Dell Inc.)
Dell Update (HKLM-x32\...\{FE901F1A-B3D5-4BCE-AAFB-694DC51DC522}) (Version: 1.9.5.0 - Dell Inc.)
Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 29.3.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.65.1 - Dropbox, Inc.) Hidden
EasyTether (HKLM-x32\...\{c751b7eb-df27-4668-b05f-7457d2fa9e00}) (Version: 1.1.18 - Mobile Stream)
EasyTether (Version: 1.1.18 - Mobile Stream) Hidden
EasyTether ADB USB driver (HKLM\...\{F45DA6A7-AD7C-489A-B9E2-CCFC70A46A2A}) (Version: 1.0.1 - Mobile Stream)
EdgeRunner Multiplicity (HKLM-x32\...\Multiplicity) (Version: 3.41 - EdgeRunner, LLC.)
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Evernote v. 6.6.2 (HKLM-x32\...\{5ABC9D88-4576-11E7-8646-005056951CAD}) (Version: 6.6.2.5173 - Evernote Corp.)
FileZilla Client 3.15.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.15.0.1 - Tim Kosse)
GigJam Preview (HKLM-x32\...\GigJam_is1) (Version: 1.5.1 - Microsoft Corporation)
Git version 2.8.1 (HKLM\...\Git_is1) (Version: 2.8.1 - The Git Development Community)
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.74 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.32 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Kutools for Excel 13.00 (HKLM-x32\...\{A095BA43-4A97-4D55-8E25-A0BC46F10765}_is1) (Version: 13.00 - Addin Technology Inc.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.6.3 - Hermann Schinagl)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Home Edition (Version: 6.3.1813 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
ManicTime (HKLM-x32\...\{B921229E-1F81-452F-B76F-A397077F9E3B}) (Version: 3.4.6.0 - Finkit d.o.o.)
Maxx Audio Installer (x64) (Version: 2.6.6570.1 - Waves Audio Ltd.) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8201.2102 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{D8AB93B0-6FBF-44A0-971F-C0669B5AE6DD}) (Version: 7.250.4556.0 - Microsoft Corporation)
Microsoft Power BI Desktop (x64) (HKLM\...\{52F67320-8296-4F65-8F75-30338264E153}) (Version: 2.45.4704.442 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM-x32\...\{F8A2A208-72B3-4D61-95FC-8A65D340689B}_is1) (Version: 0.10.8 - Microsoft Corporation)
Microsoft Visual Studio Professional 2015 with Update 1 (HKLM-x32\...\{55470484-669e-404c-ad80-550d839126e3}) (Version: 14.0.24720.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NetWorx 5.4.1 (HKLM\...\NetWorx_is1) (Version: - Softperfect)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
Notezilla 8.0 (HKLM-x32\...\Notezilla_is1) (Version: 8.0 - Conceptworld Corporation)
NVIDIA Graphics Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.22 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.6.0.0 - NXP Semiconductors)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Office Mix (HKLM-x32\...\{f8c0b802-bb75-41db-9742-9d4196b0c001}) (Version: 0.1.3885.0 - Microsoft Corporation)
Office Mix 32-bit (x32 Version: 0.1.3885.0 - Microsoft) Hidden
Office Tab (HKLM\...\{DE469D65-1DEB-4058-BF95-C642D733668D}_is1) (Version: 12.00 - Addin Technology Inc.)
PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21289 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
Registry Workshop (HKLM\...\Registry Workshop) (Version: - )
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.24730 - Microsoft Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 6.2 - Screaming Frog Ltd)
Semaphor x64 (HKLM\...\{ABAE81A3-EFF4-45E4-9397-65643D4A61A8}) (Version: 1.1.7 - SpiderOak)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SMSC LAN7500 Device Driver (HKLM\...\{CD5CE47C-2C77-4A56-AB3A-27A92DB4EC1E}) (Version: 15.07.23.0 - SMSC)
SoftPerfect WiFi Guard version 1.0.7 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.7 - SoftPerfect)
Stardock Start10 (HKLM-x32\...\Stardock Start10) (Version: 1.55 - Stardock Software, Inc.)
Sublime Text Build 3103 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1240 - SUPERAntiSpyware.com)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Veodin SlideProof (HKLM-x32\...\{F74CA1B6-CD7E-47CF-9327-34E3446619C3}) (Version: 3.4.4 - Veodin)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
WinSCP 5.8.1 beta (HKLM-x32\...\winscp3_is1) (Version: 5.8.1 beta - Martin Prikryl)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2050356926-2570848730-1589625832-1106_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-AB2FE1308188}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0802E939-6403-4EBC-9D56-5C273D08FF58} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-01] (Google Inc.)
Task: {16470237-A978-4581-A455-779E7F813054} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-06-16] (Microsoft Corporation)
Task: {1D6F23AB-E78A-4552-9CB0-E89D42CF3171} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {29D33227-1584-40D8-A92B-32C623CBE1A3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-16] ()
Task: {3FEADDCA-67B4-4156-A94B-0CA19FDC1D8D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {4034C3A1-7805-42ED-A0A6-B1AC2086F39A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {4202A4D4-EA7C-45B9-91A9-12DD19E6F9E7} - System32\Tasks\SUPERAntiSpyware Scheduled Task 1eca1489-d8dc-47cb-9b69-1f7079ae57be => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {43C5DCC5-9F73-4143-8C2C-8D64C2D48234} - System32\Tasks\G2MUploadTask-S-1-5-21-471456211-1128354712-3898517561-1001 => C:\Users\jwm4\AppData\Local\Citrix\GoToMeeting\4431\g2mupload.exe
Task: {452F4C94-7919-4553-9ABE-C3A9E83D21B9} - System32\Tasks\Macrium-Backup-{1D39F467-290C-44F6-AFBC-FF612CCC61AC} => C:\Program Files\Macrium\Reflect\reflect.exe [2017-06-07] (Paramount Software UK Ltd)
Task: {4CFC271E-665C-4543-8D25-763610A72E78} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {4E29991D-8B60-4A5C-84A1-0D07FFBFB011} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-02-16] (Synaptics Incorporated)
Task: {4E2CE4D9-4057-47F6-A20F-6A8B18BD5EB7} - System32\Tasks\SUPERAntiSpyware Scheduled Task 3b88d034-aced-4806-85fe-c9b66d7437cb => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {586DE606-88ED-4414-B749-EE8F0C0E421B} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {5A9A2240-5484-40BB-9BD6-179446D709B1} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-04-25] (Dell Inc.)
Task: {632FF59D-C192-4D13-88A7-FB33D75DF45E} - System32\Tasks\SUPERAntiSpyware Scheduled Task dccc58fd-18f3-45e3-a58a-43ab56de83b2 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {654DEB05-28B4-406C-8411-058C697C1F21} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\Windows\system32\gpupdate.exe [2017-03-18] (Microsoft Corporation)
Task: {657B088E-8A9F-44B3-95FF-07B2E2563B13} - System32\Tasks\AdobeAAMUpdater-1.0-NGT-jwm4 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {6B788E65-D56A-49AE-AC8E-C66CC68954D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-16] (Microsoft Corporation)
Task: {6F8FF9BE-E5A3-4CA5-B2A6-69C248273EFB} - System32\Tasks\Macrium-Backup-{DADDA4FC-A4D6-4AEF-BCA6-A41C7190A477} => C:\Program Files\Macrium\Reflect\reflect.exe [2017-06-07] (Paramount Software UK Ltd)
Task: {709259DA-0707-443E-B73F-10385701F6D3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-09] (Dropbox, Inc.)
Task: {73A70732-888C-4A22-8125-99EC6260CDE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-01] (Google Inc.)
Task: {8FB9C9F7-C404-4737-81BB-A64ACC667DC7} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {972B3C03-EDC6-44C8-835B-C318864FFEB7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-14] (Microsoft Corporation)
Task: {9FAA7A41-F852-45E8-BB68-3AFB9907F26A} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\Windows\system32\gpupdate.exe [2017-03-18] (Microsoft Corporation)
Task: {A3049909-CEA2-4C13-A2F6-11A2D1651AC1} - System32\Tasks\G2MUpdateTask-S-1-5-21-471456211-1128354712-3898517561-1001 => C:\Users\jwm4\AppData\Local\Citrix\GoToMeeting\4431\g2mupdate.exe
Task: {A4FE0ED5-371D-4592-8ACD-801D7CBC6EE6} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\jwm4\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {B6A22C53-56FD-4C22-B11E-0DBAF9F4250E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 60c1b5b1-2b20-4444-ad04-556611266d4c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {BF390C52-8230-4615-BBA7-1E074E486D1E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-16] ()
Task: {BFD927FC-7E61-4EA1-8F14-0BB7F8CA7711} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {CD42C841-C3BA-44AE-9B38-151D1789F98D} - System32\Tasks\SUPERAntiSpyware Scheduled Task f556320e-6c0a-446d-a322-2dfa48b8ead3 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {D3D34FA0-D4BD-459C-94EB-0C40125EFF10} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-09] (Dropbox, Inc.)
Task: {D592E302-770C-483A-B8FB-E9847B5B4314} - System32\Tasks\SUPERAntiSpyware Scheduled Task d31ca9b6-e88e-4b38-b514-66dcdc2daa58 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {E4D57013-C37A-4563-B288-304C63E087AD} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {ED46D9B6-3C66-4AB0-BF0F-D7FBD82BBA51} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-16] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-471456211-1128354712-3898517561-1001.job => C:\Users\jwm4\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-471456211-1128354712-3898517561-1001.job => C:\Users\jwm4\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe
Task: C:\WINDOWS\Tasks\Macrium-Backup-{1D39F467-290C-44F6-AFBC-FF612CCC61AC}.job => C:\Program Files\Macrium\Reflect\reflect.exe l-e -w C:\Users\jwm4\Documents\Reflect\DELL9530 Backup.xml
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 1eca1489-d8dc-47cb-9b69-1f7079ae57be.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 3b88d034-aced-4806-85fe-c9b66d7437cb.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d31ca9b6-e88e-4b38-b514-66dcdc2daa58.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dccc58fd-18f3-45e3-a58a-43ab56de83b2.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f556320e-6c0a-446d-a322-2dfa48b8ead3.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2017-06-13 19:19 - 2016-08-01 08:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-19 09:11 - 2015-05-19 09:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-06-24 00:03 - 2016-06-24 00:03 - 00384496 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 16:59 - 2017-03-18 22:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-08 03:02 - 2017-06-08 03:02 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-08 03:02 - 2017-06-08 03:02 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-08 03:02 - 2017-06-08 03:02 - 43318784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-08 03:02 - 2017-06-08 03:02 - 02427904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-15 02:38 - 2017-05-15 02:38 - 34957896 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-06-15 16:01 - 2017-06-14 19:49 - 03824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.32\libglesv2.dll
2017-06-15 16:01 - 2017-06-14 19:49 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.32\libegl.dll
2017-05-26 03:18 - 2017-05-26 03:18 - 00492112 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-04-11 18:43 - 2017-06-16 08:07 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-08-31 18:55 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2004-09-30 14:15 - 2004-09-30 14:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2017-03-07 22:42 - 2017-03-07 22:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-08-29 20:01 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-05-30 14:18 - 2017-05-30 14:18 - 00326528 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2017-06-04 07:19 - 2017-06-04 07:19 - 52051552 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-05-30 14:18 - 2017-05-30 14:18 - 00153984 _____ () C:\Program Files (x86)\Evernote\Evernote\zlibwapi.dll
2017-05-30 14:18 - 2017-05-30 14:18 - 00217984 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll
2017-05-30 14:17 - 2017-05-30 14:17 - 26142592 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2017-05-30 13:24 - 2017-05-30 13:24 - 00740352 _____ () C:\Program Files (x86)\Evernote\Evernote\libglesv2.dll
2017-05-30 13:24 - 2017-05-30 13:24 - 00130048 _____ () C:\Program Files (x86)\Evernote\Evernote\libegl.dll
2017-06-19 12:09 - 2017-06-16 13:33 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-06-19 12:09 - 2017-06-16 13:33 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-06-19 12:09 - 2017-06-16 13:32 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-06-12 16:51 - 2017-06-16 13:32 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-06-12 16:51 - 2017-06-16 13:35 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-06-19 12:09 - 2017-06-16 13:32 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-06-19 12:09 - 2017-06-16 13:34 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-06-19 12:09 - 2017-06-16 13:32 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-06-12 16:51 - 2017-06-16 13:32 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-06-19 12:09 - 2017-06-16 13:34 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-06-19 12:09 - 2017-06-16 13:34 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-06-19 12:09 - 2017-06-16 13:32 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-06-19 12:09 - 2017-06-16 13:32 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-06-19 12:09 - 2017-06-16 13:33 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-06-12 16:51 - 2017-06-16 13:32 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-06-12 16:51 - 2017-06-16 13:32 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-06-19 12:09 - 2017-06-16 13:33 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-06-19 12:09 - 2017-06-16 13:32 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-06-12 16:51 - 2017-06-16 13:32 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-06-12 16:51 - 2017-06-16 13:35 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-06-12 16:51 - 2017-06-16 13:32 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-12 16:51 - 2017-06-16 13:32 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-06-12 16:51 - 2017-06-16 13:32 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-06-12 16:51 - 2017-06-16 13:32 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-06-12 16:51 - 2017-06-16 13:32 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-06-12 16:51 - 2017-06-16 13:32 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-06-12 16:51 - 2017-06-16 13:32 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-06-12 16:51 - 2017-06-16 13:32 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-06-19 12:09 - 2017-06-16 13:34 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-06-19 12:09 - 2017-06-16 13:34 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-06-12 16:51 - 2017-06-16 13:32 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-06-12 16:51 - 2017-06-16 13:32 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-06-12 16:51 - 2017-06-16 13:32 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-06-12 16:51 - 2017-06-16 13:35 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-19 12:09 - 2017-06-16 13:32 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-06-19 12:09 - 2017-06-16 13:33 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-06-19 12:09 - 2017-06-16 13:35 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-06-19 12:09 - 2017-06-16 13:33 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-06-19 12:09 - 2017-06-16 13:35 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-06-12 16:51 - 2017-06-16 13:35 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-06-19 12:09 - 2017-06-16 13:33 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-06-19 12:09 - 2017-06-16 13:33 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-06-12 16:51 - 2017-06-16 13:35 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-06-19 12:09 - 2017-06-16 13:35 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-02-02 05:53 - 2016-02-02 05:53 - 00039376 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2004-09-30 13:09 - 2004-09-30 13:09 - 00155648 _____ () C:\Program Files\LinkShellExtension\32\RockallDLL.dll
2017-05-30 01:39 - 2017-05-30 01:39 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-30 01:39 - 2017-05-30 01:39 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-05-30 01:38 - 2017-05-30 01:38 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-05-30 01:39 - 2017-05-30 01:39 - 00125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-06-04 07:47 - 2017-06-04 07:47 - 00099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-30 01:39 - 2017-05-30 01:39 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-05-19 23:49 - 2017-05-19 23:49 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-19 23:49 - 2017-05-19 23:49 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-05-19 23:49 - 2017-05-19 23:49 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-05-19 23:50 - 2017-05-19 23:50 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-06-04 07:43 - 2017-06-04 07:43 - 00099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-19 23:49 - 2017-05-19 23:49 - 00098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-05-19 23:50 - 2017-05-19 23:50 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-03-16 12:28 - 2015-03-16 12:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2017-04-03 12:10 - 2014-09-05 11:55 - 00132808 _____ () C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
2016-05-13 14:10 - 2016-05-13 14:10 - 00134144 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2015-07-10 23:37 - 2015-07-10 23:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [216]
AlternateDataStreams: C:\ProgramData\TEMP:F8AF2BB9 [220]
AlternateDataStreams: C:\Users\jwm4.LOCAL\Desktop\FRST64.exe:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\sharepoint.com -> hxxps://newgroundtechcom-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 07:04 - 2015-08-13 16:00 - 00000732 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\Control Panel\Desktop\\Wallpaper -> C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\59488.jpg
DNS Servers: 192.168.1.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G10"
HKLM\...\StartupApproved\Run32: => "PowerDVD15Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{FFADAEE5-96A8-4C1D-8F0B-11D45EDD191A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{4CD98D45-022D-45DA-BDC8-DF66EC0C121D}] => (Allow) C:\Program Files\Microsoft Power BI Desktop\bin\msmdsrv.exe
FirewallRules: [{2911ECCE-25CD-4F2A-9D0B-BBB8BA13176E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{24C441B9-CE89-48C6-AE89-5C5757FA98AF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A9C50E3C-2D38-405B-AED8-B703FFB46AAD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1736F29C-A709-490B-91F7-4A50D8BEABD9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4713FF45-131D-4ACC-ACCF-A2911B30F20F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{28CB00EF-5AB4-4E6C-880B-9632DFCBA3EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{409EBB83-3544-45C6-9CFB-520D835C2FDA}C:\program files (x86)\edgerunner\multiplicity\multipl2.exe] => (Block) C:\program files (x86)\edgerunner\multiplicity\multipl2.exe
FirewallRules: [TCP Query User{8C55834A-0F40-49C4-B085-24A7D8FB0B6A}C:\program files (x86)\edgerunner\multiplicity\multipl2.exe] => (Block) C:\program files (x86)\edgerunner\multiplicity\multipl2.exe
FirewallRules: [{43C1B132-5B51-4A2B-B579-1841CFFF578B}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{94F064CD-9741-419D-B20B-A77AF866D8F4}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [UDP Query User{C7BFEDC4-BFF6-455F-9C66-E2BE73B2D2A0}C:\users\jwm4\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jwm4\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{25F846E3-FED8-4C3F-9202-DEB385FB0960}C:\users\jwm4\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jwm4\appdata\roaming\spotify\spotify.exe
FirewallRules: [{78B0C010-D450-46DC-A606-9835A14B9017}] => (Allow) C:\Program Files (x86)\EdgeRunner\Multiplicity\MPRDP64.EXE
FirewallRules: [{4D0FEE0C-74FA-462E-89CA-3FBEBCF48F1F}] => (Allow) C:\Program Files (x86)\EdgeRunner\Multiplicity\MultiPLV64.EXE
FirewallRules: [{BEA63CC7-678B-497A-AF4A-38BA886608FE}] => (Allow) LPort=30569
FirewallRules: [{0025F5BA-AEDE-4C95-A3B1-8A2F634DF1B1}] => (Allow) C:\Program Files (x86)\EdgeRunner\Multiplicity\Multipl2.EXE
FirewallRules: [{A4B588EE-34C9-41E1-86B3-77C3F3FEC27F}] => (Allow) LPort=30567
FirewallRules: [{42B7D49C-D72B-4F06-8C8F-54361A5BB4B4}] => (Allow) LPort=30565
FirewallRules: [{45560760-E97D-4FB9-AF03-F27C52700BE1}] => (Allow) LPort=30564
FirewallRules: [TCP Query User{165C2E6E-A63C-49BD-A37A-8CE7FAF7B662}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{CB8A04DC-73BE-4234-81D6-0981808ED405}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [TCP Query User{2D8E6443-680C-41EF-BE19-5FD161ED3CB9}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{049DD405-4C09-406F-9628-73A0DD2CCDA4}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{8FD8B44C-7C89-459A-B310-59E0DBFA1193}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{72E8A058-3A6E-41B3-84C5-4E408F07B31D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E587AF2F-4618-41D9-9984-360E7E04A3E9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{0A465D93-E07E-4478-84A0-19F533B16608}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
FirewallRules: [{D11955BD-749E-494C-894F-CDA74E6C4199}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
FirewallRules: [{E4D615CA-EDEC-491C-87AD-C0461297EEFC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
FirewallRules: [{411E02F8-F349-4B90-ACEF-2F60F8F805A5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
FirewallRules: [{D0B29202-3198-475C-B3A9-DF1EDCBBDE13}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D5AF920D-4584-4E87-AAA2-59F8FCB7D861}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{416ACD25-8230-48D8-BBB8-2B11F8DBED8D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3C970718-BC15-4FCF-9D7A-8CFC64BBB8CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{30B3C1A0-C67F-4980-A3C7-1A420EDB1EAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E80F7CE6-32EA-4138-8609-BE0C9D9BF503}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{90121824-83CB-4922-A3FB-6BD18DAF33D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B44B6390-6CA4-462E-8482-0C66B87B7718}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CBA7DE95-22BE-4BA6-A234-CD7AEFCF72AC}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{07E9AE14-DD44-4DB1-A801-EAA9ECE58445}] => (Allow) C:\Program Files (x86)\Nightly\firefox.exe
FirewallRules: [{65D9BCA4-C69B-4629-9093-14D34CCEA089}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{223F9D0B-EF72-4F3B-9F2C-8AF4A96DAB01}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{590247AB-0D02-403F-A659-03A44C204B01}C:\users\jwm4\appdata\local\apps\2.0\0gnqzva9.4nv\qamlkvro.mbn\live..tion_0000000000000000_0000.0009_403689373d141ec5\res\livereloadnodejs.exe] => (Allow) C:\users\jwm4\appdata\local\apps\2.0\0gnqzva9.4nv\qamlkvro.mbn\live..tion_0000000000000000_0000.0009_403689373d141ec5\res\livereloadnodejs.exe
FirewallRules: [UDP Query User{4DC34399-0C24-493D-89D1-DCD2B1664E9F}C:\users\jwm4\appdata\local\apps\2.0\0gnqzva9.4nv\qamlkvro.mbn\live..tion_0000000000000000_0000.0009_403689373d141ec5\res\livereloadnodejs.exe] => (Allow) C:\users\jwm4\appdata\local\apps\2.0\0gnqzva9.4nv\qamlkvro.mbn\live..tion_0000000000000000_0000.0009_403689373d141ec5\res\livereloadnodejs.exe
FirewallRules: [{C99F22B5-CA19-4981-9EDB-DF7B58F6B367}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{39E3C04B-2C01-42B2-BBAA-F6981AB6D210}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

14-06-2017 21:09:21 Windows Update
15-06-2017 22:11:24 Removed ChocolateyGUI 0.13.2.0

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2017 03:39:56 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider VmmsWmiEventProvider attempted to register query "SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA "Msvm_ContainerSystem"" whose target class "Msvm_ContainerSystem" in //./root/virtualization/v2 namespace does not exist. The query will be ignored.

Error: (06/19/2017 04:30:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Microsoft Power BI Desktop\bin\ODBC Drivers\Simba Spark ODBC Driver\LibCurl64.DllA\libcurl.dll".
Dependent Assembly OpenSSL.DllA,processorArchitecture="*",type="x64",version="1.0.0.4" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/19/2017 04:29:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector6\kernel\ces\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/19/2017 04:29:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector6\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/19/2017 04:28:46 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (06/19/2017 03:41:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/19/2017 03:41:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/19/2017 03:39:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BingDesktopUpdate service to connect.

Error: (06/19/2017 03:39:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (06/19/2017 11:55:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/16/2017 10:17:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/16/2017 07:06:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/16/2017 07:56:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/15/2017 10:14:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/15/2017 04:00:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-06-14 19:34:51.774
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4702HQ CPU @ 2.20GHz
Percentage of memory in use: 31%
Total physical RAM: 16287.05 MB
Available physical RAM: 11212.28 MB
Total Virtual: 17311.05 MB
Available Virtual: 11929.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:475.67 GB) (Free:205.76 GB) NTFS
Drive d: (Backups) (Fixed) (Total:931.39 GB) (Free:250.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 885078DC)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=475.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=792 MB) - (Type=27)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 1470F9E6)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 20 June 2017 - 08:12 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 33,546 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 AM

Posted 20 June 2017 - 09:31 PM

Greetings jwm4 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Does this look familiar?

IE trusted site: HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\sharepoint.com -> hxxps://newgroundtechcom-files.sharepoint.com

-----

There are some suspect Chrome extension on your computer that we are going to delete. Did you individually install all of the current extensions for Chrome? Just want to understand how the extensions were introduced into the browser.

Please describe your Internet setup, i.e. separate modem/router, combination modem/router?

Are these 2 computers on the same network?

Please do these things for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\Run: [Notezilla] => [X]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-01]
CHR Extension: (Allow Copy - Click to activate on this tab) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\abidndjnodakeaicodfpgcnlkpppapah [2017-06-13]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-13]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbgplcfihfeioiaddclapccnefggiddn [2017-06-01]
2017-04-03 15:20 - 2017-04-03 15:20 - 0000016 _____ () C:\ProgramData\mntemp
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [216]
AlternateDataStreams: C:\ProgramData\TEMP:F8AF2BB9 [220]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: Bitsadmin /Reset /Allusers
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Zoek by Smeenk - Scan and Automatic Cleanup

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 4 in the lower box to Do a Deep Scan and Automated Cleanup then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

RogueKiller

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Fixlog
  • Zoek log
  • RogueKiller log
  • Update on browser behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#3 jwm4

jwm4
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 AM

Posted 21 June 2017 - 10:35 PM

Hi Gary,

 

I look forward to working with you to resolve this issue. Please call me Jim. 

 

Obviously I have only uploaded FRST log files for one PC. I assume we should do one and then then other?

 

Answers to your questions:

 

1. IE trusted sites - there are currently the same four trusted sites in IE on both computers. They appear to be deprecated, as none of my current Sharepoint URL's match those. [Microsoft has been completely overhauling Sharepoint the last year.] I believe they were once valid, but cannot be 100% sure. Nevertheless, we can delete them.

 

2. Chrome extensions - yes, i installed all extensions that i see listed via chrome:// extensions. 

 

3. Both PC's are on the same LAN, authenticated to the same Windows 2016 Domain Server (which runs as a VM on one of them). The Windows Server provides DHCP and DNS addresses for both PC's. An ASUS router with wireless and wired connectivity serves as the local network gateway. It connects via Ethernet to a Comcast Business Class cable modem and then to the Comcast Business Class Internet Service. One PC (laptop) connects to router via wireless (5 GHz) only, the other (desktop) connects to router via Ethernet only.

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
Ran by jwm4 (21-06-2017 21:13:52) Run:2
Running from C:\Users\jwm4.LOCAL\Desktop
Loaded Profiles: jwm4 (Available Profiles: Jim & jwm4)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\Run: [Notezilla] => [X]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-01]
CHR Extension: (Allow Copy - Click to activate on this tab) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\abidndjnodakeaicodfpgcnlkpppapah [2017-06-13]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-13]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2017-06-01]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbgplcfihfeioiaddclapccnefggiddn [2017-06-01]
2017-04-03 15:20 - 2017-04-03 15:20 - 0000016 _____ () C:\ProgramData\mntemp
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [216]
AlternateDataStreams: C:\ProgramData\TEMP:F8AF2BB9 [220]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: Bitsadmin /Reset /Allusers
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => key removed successfully
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\Software\Microsoft\Windows\CurrentVersion\Run\\Notezilla => value removed successfully
C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek => moved successfully
C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\abidndjnodakeaicodfpgcnlkpppapah => moved successfully
C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap => moved successfully
C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi => moved successfully
C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn => moved successfully
C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbgplcfihfeioiaddclapccnefggiddn => moved successfully
C:\ProgramData\mntemp => moved successfully
C:\ProgramData\TEMP => ":58A5270D" ADS removed successfully.
C:\ProgramData\TEMP => ":F8AF2BB9" ADS removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {F56D9983-00E4-4693-8586-AF77A5F07111}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42991085 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 38639159 B
Edge => 75396611 B
Chrome => 477563731 B
Firefox => 3930807 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 872290 B
Jim => 159 B
jwm4.LOCAL => 199897831 B
 
RecycleBin => 202907 B
EmptyTemp: => 808.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:14:26 ====

Edited by jwm4, 21 June 2017 - 11:25 PM.


#4 jwm4

jwm4
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 AM

Posted 22 June 2017 - 01:26 AM

Bleepingcomputer website is timing out when i try to upload the text of  zoek and rk log files from Chrome. Malware still operative.

 

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by jwm4 on Thu 06/22/2017 at  0:28:53.98.
Microsoft Windows 10 Pro 10.0.15063  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\jwm4.LOCAL\Desktop\zoek.exe [Scan all users]   [Deep Scan] [Auto Clean]

==== System Restore Info ======================

6/22/2017 12:29:44 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Zemana AntiMalware deleted successfully
C:\PROGRA~2\COMMON~1\Merge Modules deleted successfully
C:\Program Files\HitmanPro deleted successfully
C:\Program Files\Nitro deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\ann\AppData\Local\ActiveSync deleted successfully
C:\Users\ann\AppData\Local\NetworkTiles deleted successfully
C:\Users\ann\AppData\Local\PeerDistRepub deleted successfully
C:\Users\ann\AppData\Local\VirtualStore deleted successfully
C:\Users\Jim\AppData\Local\VirtualStore deleted successfully
C:\Users\jwm4\AppData\Local\ActiveSync deleted successfully
C:\Users\jwm4\AppData\Local\NetworkTiles deleted successfully
C:\Users\jwm4.LOCAL\AppData\Local\DBG deleted successfully
C:\Users\jwm4.LOCAL\AppData\Local\NetworkTiles deleted successfully
C:\Users\jwm4.LOCAL\AppData\Local\PeerDistRepub deleted successfully
C:\Users\jwm4.LOCAL\AppData\Local\Radio deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Running Processes ======================

C:\Program Files (x86)\EdgeRunner\Multiplicity\MultiSrv.exe
C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
C:\Program Files (x86)\EdgeRunner\Multiplicity\MP2Control.exe
C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
C:\Program Files (x86)\EdgeRunner\Multiplicity\Multipl2.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\GlassWire\GWIdlMon.exe
C:\Program Files (x86)\EdgeRunner\Multiplicity\MP2Drag.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\jwm4.LOCAL\AppData\Local\Pushbullet\bin\pushbullet_client.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
C:\Users\jwm4.LOCAL\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPWSvc deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\jwm4\AppData\Roaming\Mozilla\Firefox\Profiles\32ix0cf1.default

user.js not found
---- Lines WebSearch removed from prefs.js ----
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"private
---- FireFox user.js and prefs.js backups ----

prefs_20170622_1242_.backup

ProfilePath: C:\Users\JWM4~1.LOC\AppData\Roaming\Mozilla\Firefox\Profiles\jlwkg9ad.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20170622_1242_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Zemana AntiMalware not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~2\Active Directory Rights Management Services Client 2.1 deleted
C:\install.exe deleted
C:\PROGRA~3\Package Cache deleted
C:\WINDOWS\invcol.tmp deleted
C:\windows\SysNative\GroupPolicy\DataStore deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\jwm4\AppData\Roaming\Mozilla\Firefox\Profiles\32ix0cf1.default\extensions\extension@firefox-ntlmauth.googlecode.com.xpi deleted
C:\Users\jwm4\AppData\Roaming\Mozilla\Firefox\Profiles\32ix0cf1.default\jetpack deleted
C:\Users\jwm4\AppData\Roaming\Mozilla\Firefox\Profiles\32ix0cf1.default\extensions\sitefavinurlbar@sonco.com deleted
"C:\Users\jwm4\AppData\Roaming\Mozilla\Firefox\Profiles\32ix0cf1.default\extensions\firefinder@robertnyman.com.xpi" deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 16288 MB
CPU Info: Intel® Core™ i7-4702HQ CPU @ 2.20GHz
CPU Speed: 2230.1 MHz
Sound Card: Not detected
Display Adapters: Intel® HD Graphics 4600 | Intel® HD Graphics 4600 | Intel® HD Graphics 4600
Monitors: 1x; Generic PnP Monitor | Generic PnP Monitor | Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Intel® Dual Band Wireless-AC 7260 | Microsoft Wi-Fi Direct Virtual Adapter
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  475.7GB | D:  931.4GB
Hard Disks - Free: C:  207.4GB | D:  250.5GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 07/30/15 | DELL   - 1072009
Time Zone: Eastern Standard Time
Motherboard *: Dell Inc. XPS 15 9530
Country: United States
Language: ENU

==== System Specs (Software) ======================

Internet Explorer Version: 11.413.15063.0
Google Chrome version: 60.0.3112.40
Sun Java version: 1.8.0_131 (32-bit)
Sun Java version: 1.8.0_131 (64-bit)

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2017-06-14 03:14:41 E719D0A5DBC7D5ACFC179D361EF8C2FC 4847928 ----a-w- C:\WINDOWS\explorer.exe
2017-06-14 03:14:39 E064A38A807C83ADC8AD9E1B54C85CF9 975360 ----a-w- C:\WINDOWS\HelpPane.exe
2017-06-14 03:14:39 293283CF350E00AF8C4A2770BDBF4D50 64512 ----a-w- C:\WINDOWS\bfsvc.exe
2017-06-13 23:32:47 0E359EF178B73AAAE2C6D6AC11B4FE15 11433 ----a-w- C:\WINDOWS\diagwrn.xml
2017-06-13 23:32:47 0E359EF178B73AAAE2C6D6AC11B4FE15 11433 ----a-w- C:\WINDOWS\diagerr.xml
2017-06-13 23:19:03 BC37E2BE365176290326A4D0899BE9A6 67584 --s-a-w- C:\WINDOWS\bootstat.dat
====== C:\Users\JWM4~1.LOC\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2017-06-14 03:17:46 59C1E86521777A80E714991C609AEC5E 38218 ----a-w- C:\WINDOWS\SysWOW64\license.rtf
2017-06-14 03:14:46 FF96546896920A72490FA18F51B40475 5802968 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-14 03:14:46 FEE17F6EC047F3E455A271D80F12780C 364032 ----a-w- C:\WINDOWS\SysWOW64\msIso.dll
2017-06-14 03:14:46 FD74BADBCF30F3F6C9D6E3D6B3E42FA5 797184 ----a-w- C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 03:14:46 FCA116A6A21373146FDF82D7AC52B903 2588160 ----a-w- C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-14 03:14:46 FB8901C725A53EC6B8BDCDC7DA738786 1984000 ----a-w- C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-14 03:14:46 F60D62E2500AA824073147E18CFA6381 394240 ----a-w- C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-14 03:14:46 F3AB3B25CADE06BF90E1055C13EF195F 2088960 ----a-w- C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-14 03:14:46 F3527E7A600125B515A08AD66288EB96 2102272 ----a-w- C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2017-06-14 03:14:46 F085147DF251617298CD14437D133A1B 232448 ----a-w- C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-06-14 03:14:46 EECE5E1EF2DF99ADABDDBBB4B2BBD873 4672848 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-14 03:14:46 EA9829D5611A9E33F1A097817FD8A928 1019904 ----a-w- C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 03:14:46 E95EB82262BB928DFB53B8FD027F2A61 429568 ----a-w- C:\WINDOWS\SysWOW64\winspool.drv
2017-06-14 03:14:46 E60B3BC12C577BDD26115DC38950FEB1 368128 ----a-w- C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-14 03:14:46 E1D65E7239D8944F6334EE46F714A37E 1455592 ----a-w- C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-14 03:14:46 D018CB133EF508FA05EAD89FC1DDB2D4 754176 ----a-w- C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-14 03:14:46 C87BAA95CB88CDE1F5635A3D7CDA7D9B 1626624 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-14 03:14:46 B6F89F4C37052969C0E5A8CF47C103D5 59904 ----a-w- C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-14 03:14:46 B380662D9AFA360372A49C6002FC4777 2341376 ----a-w- C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 03:14:46 B23C16FB3B884D423605C78DDA64085E 5225984 ----a-w- C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-14 03:14:46 AFCF97E17DD526DB62013712B17EC59B 899584 ----a-w- C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-14 03:14:46 AE3739EBFC567F75427B4BA2C354CA2B 4544000 ----a-w- C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-06-14 03:14:46 ABC895B0C536B38A0D439AD05C61ADB8 1035264 ----a-w- C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-14 03:14:46 ABAFE2AB12810EF639A6CE4C1FF3A40A 1120864 ----a-w- C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-14 03:14:46 A90FC63EC76A3D7C8576AA51D0B59C00 1060352 ----a-w- C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-06-14 03:14:46 A26A2D8F1D50C1545362EAA6881865BB 252928 ----a-w- C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-06-14 03:14:46 9F75F07B64DAD8B0C63BA73EE60351E1 2859520 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll
2017-06-14 03:14:46 99711225D5413F768E930A6B966F81B4 2199552 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-14 03:14:46 99216B5A39866090E259A42AD06CA80F 909312 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-14 03:14:46 976384BC7E2846264FE0D04404316D01 1248768 ----a-w- C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 03:14:46 8AAD8285E5F5F4518EBF16550E0BB90F 559000 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-06-14 03:14:46 8990A1B20199B3240082EFDE996039E8 354304 ----a-w- C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-14 03:14:46 837368BF50EB6453E953936D3A977303 233472 ----a-w- C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-06-14 03:14:46 81363F1DCFEE2C1590D1C7262230B9A6 444928 ----a-w- C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-14 03:14:46 812B6787A57BC1780249D618DB6BB90B 329728 ----a-w- C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-14 03:14:46 811DEBAE09ECD713E35D5856178E6189 476672 ----a-w- C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-14 03:14:46 7E9C03AE5AD5560FD34B324D083EE74F 5821496 ----a-w- C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-14 03:14:46 7C9061639E36D8B5A9C4674AC9AAD207 3667456 ----a-w- C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-14 03:14:46 7A4069522761D7C722E4AF6EE3589DF4 2132480 ----a-w- C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 03:14:46 77ED1D2C275A6D6E94FDE682905A7B06 94720 ----a-w- C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 03:14:46 74B6A4D3810C53B94E6796EACB6B5E1D 1266544 ----a-w- C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-14 03:14:46 7059B467734D2C835B6D7A42AA5907E7 13840384 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-14 03:14:46 65CA4382CD65D0C30F500D5448D0C6BD 2158544 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-14 03:14:46 656E69F0BEF4ED058ED4D9E1ADA4693D 81408 ----a-w- C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-14 03:14:46 5E921B7789A91A9D49B35BC768CC647E 987648 ----a-w- C:\WINDOWS\SysWOW64\wpnapps.dll
2017-06-14 03:14:46 5DEC395D5DF637B685BD392E975AE0DF 4056576 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-14 03:14:46 554015FE4CD38DBBE116F932644017CE 141824 ----a-w- C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-14 03:14:46 4D2A1A24A3EE2D7CCF3D4B6A7637F201 2672128 ----a-w- C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 03:14:46 4A187DDACA44BCB73A75FB6CCB96872C 2298368 ----a-w- C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 03:14:46 434E5250F24C9CD2E226DFA8E3316C9F 1529384 ----a-w- C:\WINDOWS\SysWOW64\winmde.dll
2017-06-14 03:14:46 41E91BA8B5B6E695C4ECD1E20142C760 5961216 ----a-w- C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 03:14:46 3DBD274B5BB0AB26601861CD8A25E233 1292288 ----a-w- C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-14 03:14:46 36255AD5CC60D46B24D1D3A4DF718306 1518088 ----a-w- C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-14 03:14:46 35AC0B01209AC2051C075E8529D0452E 282112 ----a-w- C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-06-14 03:14:46 335A2C3F8068A8B99794B638D9841A20 1474800 ----a-w- C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-14 03:14:46 31893402832A67F3E9BC3188B3003DF1 807424 ----a-w- C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-14 03:14:46 30D3C6D1110F0586A297B98044B48C0A 1150784 ----a-w- C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 03:14:46 2E504BC65DA2B186966B1A4F176AC017 174080 ----a-w- C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-14 03:14:46 2B246A0D7EDCD426E2F029F06A961D82 636416 ----a-w- C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 03:14:46 2A149221A1B590877B7EC5BD3DB00061 175616 ----a-w- C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-06-14 03:14:46 1DF611D1A2821403FD29B224C72265ED 5719040 ----a-w- C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-14 03:14:46 185A14B98C9BDEE8A25FEE6655E0F21E 2424016 ----a-w- C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-14 03:14:46 0D593E5763543B11DDF9B7C64310AEA7 754080 ----a-w- C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-14 03:14:46 070567389307C7A4D4AA536BFE11A145 1506816 ----a-w- C:\WINDOWS\SysWOW64\quartz.dll
2017-06-14 03:14:42 F70D113494A14CD4B07F2484969D35FA 329728 ----a-w- C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-14 03:14:42 EF9779BE77AE7A0DDE2558F5BEADC939 20506624 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 03:14:42 E966A4A8DE13B0B7A9D39BC68833D2D3 11870720 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 03:14:42 E790D9106A825607A736F8D138A3E2FD 573856 ----a-w- C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 03:14:42 E493EF0DED31A57E9A20D6E4E9FF60C1 6535168 ----a-w- C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 03:14:42 D74A0BBA769153C2E033BDAA7B5A2093 72192 ----a-w- C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-14 03:14:42 BBB45A9C1A5117C7A299A8239813A26C 80384 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-14 03:14:42 BA5F14B65179690A7566191704AF2C21 6292992 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 03:14:42 B1548E396A6129B5EAB31E1B6BD93D77 89088 ----a-w- C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-14 03:14:42 B1504349AD2D86E51FE3D4E5CBF19AAF 584192 ----a-w- C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-14 03:14:42 AFF8A77766D3673C5BB15C02C33B8B82 663040 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-14 03:14:42 ABD6194288A36B25E33D167C2CD4D262 826368 ----a-w- C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-14 03:14:42 A7093814A9B52590EE10F43D1D718912 3656192 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 03:14:42 A4BB98F27B8C8F5D0956E70F1AC4789B 1536512 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-14 03:14:42 A1ACB8C75A2B5CF6914EE0F0303573F2 4417024 ----a-w- C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-14 03:14:42 A13FBBCB836D29F404935175BA8A6ACF 599576 ----a-w- C:\WINDOWS\SysWOW64\kernel32.dll
2017-06-14 03:14:42 96FCBF0406289B92B08CAE7CF46C26B7 19336192 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 03:14:42 8B8950B1C7CA588B4941ABCB24A0B72B 338432 ----a-w- C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-14 03:14:42 89B84247ED266FEB5C5B463DA036CFB1 362496 ----a-w- C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-14 03:14:42 79754F4AD5E58808C18077BEBABDBB85 988168 ----a-w- C:\WINDOWS\SysWOW64\ole32.dll
2017-06-14 03:14:42 77994F7E1E31DCE0AFABB4FD2CE40749 507392 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-14 03:14:42 69EC37ADA9D06F6710AE38FADA6BAF69 57856 ----a-w- C:\WINDOWS\SysWOW64\offreg.dll
2017-06-14 03:14:42 60D07B7DBF87325C76FF0E454AD7D84F 232960 ----a-w- C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-14 03:14:42 5563E85D9550212EC021AAD4074C5EB6 358400 ----a-w- C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 03:14:42 4678C31822419C0E962EF3F1F9F337FA 6728192 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll
2017-06-14 03:14:42 38788A54F4523EA8B0C3B0D7EB5E76E1 124928 ----a-w- C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-14 03:14:42 294DC15E7E94262D41CF88834975B87D 354304 ----a-w- C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-06-14 03:14:42 28356A3F5202289A0CBAAC44DDD5831B 266240 ----a-w- C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-14 03:14:42 203BB184D940235B95A8C7C1D4FE2D53 2008576 ----a-w- C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-14 03:14:42 1D9D2A9769ED1AB94864BEA097A2F6DB 1463296 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-14 03:14:42 1A31DE013636BD57C35E5B1626DC63CF 78336 ----a-w- C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-14 03:14:42 160503CA8FE65326FD7E9B5A6F1A9409 174080 ----a-w- C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-14 03:14:42 137FDDDCB468C3EDF1DCE8A506BEF7FC 952832 ----a-w- C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-14 03:14:42 00A1F8A30FD382EE68C2741742F4299B 20373920 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 03:14:39 469AC035B6BAB8710D761509855734F9 1516448 ----a-w- C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-06-14 03:14:39 0E2209AD6984C460690A0217E88CB0CD 95584 ----a-w- C:\WINDOWS\SysWOW64\imagehlp.dll
2017-06-14 03:14:38 FB4F2900F531C2038D24702944AEA71E 2679296 ----a-w- C:\WINDOWS\SysWOW64\SRH.dll
2017-06-14 03:14:38 F28932A39BD903297C1B075D032FCF06 891904 ----a-w- C:\WINDOWS\SysWOW64\autochk.exe
2017-06-14 03:14:38 EF743491BC5345B1E9F81C5C55896E73 311200 ----a-w- C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 03:14:38 EDAB8316B3206BCEC3E4625DB25B2323 467456 ----a-w- C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 03:14:38 EBF4D15189F5CE071D3F3B1C400F0982 128000 ----a-w- C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-14 03:14:38 E8003F21AECE4A5073837DBBFE1E23A4 799232 ----a-w- C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-06-14 03:14:38 DD98DC9458A7573FFE6C40C0445E431A 169984 ----a-w- C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 03:14:38 DAA0EE14AF1E8A5B618A2F369B8C1B61 583160 ----a-w- C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 03:14:38 C9266DD7955FE56CA7316B0CDFB659C9 1333136 ----a-w- C:\WINDOWS\SysWOW64\msctf.dll
2017-06-14 03:14:38 C79E834FE8F701821FC1114507192B8E 349600 ----a-w- C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 03:14:38 C17394E24B257A8F44A0AA0BC3E299C2 4469832 ----a-w- C:\WINDOWS\SysWOW64\explorer.exe
2017-06-14 03:14:38 B28734768CE940DB239FA8C3D1C9F83A 1839872 ----a-w- C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 03:14:38 A6C1630C415570B07ACAC44DF5E21B6C 606960 ----a-w- C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-14 03:14:38 96DE3F8E72B0555B4F9C2672104FA4D1 181664 ----a-w- C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-14 03:14:38 8BA0A34BA2F31DBDC24B0597962C05E1 392704 ----a-w- C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-06-14 03:14:38 8769D2BB002B8317DD4727726DE5E2A1 6760024 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 03:14:38 85A3DA8F3A33C33D4CA0144B2C264204 332800 ----a-w- C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-14 03:14:38 8002415AFF6B745EEEE84B2EB5E82D75 1557288 ----a-w- C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-14 03:14:38 7E70A500A9C009A6675BD0C7C0DF96A0 2560 ----a-w- C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 03:14:38 79314543755599A145FACABD72725585 2330520 ----a-w- C:\WINDOWS\SysWOW64\combase.dll
2017-06-14 03:14:38 63EC4603B827BE619868BCAB35DE9FD4 519680 ----a-w- C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-14 03:14:38 5F3B6D6F85510A334441417B7B3928D1 354360 ----a-w- C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-14 03:14:38 5604CE7CE68CE66876360E3772C9FF13 1409048 ----a-w- C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 03:14:38 5568E90976CD83549629DC0FBD26DDCC 1285120 ----a-w- C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-14 03:14:38 52FED9C596B0D957E1CB78BFFFA63E6B 266640 ----a-w- C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 03:14:38 3FA7FBC70936A96FE27BE5B3EB1D7301 50176 ----a-w- C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-14 03:14:38 3CC6F5B44DC153C6EE2F19E89418EBD6 4559360 ----a-w- C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 03:14:38 38FC89027F781A5D57581625A3F597F1 523296 ----a-w- C:\WINDOWS\SysWOW64\AppResolver.dll
2017-06-14 03:14:38 31C9189AF3A59812C909BAB2872F4BCB 1450496 ----a-w- C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-14 03:14:38 2FD5EBA34E4132641753A97B4BC8C36A 38912 ----a-w- C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 03:14:38 2D4B4AFC36ED18D9B059AAF1655A48BD 790528 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-06-14 03:14:38 28E26B9826B2948E3EE9C41A00BA45F2 2958848 ----a-w- C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 03:14:38 240B63D774BF4ED6E3335728A8C3DE28 731136 ----a-w- C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-06-14 03:14:38 209B1C79D6C6A95728FBFAE5CB4BEFDB 2211328 ----a-w- C:\WINDOWS\SysWOW64\InputService.dll
2017-06-14 03:14:38 1B3D52CB3CD29698899E4DA42D92C43B 354400 ----a-w- C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-14 03:14:38 172165CC279BEC25B14573814A31E586 2259768 ----a-w- C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 03:14:38 11BD8F1276205FD7E58EBAD781DDD15B 626528 ----a-w- C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 03:14:38 0A0498D4BFC7AE6F1CE716F9BDEA4577 25088 ----a-w- C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-14 03:12:33 DEA4651778C0DD938BB2D5D61C029034 13785600 ----a-w- C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2017-06-14 03:12:33 DE6B34AE047141A2BAF6B52CC911A05E 145408 ----a-w- C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2017-06-14 03:12:33 D7882181ACAD02A0DE6E2CCC7096E204 236544 ----a-w- C:\WINDOWS\SysWOW64\DXGIDebug.dll
2017-06-14 03:12:33 CBE52146560FA5E238284D7BB62FED49 94720 ----a-w- C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2017-06-14 03:12:33 C8FCFD69575E3AF5FF80CFDF2B7486CE 3648000 ----a-w- C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2017-06-14 03:12:33 BB7CFB09B47768F0AF940742EB0C2E47 220160 ----a-w- C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2017-06-14 03:12:33 AF627299774A02BB43575E6763903417 5141504 ----a-w- C:\WINDOWS\SysWOW64\d3d12warp.dll
2017-06-14 03:12:33 ADB623022BF4B181F2937341C8CEC57B 430080 ----a-w- C:\WINDOWS\SysWOW64\d2d1debug3.dll
2017-06-14 03:12:33 AC2947F76DAB4F9209D20ADC1227B0F9 926208 ----a-w- C:\WINDOWS\SysWOW64\DXCap.exe
2017-06-14 03:12:33 A938364CBEE1EE1DA867B28C148D4909 61952 ----a-w- C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2017-06-14 03:12:33 A2A7EB8110E8B9C252D3A91E7056F6A5 1480704 ----a-w- C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2017-06-14 03:12:33 806562190B84D33BD3C98B3CE2EE5E57 370176 ----a-w- C:\WINDOWS\SysWOW64\DXCpl.exe
2017-06-14 03:12:33 50DB8FDE84CD84C73F40362F257FE9D2 58880 ----a-w- C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2017-06-14 03:12:33 38CA8D23812DE7DB2D996F542667AB28 1060864 ----a-w- C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll
2017-06-14 03:12:33 2C6D36D039F4BE8E4CEC56E73AED2D5B 41984 ----a-w- C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll
2017-06-14 03:12:33 23656596DF96919E2DFD3DB8C1968ABF 123904 ----a-w- C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2017-06-14 03:12:33 1D5D33166B55949F813112D2DFDA270F 121344 ----a-w- C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2017-06-14 03:12:33 085E8544876D13E89475C336240A5EBC 269824 ----a-w- C:\WINDOWS\SysWOW64\perf_gputiming.dll
2017-06-14 03:09:18 955E29A7CB2E1C1E31AD0C8C321BCF29 778936 ----a-w- C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-14 03:09:18 6872E6A56407B492FA0E5777945D22CE 103120 ----a-w- C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-14 03:09:18 2336D648E55EE6FE2EA33CC36DF485C2 35480 ----a-w- C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-13 23:20:33 60792EFE25EAD134A83ACF0AA31C0625 2233344 ----a-w- C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-13 23:20:00 AF1A09B828C29E722343FAF936CE6708 941228 ----a-w- C:\WINDOWS\SysWOW64\PerfStringBackup.INI
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2017-06-16 17:33:08 9B8FD3A3DC5A8F9EBA0696E9F25162B3 49992 ----a-w- C:\WINDOWS\Sysnative\DbxSvc.exe
2017-06-16 02:08:52 D3BA7E67378A01939AD417FB5BB6B2DA 3300 ----a-w- C:\WINDOWS\Sysnative\adorage-protocol.txt
2017-06-14 03:17:46 59C1E86521777A80E714991C609AEC5E 38218 ----a-w- C:\WINDOWS\Sysnative\license.rtf
2017-06-14 03:14:46 F3F797883E61B23824B252156DE0EC73 1700408 ----a-w- C:\WINDOWS\Sysnative\mfplat.dll
2017-06-14 03:14:46 ED241F1DD849F2B1EF764246B10D4F32 2604256 ----a-w- C:\WINDOWS\Sysnative\mfmp4srcsnk.dll
2017-06-14 03:14:46 CF58E1CFCD840EAEEA97F280A4895BA4 91648 ----a-w- C:\WINDOWS\Sysnative\mfmjpegdec.dll
2017-06-14 03:14:46 AD4A43BC6AAA275DAE5EE71E1435CC2B 387928 ----a-w- C:\WINDOWS\Sysnative\wmpps.dll
2017-06-14 03:14:46 9F94209B00A49B76A80474800C863CDB 1219560 ----a-w- C:\WINDOWS\Sysnative\mfsvr.dll
2017-06-14 03:14:46 6D09091CE28B57C24035A7F267B9893F 1302528 ----a-w- C:\WINDOWS\Sysnative\MSVPXENC.dll
2017-06-14 03:14:46 6BC25B9A845B3F22A11F3B7C79EC79BE 254176 ----a-w- C:\WINDOWS\Sysnative\mfps.dll
2017-06-14 03:14:46 55A2821FB319D44F7E1F219CBE75DECE 716440 ----a-w- C:\WINDOWS\Sysnative\MSVideoDSP.dll
2017-06-14 03:14:46 388CF5BD305B2F66F677D19BD727B9BA 6551856 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll
2017-06-14 03:14:46 2BEC17D41E806E808A2ACDA840F067C0 2617344 ----a-w- C:\WINDOWS\Sysnative\d3d12SDKLayers.dll
2017-06-14 03:14:46 214A53C5BFB6099D12079D1F9CD08AA2 4537344 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll
2017-06-14 03:14:46 17DF4DB6D00B529B33D1FC7D295C6F80 4709528 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll
2017-06-14 03:14:46 070ED935E77A62B316E3918AD702C337 5776384 ----a-w- C:\WINDOWS\Sysnative\VsGraphicsDesktopEngine.exe
2017-06-14 03:14:42 F3E97DC96CC837DAB1A521EC418509EE 274944 ----a-w- C:\WINDOWS\Sysnative\dxtrans.dll
2017-06-14 03:14:42 F283519F280D5801493419DDF1DD5FF2 224256 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe
2017-06-14 03:14:42 F0962E66D31699634C52A43129E2E23E 584192 ----a-w- C:\WINDOWS\Sysnative\UIRibbonRes.dll
2017-06-14 03:14:42 EF2A12DF58465020112D3CB534A6370F 985600 ----a-w- C:\WINDOWS\Sysnative\TSWorkspace.dll
2017-06-14 03:14:42 E9E439B358E02FC072CB457F21CB2B31 805888 ----a-w- C:\WINDOWS\Sysnative\ieproxy.dll
2017-06-14 03:14:42 E926504AA7995E38B158B08E5FA652C1 751104 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll
2017-06-14 03:14:42 E75668AD4602A0DDB57B4EB5E66BE45A 82944 ----a-w- C:\WINDOWS\Sysnative\tdc.ocx
2017-06-14 03:14:42 DDBE5B84103D8FB5B5CCF220EDBD04B6 2347520 ----a-w- C:\WINDOWS\Sysnative\DeviceFlows.DataModel.dll
2017-06-14 03:14:42 CC71BFA359887D27A475201AF3E321EC 1583616 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll
2017-06-14 03:14:42 BEB5CE06DB81CB9CA37BA0B70554226F 23677440 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll
2017-06-14 03:14:42 B359B03A592B5FED2C3578C5A681B906 1596600 ----a-w- C:\WINDOWS\Sysnative\gdi32full.dll
2017-06-14 03:14:42 AEAA4B633250B9185AE3049D7C5DA59E 96256 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll
2017-06-14 03:14:42 AC4263ED0BABD1A395DFEAF3620AAF5F 2077184 ----a-w- C:\WINDOWS\Sysnative\inetcpl.cpl
2017-06-14 03:14:42 A9D810CDD4499191B5BA79C22BB655EA 2765824 ----a-w- C:\WINDOWS\Sysnative\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-14 03:14:42 A301A4F6137275DBB36B06054F7833E6 12787200 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll
2017-06-14 03:14:42 A12D167F73C3E285AC623BCA62B3A8BC 647168 ----a-w- C:\WINDOWS\Sysnative\RDXService.dll
2017-06-14 03:14:42 9D3E15AFC90D3F4FF70877FAB1A91602 361472 ----a-w- C:\WINDOWS\Sysnative\ConhostV2.dll
2017-06-14 03:14:42 8E55649F0C32694D4661F7D88F2CE1FB 382368 ----a-w- C:\WINDOWS\Sysnative\atmfd.dll
2017-06-14 03:14:42 8D6C93803F6BD19DEE6D0676EA517363 864256 ----a-w- C:\WINDOWS\Sysnative\NotificationController.dll
2017-06-14 03:14:42 88A2631E0AB7B2EFBC1CDD80D9A12463 386560 ----a-w- C:\WINDOWS\Sysnative\iedkcs32.dll
2017-06-14 03:14:42 885F8E766FA17FE2F4E9BF8F4CE71BB2 21352696 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2017-06-14 03:14:42 7CA2E9B6EDC87FCCA9C49D3D9BE62B65 192512 ----a-w- C:\WINDOWS\Sysnative\Windows.SharedPC.AccountManager.dll
2017-06-14 03:14:42 7C46DF95188FE717264D6F1919E418DA 257024 ----a-w- C:\WINDOWS\Sysnative\webcheck.dll
2017-06-14 03:14:42 6C5EB938CF7560D8D045CDA6B9FCE2D5 142848 ----a-w- C:\WINDOWS\Sysnative\dwmredir.dll
2017-06-14 03:14:42 6252787D9AEBBB185DE35B50F1B500F6 457728 ----a-w- C:\WINDOWS\Sysnative\webplatstorageserver.dll
2017-06-14 03:14:42 5A5710181A91D4CF5FD9B31A138C14D5 1459728 ----a-w- C:\WINDOWS\Sysnative\msctf.dll
2017-06-14 03:14:42 50A340289B73D2CA19D1D1A311676145 491520 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_Display.dll
2017-06-14 03:14:42 47BAF471BEF872CF3C526D0217DA85CD 8245760 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll
2017-06-14 03:14:42 43D4409A656348F5E82464917314AC10 4175872 ----a-w- C:\WINDOWS\Sysnative\StartTileData.dll
2017-06-14 03:14:42 3902A66918C6C84D3756303865452B7F 750560 ----a-w- C:\WINDOWS\Sysnative\fontdrvhost.exe
2017-06-14 03:14:42 37F4384069A3BB69E8C04E292707D7C8 140288 ----a-w- C:\WINDOWS\Sysnative\iepeers.dll
2017-06-14 03:14:42 36B634B922C001AC370760AD8F9FC0F3 4730368 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
2017-06-14 03:14:42 329B641D962933BCD46F40A6D72BF537 208896 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.AppDefaults.dll
2017-06-14 03:14:42 31A6A2195AA03066E0B19D5BF6DFF6C4 794112 ----a-w- C:\WINDOWS\Sysnative\pwcreator.exe
2017-06-14 03:14:42 30DFA90F7D6B47DA28CF279B2B9B7C3B 371616 ----a-w- C:\WINDOWS\Sysnative\CloudExperienceHost.dll
2017-06-14 03:14:42 2E5A651BBF463A5719AA93A853108D82 84992 ----a-w- C:\WINDOWS\Sysnative\MshtmlDac.dll
2017-06-14 03:14:42 22658FD661C4B1ADAF1BFEFD53B340C4 406528 ----a-w- C:\WINDOWS\Sysnative\InputSwitch.dll
2017-06-14 03:14:42 1A1E60F98BFD10538D3C46E35ED02CDB 840192 ----a-w- C:\WINDOWS\Sysnative\fveapi.dll
2017-06-14 03:14:42 176ED102B39FF9874CF2D9DF753118A9 88576 ----a-w- C:\WINDOWS\Sysnative\winsrvext.dll
2017-06-14 03:14:42 13B141B8DD62F1AA9E6633625DFD10BE 47104 ----a-w- C:\WINDOWS\Sysnative\atmlib.dll
2017-06-14 03:14:42 0426601AB2029E898D582AC050D5A25D 23682048 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2017-06-14 03:14:42 02C4150DB616D34C9601110F3FF29FFE 1051648 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.dll
2017-06-14 03:14:41 EDF83CCD37E7AFE15D58F8D6BDD29AF2 1046016 ----a-w- C:\WINDOWS\Sysnative\comdlg32.dll
2017-06-14 03:14:41 E9C6953E723D24409C83F54486389502 1706496 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Immersive.dll
2017-06-14 03:14:41 E47E1AC139CB38A4BF523A37991BEED0 660384 ----a-w- C:\WINDOWS\Sysnative\comctl32.dll
2017-06-14 03:14:41 E0F2563849A9B16EA3234EE4EF49FC29 299520 ----a-w- C:\WINDOWS\Sysnative\AboveLockAppHost.dll
2017-06-14 03:14:41 DD2C95CF109268335582AFD8C51EAC61 1242624 ----a-w- C:\WINDOWS\Sysnative\SharedStartModel.dll
2017-06-14 03:14:41 C7AB8655DF79B7AC5FA8D10679825312 4446208 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_nt.dll
2017-06-14 03:14:41 C5306E902D746AEFA94DE3BBEBDBB01B 2499584 ----a-w- C:\WINDOWS\Sysnative\twinui.pcshell.dll
2017-06-14 03:14:41 A32FE0DB351A04AA2D186E1A46364889 314880 ----a-w- C:\WINDOWS\Sysnative\SettingsEnvironment.Desktop.dll
2017-06-14 03:14:41 9C719B2E9B9DD9891D9DD3F28AB0086D 1433600 ----a-w- C:\WINDOWS\Sysnative\SystemSettings.Handlers.dll
2017-06-14 03:14:41 97684DDC42DE45149B4AA6271CBF04C3 741784 ----a-w- C:\WINDOWS\Sysnative\Windows.Internal.Shell.Broker.dll
2017-06-14 03:14:41 8D73F2288B17525E3875969CA033A731 4707840 ----a-w- C:\WINDOWS\Sysnative\ExplorerFrame.dll
2017-06-14 03:14:41 78CC7DAAEB238F6B190FFB02795BFB65 557568 ----a-w- C:\WINDOWS\Sysnative\wpnprv.dll
2017-06-14 03:14:41 6DF1719EBE9556C40B0BFBB43595DC9A 673280 ----a-w- C:\WINDOWS\Sysnative\LockAppBroker.dll
2017-06-14 03:14:41 696ECBCA7A87F0F672346447C94C2F2C 370928 ----a-w- C:\WINDOWS\Sysnative\SystemSettingsAdminFlows.exe
2017-06-14 03:14:41 6803B8BCB328230913FD948CB00D1BE4 1675264 ----a-w- C:\WINDOWS\Sysnative\wpncore.dll
2017-06-14 03:14:41 516E11EAC5632B99432291F6E9F21BB4 590848 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll
2017-06-14 03:14:41 469FC10EA715306455286DD34D6D621A 6726656 ----a-w- C:\WINDOWS\Sysnative\mspaint.exe
2017-06-14 03:14:41 465E76FE22963A1D49147070FCD8E979 1142784 ----a-w- C:\WINDOWS\Sysnative\localspl.dll
2017-06-14 03:14:41 429FA46AD65D6C3F5C97B5AE2300452D 687104 ----a-w- C:\WINDOWS\Sysnative\LogonController.dll
2017-06-14 03:14:41 3AAB15D3C0BA383A00B9C147DE3AA01C 866816 ----a-w- C:\WINDOWS\Sysnative\NPSMDesktopProvider.dll
2017-06-14 03:14:41 388EE5CD82C378D215BBF8D6EDECF0C9 1657344 ----a-w- C:\WINDOWS\Sysnative\XpsPrint.dll
2017-06-14 03:14:41 35DF4901314D8B80737336856FA76B71 1257472 ----a-w- C:\WINDOWS\Sysnative\wpnapps.dll
2017-06-14 03:14:41 2F07BE2A4E0E27F331F6FC2E3715C291 545792 ----a-w- C:\WINDOWS\Sysnative\winspool.drv
2017-06-14 03:14:41 1EF671AE0E6B4C4D481D4F3873E5322E 7931392 ----a-w- C:\WINDOWS\Sysnative\twinui.dll
2017-06-14 03:14:41 1DA39F2A2BC346F32B25A0D415FD3B55 827392 ----a-w- C:\WINDOWS\Sysnative\win32spl.dll
2017-06-14 03:14:41 10D18A6209F58E1337CE88AF2035B25F 673112 ----a-w- C:\WINDOWS\Sysnative\AppResolver.dll
2017-06-14 03:14:41 0060857954A280FC93273BE5EE8DD5AB 3803136 ----a-w- C:\WINDOWS\Sysnative\SystemSettingsThresholdAdminFlowUI.dll
2017-06-14 03:14:40 AD2C05C37CF152D495AFA3AF915FB78F 2635336 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll
2017-06-14 03:14:40 6CB9CA68A6D6E8959C1EF79D6F3CF8A6 549888 ----a-w- C:\WINDOWS\Sysnative\DictationManager.dll
2017-06-14 03:14:40 1FA9991E8DDAF402CBC938A9AD632A6E 433664 ----a-w- C:\WINDOWS\Sysnative\msIso.dll
2017-06-14 03:14:40 0DBD45D1CDAC2FE8759F30890AD75C9A 961952 ----a-w- C:\WINDOWS\Sysnative\efscore.dll
2017-06-14 03:14:39 FE9443516C5C099CEF7B1AE6989421F0 925696 ----a-w- C:\WINDOWS\Sysnative\WpcWebFilter.dll
2017-06-14 03:14:39 FC84D5ABA3CD649965E17EA5E06D8033 970240 ----a-w- C:\WINDOWS\Sysnative\autochk.exe
2017-06-14 03:14:39 F6A0B848F75CF55E3980EA0FADCBA317 148480 ----a-w- C:\WINDOWS\Sysnative\umpo.dll
2017-06-14 03:14:39 F5C92003AF01FB18C3958C44E2F43E86 1803264 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll
2017-06-14 03:14:39 F4EF64B661FEEAF9DFFA81DC4EA31544 1760264 ----a-w- C:\WINDOWS\Sysnative\WindowsCodecs.dll
2017-06-14 03:14:39 F3D2CA21F9544C6E4025CCD5FD25DEDC 1320352 ----a-w- C:\WINDOWS\Sysnative\wpx.dll
2017-06-14 03:14:39 F03A4012FDF052FA5D672E68E64A8D62 1605632 ----a-w- C:\WINDOWS\Sysnative\quartz.dll
2017-06-14 03:14:39 EF83C2EF7F152DFDC6D9F1AEC6FBE66F 1067008 ----a-w- C:\WINDOWS\Sysnative\XboxNetApiSvc.dll
2017-06-14 03:14:39 ED898DCCBD1462544122E61B14B6AE40 374784 ----a-w- C:\WINDOWS\Sysnative\InstallAgent.exe
2017-06-14 03:14:39 EC784045CFF557E9FA754317B1C86EB7 199680 ----a-w- C:\WINDOWS\Sysnative\RstrtMgr.dll
2017-06-14 03:14:39 EBBA9F8B7D6243A47569BFB1A26E259B 510976 ----a-w- C:\WINDOWS\Sysnative\TDLMigration.dll
2017-06-14 03:14:39 EA1D7B62832D05023CEA82804F806D88 8318880 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe
2017-06-14 03:14:39 E8D874AFC7163E125538D96E32B1D284 76800 ----a-w- C:\WINDOWS\Sysnative\DeviceCredentialDeployment.exe
2017-06-14 03:14:39 E8B2CB14CA0238566BDB20BD2A06D733 778240 ----a-w- C:\WINDOWS\Sysnative\MBR2GPT.EXE
2017-06-14 03:14:39 E7B1CCB61CEB78960CBD8F89349F49E6 87552 ----a-w- C:\WINDOWS\Sysnative\asycfilt.dll
2017-06-14 03:14:39 E67FA1CECA219CB1574CC4D9F4B255B7 1102848 ----a-w- C:\WINDOWS\Sysnative\SettingSyncCore.dll
2017-06-14 03:14:39 E2A31A23493B26893BA2BD76BE33FA73 7904784 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Protection.PlayReady.dll
2017-06-14 03:14:39 E103B27C55AEEF188AA2A6838AF51296 1878016 ----a-w- C:\WINDOWS\Sysnative\AzureSettingSyncProvider.dll
2017-06-14 03:14:39 E01DC3F022373713DE9F821F9F0E58EF 2829824 ----a-w- C:\WINDOWS\Sysnative\DWrite.dll
2017-06-14 03:14:39 DD459140CBD075DCFA898097327DB8EB 846848 ----a-w- C:\WINDOWS\Sysnative\bisrv.dll
2017-06-14 03:14:39 DCBF52397C3C320B015EE0A1E7CBD5E9 1854880 ----a-w- C:\WINDOWS\Sysnative\AppVEntVirtualization.dll
2017-06-14 03:14:39 DC5807EB7ED79AC65B6040344E56D81D 654976 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentClient.dll
2017-06-14 03:14:39 DB149D59C20184C612E17745320822FC 1076736 ----a-w- C:\WINDOWS\Sysnative\twinui.appcore.dll
2017-06-14 03:14:39 DAD9A395BF8CB0E70121D4991730C607 1147296 ----a-w- C:\WINDOWS\Sysnative\hvix64.exe
2017-06-14 03:14:39 D9C7099363055260A84FF7D824F67336 4396032 ----a-w- C:\WINDOWS\Sysnative\D3DCompiler_47.dll
2017-06-14 03:14:39 D923B04F43F7F55CDB1A65F3E9DF0F63 334336 ----a-w- C:\WINDOWS\Sysnative\wc_storage.dll
2017-06-14 03:14:39 D8E72E5EC052C284CF7099D3B1EDB89A 1693600 ----a-w- C:\WINDOWS\Sysnative\AppVIntegration.dll
2017-06-14 03:14:39 D7485DAF92988CE20B68BF84D3CECD51 52736 ----a-w- C:\WINDOWS\Sysnative\musdialoghandlers.dll
2017-06-14 03:14:39 D4ED7C4D74B09794068F12380E8E3907 1600512 ----a-w- C:\WINDOWS\Sysnative\dbghelp.dll
2017-06-14 03:14:39 D0F1FB0E90BFBD14865B770E2567BE1D 707072 ----a-w- C:\WINDOWS\Sysnative\winlogon.exe
2017-06-14 03:14:39 CFFCE465145295B192D0C6FF7AAAF4F1 105456 ----a-w- C:\WINDOWS\Sysnative\imagehlp.dll
2017-06-14 03:14:39 CC2D94671F2185383AEAEAD8784784CD 2804736 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll
2017-06-14 03:14:39 CB42FF2F9C19E6DE4D805301272E4555 315392 ----a-w- C:\WINDOWS\Sysnative\NotificationObjFactory.dll
2017-06-14 03:14:39 CA966CED8970A60FB00A3592564EF093 301056 ----a-w- C:\WINDOWS\Sysnative\EnterpriseAppMgmtSvc.dll
2017-06-14 03:14:39 C83FAF2FBABC6A61AF4CA7AA17F0A252 128000 ----a-w- C:\WINDOWS\Sysnative\mssprxy.dll
2017-06-14 03:14:39 C4E81707CAF2B402CA64A2088A6017E8 439808 ----a-w- C:\WINDOWS\Sysnative\Windows.Devices.Midi.dll
2017-06-14 03:14:39 C31AC77A6DA08E22DE03994C9BFEB763 616960 ----a-w- C:\WINDOWS\Sysnative\WindowManagement.dll
2017-06-14 03:14:39 BF79562C2C0829AEFA227503A17B5B9A 221184 ----a-w- C:\WINDOWS\Sysnative\devicengccredprov.dll
2017-06-14 03:14:39 BEED42981D98AC6712DD18C288C1B75E 29696 ----a-w- C:\WINDOWS\Sysnative\odbcconf.dll
2017-06-14 03:14:39 B90883D6A659171DE033364B9B089D32 651680 ----a-w- C:\WINDOWS\Sysnative\SettingSyncHost.exe
2017-06-14 03:14:39 B83C743875F1D74E177E958C0F1BF623 2199552 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.Resources.dll
2017-06-14 03:14:39 B564B0F08E433E2211F3FD5961548EAF 1260544 ----a-w- C:\WINDOWS\Sysnative\GamePanel.exe
2017-06-14 03:14:39 B45F2FFFBF486F3FF742CC57886B0B3E 211872 ----a-w- C:\WINDOWS\Sysnative\browserbroker.dll
2017-06-14 03:14:39 B43E69B28998509F131B41758349014C 255904 ----a-w- C:\WINDOWS\Sysnative\AppxAllUserStore.dll
2017-06-14 03:14:39 B40A9FB7142C0564258945D1477F91F0 551936 ----a-w- C:\WINDOWS\Sysnative\TpmCoreProvisioning.dll
2017-06-14 03:14:39 B380627B240C1AC5B9FE587F7677AC58 411040 ----a-w- C:\WINDOWS\Sysnative\msv1_0.dll
2017-06-14 03:14:39 ADD4815A7D39A5106E4D3B4C3DAEF232 406064 ----a-w- C:\WINDOWS\Sysnative\MMDevAPI.dll
2017-06-14 03:14:39 AD7BEB67AAAFF7AA4CE539BF4A0AE9F0 427008 ----a-w- C:\WINDOWS\Sysnative\provengine.dll
2017-06-14 03:14:39 AA53809A3A7D24EB7D62ED4554FE7812 2969880 ----a-w- C:\WINDOWS\Sysnative\CoreUIComponents.dll
2017-06-14 03:14:39 A8961016D006CF08D14FF4A22CD0B3A2 476160 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Core.TextInput.dll
2017-06-14 03:14:39 A7010513641776D4F52703B38111F98F 1078272 ----a-w- C:\WINDOWS\Sysnative\StoreAgent.dll
2017-06-14 03:14:39 A5AE05D3674CBA5DD28C5580E238B059 64512 ----a-w- C:\WINDOWS\Sysnative\winsrv.dll
2017-06-14 03:14:39 A2F5596DA9B8DF7263049BDEA49F706A 155136 ----a-w- C:\WINDOWS\Sysnative\VEStoreEventHandlers.dll
2017-06-14 03:14:39 A0E5905465CBCCB63FE915F5B08752A8 970240 ----a-w- C:\WINDOWS\Sysnative\cdpsvc.dll
2017-06-14 03:14:39 9ECFD7DD594DBEAED3A2889045B2DCBD 1046016 ----a-w- C:\WINDOWS\Sysnative\ngcsvc.dll
2017-06-14 03:14:39 9E73CD0775175C5937F2CC5884D3299C 1628160 ----a-w- C:\WINDOWS\Sysnative\comsvcs.dll
2017-06-14 03:14:39 9DF65EE65073AC987E3711741C86C66D 259400 ----a-w- C:\WINDOWS\Sysnative\MusNotifyIcon.exe
2017-06-14 03:14:39 9CEB98E9BB0B9C4C9C6C6C248480BE00 846752 ----a-w- C:\WINDOWS\Sysnative\AppVClient.exe
2017-06-14 03:14:39 9977AFF389C0C32DE419226564886E09 15872 ----a-w- C:\WINDOWS\Sysnative\snmptrap.exe
2017-06-14 03:14:39 93B30C27002D77898D5CC1C6B5EBD323 450048 ----a-w- C:\WINDOWS\Sysnative\bcdedit.exe
2017-06-14 03:14:39 938D7916237ABDFFE1DAF02162938A37 672672 ----a-w- C:\WINDOWS\Sysnative\AppVPublishing.dll
2017-06-14 03:14:39 90C80EC09679810B2EAF2045A26B197E 27040 ----a-w- C:\WINDOWS\Sysnative\browser_broker.exe
2017-06-14 03:14:39 90224339656D3CFEC43150209B4CD38E 708712 ----a-w- C:\WINDOWS\Sysnative\kernel32.dll
2017-06-14 03:14:39 8DBA0D3F2A31035042565EFBD5090432 280064 ----a-w- C:\WINDOWS\Sysnative\WiFiDisplay.dll
2017-06-14 03:14:39 8C73F52F835C17D0F0313F8DD8C46B26 3673088 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys
2017-06-14 03:14:39 892DA01BC68A30D30BA0719ED99602A5 399264 ----a-w- C:\WINDOWS\Sysnative\AppVScripting.dll
2017-06-14 03:14:39 86FF5780D885B09F3C4CD62145470CB1 681984 ----a-w- C:\WINDOWS\Sysnative\usocore.dll
2017-06-14 03:14:39 866ED2AB051E6AD2B6507111E455C43F 697760 ----a-w- C:\WINDOWS\Sysnative\AppVCatalog.dll
2017-06-14 03:14:39 8602C1741541AA857D5CA0A006C5F581 246272 ----a-w- C:\WINDOWS\Sysnative\domgmt.dll
2017-06-14 03:14:39 82B169D24648B8E7CA595C3AF0C6B70C 164864 ----a-w- C:\WINDOWS\Sysnative\EnterpriseModernAppMgmtCSP.dll
2017-06-14 03:14:39 80F41EC5E595C8CA334D8FD6041530CC 909824 ----a-w- C:\WINDOWS\Sysnative\ISM.dll
2017-06-14 03:14:39 7E4E5D4AA0774F29E76D27256867A9DE 1003624 ----a-w- C:\WINDOWS\Sysnative\ucrtbase.dll
2017-06-14 03:14:39 7C4C41E0B8902656DA56582F8590ED9D 721920 ----a-w- C:\WINDOWS\Sysnative\MusUpdateHandlers.dll
2017-06-14 03:14:39 7C29BBF63178BB6788AD1C2B231150A5 972800 ----a-w- C:\WINDOWS\Sysnative\sysmain.dll
2017-06-14 03:14:39 7B7535D31FCDEA02BB97B862936B0C77 667040 ----a-w- C:\WINDOWS\Sysnative\ci.dll
2017-06-14 03:14:39 7B1B151AB20E2F572EB3B41A640A22E8 1269760 ----a-w- C:\WINDOWS\Sysnative\enterprisecsps.dll
2017-06-14 03:14:39 798420A345165F0AA652C30B9BEA3D5C 2056192 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys
2017-06-14 03:14:39 767AA7F971029C756B97D28A1B02E347 409600 ----a-w- C:\WINDOWS\Sysnative\updatehandlers.dll
2017-06-14 03:14:39 766B24C6F6B6369BBB1C273759FE5058 119296 ----a-w- C:\WINDOWS\Sysnative\UserDataTimeUtil.dll
2017-06-14 03:14:39 7382D503F7D07EFD803675B7CD6A75A0 296448 ----a-w- C:\WINDOWS\Sysnative\CloudBackupSettings.dll
2017-06-14 03:14:39 721D545BBCB210B598B2B9F6BF5AE251 218624 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Streaming.ps.dll
2017-06-14 03:14:39 71D8ADF41AEB6B92432CB62789FDC088 417792 ----a-w- C:\WINDOWS\Sysnative\InstallAgentUserBroker.exe
2017-06-14 03:14:39 70AD4B9AAE5AFE52C6B21DC3F768BA2E 777400 ----a-w- C:\WINDOWS\Sysnative\oleaut32.dll
2017-06-14 03:14:39 6F491FAE91BE7507CE79DA014839AB16 232960 ----a-w- C:\WINDOWS\Sysnative\wcmcsp.dll
2017-06-14 03:14:39 6D2C3525D877C5B1B5AA1252D7DF2660 1458592 ----a-w- C:\WINDOWS\Sysnative\AppVEntSubsystemController.dll
2017-06-14 03:14:39 69FABFEB036B4EFF687BF4AB5D4C05F1 586240 ----a-w- C:\WINDOWS\Sysnative\OneDriveSettingSyncProvider.dll
2017-06-14 03:14:39 672D215026E05D358CDB6617793E7741 8331264 ----a-w- C:\WINDOWS\Sysnative\BingMaps.dll
2017-06-14 03:14:39 669C0EFFD0CB110FA622FB03E780A13E 844696 ----a-w- C:\WINDOWS\Sysnative\AppVEntStreamingManager.dll
2017-06-14 03:14:39 6665C67437554B97E2EFFEC6E66CEAAE 56832 ----a-w- C:\WINDOWS\Sysnative\cldapi.dll
2017-06-14 03:14:39 605D4C2E374197FEA0D0BC9C41E5945A 923048 ----a-w- C:\WINDOWS\Sysnative\CoreMessaging.dll
2017-06-14 03:14:39 5F9C86F133D50EC14BC247B1408EB339 624640 ----a-w- C:\WINDOWS\Sysnative\AudioEndpointBuilder.dll
2017-06-14 03:14:39 5F7F9AA94850B085F600F068E2D706B7 524800 ----a-w- C:\WINDOWS\Sysnative\TileDataRepository.dll
2017-06-14 03:14:39 5F661E5FC0B2D079C0BED4036D4DF5F3 933376 ----a-w- C:\WINDOWS\Sysnative\SearchIndexer.exe
2017-06-14 03:14:39 5F601D7B7167A37B25A577BEC8F08D45 251904 ----a-w- C:\WINDOWS\Sysnative\Windows.Gaming.Preview.dll
2017-06-14 03:14:39 5E4AB60D50F368A09275F4055D621EDC 149504 ----a-w- C:\WINDOWS\Sysnative\embeddedmodesvc.dll
2017-06-14 03:14:39 5DFC148B25C57FE275CA743F1C828B95 1468416 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.desktop.dll
2017-06-14 03:14:39 5D543665EF9DD570A4D99BD30719DFD1 61952 ----a-w- C:\WINDOWS\Sysnative\vss_ps.dll
2017-06-14 03:14:39 59F84AB686634BC4575C6BB9F6623D35 1911752 ----a-w- C:\WINDOWS\Sysnative\Windows.ApplicationModel.Store.dll
2017-06-14 03:14:39 59BD4DCE00EBE7399E74FB84D7B73833 293376 ----a-w- C:\WINDOWS\Sysnative\MusNotification.exe
2017-06-14 03:14:39 58A4C7CF9DFBF6A731992084B611530B 99328 ----a-w- C:\WINDOWS\Sysnative\utcutil.dll
2017-06-14 03:14:39 5711CB1CCB087FEB595007782C935D78 1852776 ----a-w- C:\WINDOWS\Sysnative\crypt32.dll
2017-06-14 03:14:39 51EDD6CD3D12E998AE1AB5890061C7F1 543648 ----a-w- C:\WINDOWS\Sysnative\securekernel.exe
2017-06-14 03:14:39 500002E949C30E023C7E097F19BAED74 1024928 ----a-w- C:\WINDOWS\Sysnative\hvax64.exe
2017-06-14 03:14:39 4D248424BA6D95BDED8071E1508D0AED 3379200 ----a-w- C:\WINDOWS\Sysnative\tquery.dll
2017-06-14 03:14:39 4BCCFE06A580FB4350BB5DFEE377BE5D 7325584 ----a-w- C:\WINDOWS\Sysnative\windows.storage.dll
2017-06-14 03:14:39 49F8E0B892E15E278943FDB9CDCDCCD9 347136 ----a-w- C:\WINDOWS\Sysnative\XpsDocumentTargetPrint.dll
2017-06-14 03:14:39 49A09C935E67557350961428785CA299 443392 ----a-w- C:\WINDOWS\Sysnative\PerceptionSimulationExtensions.dll
2017-06-14 03:14:39 4921772259540486DB33E791C5CEACD4 232448 ----a-w- C:\WINDOWS\Sysnative\Windows.Web.Diagnostics.dll
2017-06-14 03:14:39 45F902F1C63B3AFE1F1F99E50FCB880F 102400 ----a-w- C:\WINDOWS\Sysnative\MusNotificationUx.exe
2017-06-14 03:14:39 4255A21E89EFEDD8488E3ED81A9F7993 1888256 ----a-w- C:\WINDOWS\Sysnative\FntCache.dll
2017-06-14 03:14:39 3EE63B28D1CD4A72DC48A2A17AAE03A2 3332096 ----a-w- C:\WINDOWS\Sysnative\SRH.dll
2017-06-14 03:14:39 3E9ED366E91695D90923990309017F78 2438656 ----a-w- C:\WINDOWS\Sysnative\ResetEngine.dll
2017-06-14 03:14:39 3A5370157B7DE1EF59E831A7017A59D5 1886208 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.onecore.dll
2017-06-14 03:14:39 3A30DBAEB259F4EDB57FBFD7A065D9DF 641536 ----a-w- C:\WINDOWS\Sysnative\rdbui.dll
2017-06-14 03:14:39 3835D0DD7A932266CC0746FDC5EC5568 2516480 ----a-w- C:\WINDOWS\Sysnative\diagtrack.dll
2017-06-14 03:14:39 36BE6DEB5EE9168473FC13C20A7EF271 2085280 ----a-w- C:\WINDOWS\Sysnative\UpdateAgent.dll
2017-06-14 03:14:39 35763FCD88CEA06D6E520D7757756825 1325456 ----a-w- C:\WINDOWS\Sysnative\ole32.dll
2017-06-14 03:14:39 346A3813D15C7419B806B6BCCE62BEC6 848288 ----a-w- C:\WINDOWS\Sysnative\AppVOrchestration.dll
2017-06-14 03:14:39 316558BC04A7BDF4ACCDD9859E68D7D7 5557760 ----a-w- C:\WINDOWS\Sysnative\dbgeng.dll
2017-06-14 03:14:39 3159602B419D3100363F3E57A3D0EE98 3116184 ----a-w- C:\WINDOWS\Sysnative\combase.dll
2017-06-14 03:14:39 31285F42BAE4730D131B8BEF1B24A665 3135488 ----a-w- C:\WINDOWS\Sysnative\MapGeocoder.dll
2017-06-14 03:14:39 2B1361AFBF330AF9A652A336EE77CBCB 3307008 ----a-w- C:\WINDOWS\Sysnative\wininet.dll
2017-06-14 03:14:39 29CEF9DF16CA9B7C991D84929B82541A 203776 ----a-w- C:\WINDOWS\Sysnative\PackageStateRoaming.dll
2017-06-14 03:14:39 28A5280F3DB56AC726F2E916CB3845ED 17365504 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll
2017-06-14 03:14:39 280A037CE700B378D487CE96EBE6E1BE 1141760 ----a-w- C:\WINDOWS\Sysnative\MapsStore.dll
2017-06-14 03:14:39 2740F2C2F0FF4FEF43E1997EDCD64BFF 518144 ----a-w- C:\WINDOWS\Sysnative\daxexec.dll
2017-06-14 03:14:39 22DC955285840B5100C2B50539071644 197120 ----a-w- C:\WINDOWS\Sysnative\bcdboot.exe
2017-06-14 03:14:39 212CB512B785E218667CCA56C4BFD71D 750080 ----a-w- C:\WINDOWS\Sysnative\StorSvc.dll
2017-06-14 03:14:39 202FE2CB30DF690F9FB59CCC5BEA80D3 3784704 ----a-w- C:\WINDOWS\Sysnative\MapRouter.dll
2017-06-14 03:14:39 1D210D34020638998C980C889513B5DA 2938880 ----a-w- C:\WINDOWS\Sysnative\InputService.dll
2017-06-14 03:14:39 1ACB1BBC69D1A95A8193B3704B4460F5 2560 ----a-w- C:\WINDOWS\Sysnative\tzres.dll
2017-06-14 03:14:39 19820EEC2D1A4D264F051B789F79D51A 86016 ----a-w- C:\WINDOWS\Sysnative\xboxgipsynthetic.dll
2017-06-14 03:14:39 18DD15CD20F3AFB8A056B6250CDD4ABE 1356800 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll
2017-06-14 03:14:39 17DF3F5047ED4C2D065C0DEF0B87A565 974848 ----a-w- C:\WINDOWS\Sysnative\mmgaserver.exe
2017-06-14 03:14:39 16C59EF3592F3130EFDD6E49431EDDF1 2228120 ----a-w- C:\WINDOWS\Sysnative\AppVEntSubsystems64.dll
2017-06-14 03:14:39 13CE9244F1B2C7BB97CDC76ED96F8C0C 1055648 ----a-w- C:\WINDOWS\Sysnative\LicenseManager.dll
2017-06-14 03:14:39 1376CDF9F9EABA8E4601190B817A3DD7 2650112 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll
2017-06-14 03:14:39 10BCA32086250DF9C8B695686A9AD593 1670496 ----a-w- C:\WINDOWS\Sysnative\winmde.dll
2017-06-14 03:14:39 0E79A4C76CAAA0CFE9CA42C13E5AA086 1085440 ----a-w- C:\WINDOWS\Sysnative\rpcss.dll
2017-06-14 03:14:39 0E1ECF0881990C6AE516F818F03575FA 50176 ----a-w- C:\WINDOWS\Sysnative\catsrvps.dll
2017-06-14 03:14:39 0B9D7F371C03752E9ADEBFE7427A4AD9 2597376 ----a-w- C:\WINDOWS\Sysnative\mssrch.dll
2017-06-14 03:14:39 0A4A4493301996786CE385E7DEC71547 1295872 ----a-w- C:\WINDOWS\Sysnative\dosvc.dll
2017-06-14 03:14:39 06E01EBE72917268D5AD7331801E377A 133120 ----a-w- C:\WINDOWS\Sysnative\XblGameSaveExt.dll
2017-06-14 03:14:39 05BEDBBEEAAC22F98FCA529FAC659582 2443776 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll
2017-06-14 03:14:39 03F0EEE8EFB7D429B3C9CA7E6557EDA4 159744 ----a-w- C:\WINDOWS\Sysnative\NPSM.dll
2017-06-14 03:14:39 030E2B28C4C1EBB77420B671E4F80735 2399728 ----a-w- C:\WINDOWS\Sysnative\KernelBase.dll
2017-06-14 03:14:38 FA57DEAD00DF87AF861B5FAF253ED3B9 872472 ----a-w- C:\WINDOWS\Sysnative\ClipSVC.dll
2017-06-14 03:14:38 F4997928BF7AB150DA9F2721BA0C409A 7336448 ----a-w- C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll
2017-06-14 03:14:38 F33A6A81B2521E6FB48CCE595DF4EE4E 5477096 ----a-w- C:\WINDOWS\Sysnative\OneCoreUAPCommonProxyStub.dll
2017-06-14 03:14:38 EEE802F2BD574FDE09F1629664A074CE 209408 ----a-w- C:\WINDOWS\Sysnative\smartscreenps.dll
2017-06-14 03:14:38 C83505A5CC15E39D6C6D7B3C20187E5C 1054208 ----a-w- C:\WINDOWS\Sysnative\TokenBroker.dll
2017-06-14 03:14:38 C7215695095A0BFC2A01BBB5660E383A 422400 ----a-w- C:\WINDOWS\Sysnative\WpAXHolder.dll
2017-06-14 03:14:38 C66FCC9240B940E8558D6DE8F3B376F9 3856896 ----a-w- C:\WINDOWS\Sysnative\vmchipset.dll
2017-06-14 03:14:38 BC17B0C4F0A64087B2F2244F2EF9EA24 1611776 ----a-w- C:\WINDOWS\Sysnative\SpeechPal.dll
2017-06-14 03:14:38 B0A3B85B6A2605A26B8C44B9A9C5F9B1 32004 ----a-w- C:\WINDOWS\Sysnative\edgehtmlpluginpolicy.bin
2017-06-14 03:14:38 B037A6026597498BADC615CEF2C7EC40 2231296 ----a-w- C:\WINDOWS\Sysnative\vmcompute.exe
2017-06-14 03:14:38 AD60622F6CFAC51E294F6431C5D2486B 1506712 ----a-w- C:\WINDOWS\Sysnative\twinapi.appcore.dll
2017-06-14 03:14:38 93F9CF53D9F6B0D482C116CB743B0260 601088 ----a-w- C:\WINDOWS\Sysnative\Windows.System.Launcher.dll
2017-06-14 03:14:38 7A53C897F4A25916F1D1983ABC2379A8 1293824 ----a-w- C:\WINDOWS\Sysnative\aadtb.dll
2017-06-14 03:14:38 6A58C8571C57CF53C290025C1A94C96A 527360 ----a-w- C:\WINDOWS\Sysnative\aadcloudap.dll
2017-06-14 03:14:38 6745D866BD3CD557857B06F6B455A839 78848 ----a-w- C:\WINDOWS\Sysnative\offreg.dll
2017-06-14 03:14:38 65AD718F1854F799BAB81D0AE73F4F03 1818624 ----a-w- C:\WINDOWS\Sysnative\UIAutomationCore.dll
2017-06-14 03:14:38 5CFFCDC66C84D2E96098B0BE8AE44ACE 2730496 ----a-w- C:\WINDOWS\Sysnative\smartscreen.exe
2017-06-14 03:14:38 58313A254657E63E43889F44AFDE825A 408064 ----a-w- C:\WINDOWS\Sysnative\ActivationManager.dll
2017-06-14 03:14:38 581A1DE0E7E8FFFD231FBDDAEA5C1F62 1275904 ----a-w- C:\WINDOWS\Sysnative\ShareHost.dll
2017-06-14 03:14:38 4E967C59A5867FF10B3FFFEFD5CA0EF2 1028608 ----a-w- C:\WINDOWS\Sysnative\modernexecserver.dll
2017-06-14 03:14:38 36DFAC142BB4F3F85ADEA0B67B082889 892416 ----a-w- C:\WINDOWS\Sysnative\MessagingDataModel2.dll
2017-06-14 03:14:38 1C8DA5C681B603BBC893D50C5D643504 585216 ----a-w- C:\WINDOWS\Sysnative\AppReadiness.dll
2017-06-14 03:14:38 10DDA62144A46A1C2339770EF46B0252 275456 ----a-w- C:\WINDOWS\Sysnative\vmusrv.dll
2017-06-14 03:14:38 09E6115D0B15BA914C005E8281223DFA 321376 ----a-w- C:\WINDOWS\Sysnative\capauthz.dll
2017-06-14 03:14:38 07DF513171C761D90EE02744CDED2AA7 380416 ----a-w- C:\WINDOWS\Sysnative\vmcompute.dll
2017-06-14 03:12:33 FB8E919B5BFD2F8993D414A874EB558C 498176 ----a-w- C:\WINDOWS\Sysnative\d2d1debug3.dll
2017-06-14 03:12:33 F9F6E7393589E2F2B0CA65D98CF3D320 91136 ----a-w- C:\WINDOWS\Sysnative\VsGraphicsProxyStub.dll
2017-06-14 03:12:33 F7EA31BF59AA6813554563A853C6D3ED 176128 ----a-w- C:\WINDOWS\Sysnative\DXToolsReporting.dll
2017-06-14 03:12:33 E9773B177A47D52F9EEE264FEF6CE843 6806016 ----a-w- C:\WINDOWS\Sysnative\d3d12warp.dll
2017-06-14 03:12:33 E7C02955D1A2C29350943B774F11A650 1309184 ----a-w- C:\WINDOWS\Sysnative\d3d11_3SDKLayers.dll
2017-06-14 03:12:33 E0D38E5F59C80FEF6E9E638D1EDC3800 1174528 ----a-w- C:\WINDOWS\Sysnative\DXCap.exe
2017-06-14 03:12:33 DEE41053033A4639770EB06B03C2CB82 163328 ----a-w- C:\WINDOWS\Sysnative\VsGraphicsCapture.dll
2017-06-14 03:12:33 D0A155FB61C525BD980293E73AB67581 348672 ----a-w- C:\WINDOWS\Sysnative\perf_gputiming.dll
2017-06-14 03:12:33 D00A631727266076FAE5951847F55EBB 79872 ----a-w- C:\WINDOWS\Sysnative\VSD3DWARP12Debug.dll
2017-06-14 03:12:33 C780DF5F1A54C8C50C01B200DFCAD9C0 4897280 ----a-w- C:\WINDOWS\Sysnative\VsGraphicsRemoteEngine.exe
2017-06-14 03:12:33 AE278DDB6B0D7D25A34B4A60B8E7F99D 1977344 ----a-w- C:\WINDOWS\Sysnative\DXToolsOfflineAnalysis.dll
2017-06-14 03:12:33 AB82A984F8B87466753E5484CC8915CD 334848 ----a-w- C:\WINDOWS\Sysnative\DXGIDebug.dll
2017-06-14 03:12:33 91AAEFFA10DB6D46F316E4B52C87894E 59392 ----a-w- C:\WINDOWS\Sysnative\VSD3DWARPDebug.dll
2017-06-14 03:12:33 8B670E1E663E3ED10EB7E5C19E65C810 94720 ----a-w- C:\WINDOWS\Sysnative\DxToolsReportGenerator.dll
2017-06-14 03:12:33 66E548B1F32B724CCBCB102315C6C908 17777152 ----a-w- C:\WINDOWS\Sysnative\DXCaptureReplay.dll
2017-06-14 03:12:33 6128D94C3CBB1E733100D0C1C14252FC 189952 ----a-w- C:\WINDOWS\Sysnative\DXToolsMonitor.dll
2017-06-14 03:12:33 4F17B3F6BD4253E30FAA8E28961B55E2 393216 ----a-w- C:\WINDOWS\Sysnative\DXCpl.exe
2017-06-14 03:12:33 290B9895ED7BAFE28BDE4C2E56C341A7 283648 ----a-w- C:\WINDOWS\Sysnative\VsGraphicsExperiment.dll
2017-06-14 03:09:16 F548ADCE9C2E6CEB7FA26BF52EF4BF91 35480 ----a-w- C:\WINDOWS\Sysnative\TsWpfWrp.exe
2017-06-14 03:09:16 918C1F0F306EFE826E9BE142117E72B7 124624 ----a-w- C:\WINDOWS\Sysnative\PresentationCFFRasterizerNative_v0300.dll
2017-06-14 03:09:16 021CEB46E05A82E36571E67E49FB3D53 1166520 ----a-w- C:\WINDOWS\Sysnative\PresentationNative_v0300.dll
2017-06-14 03:09:11 A0A894C26B4EBAC5CE467D0123CE6FA2 1087488 ----a-w- C:\WINDOWS\Sysnative\reseteng.dll
2017-06-13 23:20:03 F44D8B58B7FE6A51C753EE2F44FFAE36 1094480 ----a-w- C:\WINDOWS\Sysnative\PerfStringBackup.INI
2017-06-13 23:19:50 D9EBF9753429136577591A80A1965189 1762752 ----a-w- C:\WINDOWS\Sysnative\nvsvcr.dll
2017-06-13 23:19:50 9CBFDAF17B1D6886BF32738767681913 71224 ----a-w- C:\WINDOWS\Sysnative\nvshext.dll
2017-06-13 23:19:50 92547AADAD77559B9860C42D27B53998 393784 ----a-w- C:\WINDOWS\Sysnative\nvmctray.dll
2017-06-13 23:19:50 85397430F424516BF8300FAAEF929366 1365048 ----a-w- C:\WINDOWS\Sysnative\nvvsvc.exe
2017-06-13 23:19:50 6E114297CE536806C4F933DA3238B30F 81856 ----a-w- C:\WINDOWS\Sysnative\nv3dappshextr.dll
2017-06-13 23:19:50 4EBD25B61F9689E11DAFD6486BE854E3 547896 ----a-w- C:\WINDOWS\Sysnative\nv3dappshext.dll
2017-06-13 23:19:50 413F6D3211DF29D6B8791D1A27BF7793 7242545 ----a-w- C:\WINDOWS\Sysnative\nvcoproc.bin
2017-06-13 23:19:50 2AEB6723FF640E70DFD7D8B8A8D5E5FC 6386744 ----a-w- C:\WINDOWS\Sysnative\nvcpl.dll
2017-06-13 23:19:50 10B617FAAA68C3A1D539073E95AC0EFB 2466360 ----a-w- C:\WINDOWS\Sysnative\nvsvc64.dll
2017-06-13 23:19:00 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\WINDOWS\Sysnative\GfxValDisplayLog.bin
2017-06-13 23:19:00 5C5A797761421CF9B72087F3BC8A5259 180 ----a-w- C:\WINDOWS\Sysnative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-13 23:19:00 3D0C25BEC0D5A815631EE8E8230D6195 99864 ----a-w- C:\WINDOWS\Sysnative\OpenCL.DLL
2017-06-13 23:19:00 1373F6562D5E4C715D5D3583E350093E 200 ----a-w- C:\WINDOWS\Sysnative\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-06-13 23:18:13 FF25EEB29502ADD49BAF8AB94FA24652 415520 ----a-w- C:\WINDOWS\Sysnative\FNTCACHE.DAT
====== C:\WINDOWS\Sysnative\drivers =====
2017-06-16 17:33:08 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\WINDOWS\Sysnative\drivers\dbx-stable.sys
2017-06-16 17:33:08 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\WINDOWS\Sysnative\drivers\dbx-dev.sys
2017-06-16 17:33:08 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\WINDOWS\Sysnative\drivers\dbx-canary.sys
2017-06-14 03:14:46 36EAC4FE629FC036632F13EC14788FD1 414208 ----a-w- C:\WINDOWS\Sysnative\drivers\srv.sys
2017-06-14 03:14:40 9778205F28DC4F2EFFCC146647FE5CF0 27136 ----a-w- C:\WINDOWS\Sysnative\drivers\ksthunk.sys
2017-06-14 03:14:39 F5DFB6D800946ADE35C71BE9928098A9 2444192 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2017-06-14 03:14:39 F51953EC4B9AACD92A3B3CE66E05CEF4 112544 ----a-w- C:\WINDOWS\Sysnative\drivers\dam.sys
2017-06-14 03:14:39 D8D7A91B56DEF4A771A4414E9F07D138 2681760 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2017-06-14 03:14:39 C61014A176ECAAF97589E6FC979CE786 363424 ----a-w- C:\WINDOWS\Sysnative\drivers\fastfat.sys
2017-06-14 03:14:39 B5118DB80E6D50A27D633BD89B14B0E9 409504 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2017-06-14 03:14:39 B2D09296EAB388A1B978D05842045E78 130464 ----a-w- C:\WINDOWS\Sysnative\drivers\tm.sys
2017-06-14 03:14:39 A84B05C7C2A233497BE1D518A662C326 722944 ----a-w- C:\WINDOWS\Sysnative\drivers\srv2.sys
2017-06-14 03:14:39 892AB2637603A5E9507C39E61101C3C3 119712 ----a-w- C:\WINDOWS\Sysnative\drivers\tdx.sys
2017-06-14 03:14:39 2BD6F409FFE5C39A1A77E2EA8D50E7D9 13312 ----a-w- C:\WINDOWS\Sysnative\drivers\rootmdm.sys
2017-06-14 03:14:39 2B7CCCFBB166100842D31440228588CF 142240 ----a-w- C:\WINDOWS\Sysnative\drivers\wcifs.sys
2017-06-14 03:14:39 0EE2587A3AF9E29DF991CE20833B5F1E 712608 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys
2017-06-14 03:14:38 F76A92975340DAA99939DA297D677EA8 219040 ----a-w- C:\WINDOWS\Sysnative\drivers\tpm.sys
2017-06-14 03:14:38 F000C7AF0F65D5DD3C8BA43FEDDD30F4 188824 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2017-06-14 03:14:38 E2BFD01BD0ECF2BDE9420022147952A4 35840 ----a-w- C:\WINDOWS\Sysnative\drivers\BasicRender.sys
2017-06-14 03:14:38 C3262D0D418C8BF6BEF1DF348D8D0A5A 1652736 ----a-w- C:\WINDOWS\Sysnative\drivers\vmswitch.sys
2017-06-14 03:14:38 B10655A4C2EFDC25483D670EF52A4854 277504 ----a-w- C:\WINDOWS\Sysnative\drivers\xboxgip.sys
2017-06-14 03:14:38 AC97EF99A86E0DA9C824A4EEE0F7DE39 120320 ----a-w- C:\WINDOWS\Sysnative\drivers\storvsp.sys
2017-06-14 03:14:38 93BD9CD169610D96D6074DAFD11427A6 546208 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys
2017-06-14 03:14:38 8C03F2F5A9E93AEB08B3AEE51552394A 118784 ----a-w- C:\WINDOWS\Sysnative\drivers\netvsc.sys
2017-06-14 03:14:38 71A494A502F24465317E88E80F6C0C2C 287648 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2017-06-14 03:14:38 622833A26A27F15F42CE0888B1C70472 980992 ----a-w- C:\WINDOWS\Sysnative\drivers\bthport.sys
2017-06-14 03:14:38 5ACB90F53ADA99575449042D78C6E37D 90112 ----a-w- C:\WINDOWS\Sysnative\drivers\vpcivsp.sys
2017-06-14 03:14:38 58C9AA0B5094307D3DEDB4B04D13B16F 751616 ----a-w- C:\WINDOWS\Sysnative\drivers\Wnv.sys
2017-06-14 03:14:38 576A818562069B1E091CC719C143AED2 144288 ----a-w- C:\WINDOWS\Sysnative\drivers\storahci.sys
2017-06-14 03:14:38 50E70B3A95138AA4A30B095270EE0DE6 388000 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
2017-06-14 03:14:38 0E12F5F6B1C813D17AFDA197C4394423 730016 ----a-w- C:\WINDOWS\Sysnative\drivers\vhdmp.sys
2017-06-13 23:19:30 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-06-13 23:19:02 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_esif_lf_01011.Wdf
2017-06-13 23:19:01 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2017-06-13 23:19:00 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-06-13 23:18:50 8B03C5F9C16D06FD22504B8DC4A093FF 340711 ----a-w- C:\WINDOWS\Sysnative\drivers\rtwavesskdy.dat
2017-06-13 23:18:48 CD4D90A8F8F29D37725F8457C43A2102 77870 ----a-w- C:\WINDOWS\Sysnative\drivers\RTWAVES30.dat
2017-06-13 23:18:42 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_SynTP_01011.Wdf
====== C:\WINDOWS\Tasks ======
2017-06-13 23:31:34 FC30E1753C494B14A800DB8B664DB21D 3344 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2017-06-13 23:31:34 FB5776CBE924F50D21CCBD488AB0FA97 3084 ----a-w- C:\WINDOWS\Sysnative\Tasks\SUPERAntiSpyware Scheduled Task f556320e-6c0a-446d-a322-2dfa48b8ead3
2017-06-13 23:31:34 E74F16504225A55AAF9FD40B1ABB4B88 3482 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Acrobat Update Task
2017-06-13 23:31:34 E34456EF8704ECD3594B2B687CB850C5 2982 ----a-w- C:\WINDOWS\Sysnative\Tasks\SystemToolsDailyTest
2017-06-13 23:31:34 DE51C05CA0C49211FE3EB91174A1E0D2 3276 ----a-w- C:\WINDOWS\Sysnative\Tasks\PCDoctorBackgroundMonitorTask
2017-06-13 23:31:34 D450DBB0B4C1BD8D0217A5BC90187B9A 2588 ----a-w- C:\WINDOWS\Sysnative\Tasks\CreateExplorerShellUnelevatedTask
2017-06-13 23:31:34 CD93AD089770D0DB32215D3E859BD31E 3120 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2017-06-13 23:31:34 C037BE88EDE140B1FDA9D4B070828310 3084 ----a-w- C:\WINDOWS\Sysnative\Tasks\SUPERAntiSpyware Scheduled Task 3b88d034-aced-4806-85fe-c9b66d7437cb
2017-06-13 23:31:34 BEAA46DA64EE3C69994682F595915FFB 3102 ----a-w- C:\WINDOWS\Sysnative\Tasks\SUPERAntiSpyware Scheduled Task dccc58fd-18f3-45e3-a58a-43ab56de83b2
2017-06-13 23:31:34 B81F8F8AA1D84E9DDFB33CC8EB10E37E 3312 ----a-w- C:\WINDOWS\Sysnative\Tasks\SUPERAntiSpyware Scheduled Task 60c1b5b1-2b20-4444-ad04-556611266d4c
2017-06-13 23:31:34 B6DB56F4AEC8A5908ED74A1006D6CA38 3464 ----a-w- C:\WINDOWS\Sysnative\Tasks\Macrium-Backup-{DADDA4FC-A4D6-4AEF-BCA6-A41C7190A477}
2017-06-13 23:31:34 AA1B17B4F2C011FEB924E031A5C68EF2 3278 ----a-w- C:\WINDOWS\Sysnative\Tasks\Dell SupportAssistAgent AutoUpdate
2017-06-13 23:31:34 A0FD19DDD653971994372451A9C6113A 3106 ----a-w- C:\WINDOWS\Sysnative\Tasks\SUPERAntiSpyware Scheduled Task 1eca1489-d8dc-47cb-9b69-1f7079ae57be
2017-06-13 23:31:34 9E6B5FD33D2CB996D2A15AB8B220DD0A 3096 ----a-w- C:\WINDOWS\Sysnative\Tasks\PCDDataUploadTask
2017-06-13 23:31:34 972471B1091611909A87946874725983 3284 ----a-w- C:\WINDOWS\Sysnative\Tasks\User_Feed_Synchronization-{984B9A72-2F7B-46C5-B5CE-93F9E0C1B0AA}
2017-06-13 23:31:34 75B824A7BDE2678ECB70ACB89E44A5B1 2746 ----a-w- C:\WINDOWS\Sysnative\Tasks\AdobeAAMUpdater-1.0-NGT-jwm4
2017-06-13 23:31:34 732DB251B691BC4B930971289E45208A 3320 ----a-w- C:\WINDOWS\Sysnative\Tasks\SUPERAntiSpyware Scheduled Task d31ca9b6-e88e-4b38-b514-66dcdc2daa58
2017-06-13 23:31:34 708EBAC0C42B4F965211B7C7677A549E 3160 ----a-w- C:\WINDOWS\Sysnative\Tasks\G2MUpdateTask-S-1-5-21-471456211-1128354712-3898517561-1001
2017-06-13 23:31:34 402DE9BA50515E55E3524B13765DFDB9 3522 ----a-w- C:\WINDOWS\Sysnative\Tasks\Macrium-Backup-{1D39F467-290C-44F6-AFBC-FF612CCC61AC}
2017-06-13 23:31:34 374C18A6B8316E3828CFEE89D8C12BFF 3206 ----a-w- C:\WINDOWS\Sysnative\Tasks\DropboxUpdateTaskMachineCore
2017-06-13 23:31:34 34E34343E9A9A7AF26C0A245557B8D2E 3256 ----a-w- C:\WINDOWS\Sysnative\Tasks\G2MUploadTask-S-1-5-21-471456211-1128354712-3898517561-1001
2017-06-13 23:31:34 2273C0F6BF46873550E021315117FF06 2996 ----a-w- C:\WINDOWS\Sysnative\Tasks\PCDEventLauncherTask
2017-06-13 23:31:34 1C151376A9B8AC186191226F42CE5669 3430 ----a-w- C:\WINDOWS\Sysnative\Tasks\DropboxUpdateTaskMachineUA
2017-06-13 23:31:34 171BBF531F5665BEBC208C10DAAF7522 2242 ----a-w- C:\WINDOWS\Sysnative\Tasks\Synaptics TouchPad Enhancements
2017-06-13 23:31:34 0F41C5E3DAC0D83E60EC3EED9C017307 2820 ----a-w- C:\WINDOWS\Sysnative\Tasks\OneDrive Standalone Update Task
2017-06-13 23:31:34 026048C4036B86882EBADBEFA465A725 2770 ----a-w- C:\WINDOWS\Sysnative\Tasks\OneDrive Standalone Update Task v2
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2017-06-14 03:09:37 -------- d-----w- C:\Program Files\Reference Assemblies
2017-06-14 03:09:37 -------- d-----w- C:\Program Files\MSBuild
2017-06-14 03:09:37 -------- d-----w- C:\Program Files\Hyper-V
2017-06-13 23:19:39 -------- d-----w- C:\Program Files\NVIDIA Corporation
2017-06-13 23:18:59 -------- d-----w- C:\Program Files\Intel
2017-06-13 23:18:44 -------- d-----w- C:\Program Files\Realtek
2017-06-13 23:18:42 -------- d--h--w- C:\Program Files\Uninstall Information
2017-06-13 23:18:40 -------- d-----w- C:\Program Files\Synaptics
2017-05-29 15:31:10 -------- d---a-w- C:\Program Files\UNP
======= C:\PROGRA~2 =====
2017-06-17 05:26:17 -------- d-----w- C:\PROGRA~2\Macrium
2017-06-14 03:09:37 -------- d---a-w- C:\PROGRA~2\MSBuild
2017-06-14 03:09:37 -------- d-----w- C:\PROGRA~2\Reference Assemblies
2017-06-13 23:19:01 -------- d---a-w- C:\PROGRA~2\Intel
2017-06-13 23:18:57 -------- d-----w- C:\PROGRA~2\COMMON~1\Intel
2017-06-02 13:34:12 -------- d-----w- C:\PROGRA~2\Evernote
======= C: =====
====== C:\Users\jwm4.LOCAL\AppData\Roaming ======
2017-06-22 02:34:54 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Local\Microsoft_Corporation
2017-06-19 16:09:51 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\PeerDistRepub
2017-06-19 16:09:26 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Dropbox
2017-06-14 23:34:43 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\DataSharing
2017-06-14 03:30:38 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Apps
2017-06-14 03:12:00 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft
2017-06-14 03:12:00 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming
2017-06-14 02:04:24 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\ConnectedDevicesPlatform
2017-06-13 23:29:53 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Zemana
2017-06-13 23:29:23 FB71B1DF146565C5541641982AAB5A48 310232 ----a-w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Roaming
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Local\Temp
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Local\Microsoft
2017-06-13 23:20:16 -------- d-----w- C:\Users\jwm4.LOCAL\AppData\Local
2017-06-13 23:20:16 -------- d-----w- C:\Users\Jim\AppData\Roaming
2017-06-13 23:20:16 -------- d-----w- C:\Users\Jim\AppData\Local\Temp
2017-06-13 23:20:16 -------- d-----w- C:\Users\Jim\AppData\Local\Microsoft
2017-06-13 23:20:16 -------- d-----w- C:\Users\Jim\AppData\Local
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-06-13 23:20:16 -------- d-----r- C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-06-13 23:19:49 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft
2017-06-13 23:19:01 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Intel
2017-06-13 23:18:32 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache
2017-06-13 23:18:15 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp
2017-06-13 23:18:15 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Microsoft
2017-06-13 23:18:15 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local
2017-06-13 23:18:14 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Packages
2017-06-13 23:18:14 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Roaming
2017-06-13 23:18:14 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp
2017-06-13 23:18:14 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft
2017-06-13 23:18:14 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local
2017-05-31 02:03:15 45381345135250953BCEEAF8E0905638 460 ----a-w- C:\Users\jwm4.LOCAL\AppData\Local\OfficeMix_16_0.txt
====== C:\Users\jwm4.LOCAL ======
2017-06-22 02:05:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EdgeRunner
2017-06-19 19:57:27 C4C52196501F0CA232198ADEF5389199 2439680 ----a-w- C:\Users\jwm4.LOCAL\Desktop\FRST64.exe
2017-06-19 19:39:54 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp
2017-06-19 16:09:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-19 16:09:27 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Documents
2017-06-19 16:09:27 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Desktop
2017-06-14 03:12:00 -------- d--h--w- C:\WINDOWS\serviceprofiles\Localservice\AppData
2017-06-14 03:09:37 -------- d-----w- C:\Users\Public\Documents\Hyper-V
2017-06-14 01:57:40 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2017-06-14 01:56:09 -------- d-----r- C:\Users\jwm4.LOCAL\Downloads
2017-06-14 01:56:04 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\jwm4.LOCAL\ntuser.ini
2017-06-13 23:28:33 -------- d-----w- C:\ProgramData\USOShared
2017-06-13 23:20:16 -------- d--h--w- C:\Users\jwm4.LOCAL\AppData
2017-06-13 23:20:16 -------- d--h--w- C:\Users\Jim\AppData
2017-06-13 23:19:52 -------- d-----w- C:\ProgramData\NVIDIA
2017-06-13 23:19:43 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2017-06-13 23:18:49 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\ProgramData\DP45977C.lfl
2017-06-13 23:18:15 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\Saved Games
2017-06-13 23:18:15 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Videos
2017-06-13 23:18:15 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Pictures
2017-06-13 23:18:15 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Music
2017-06-13 23:18:15 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Links
2017-06-13 23:18:15 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Favorites
2017-06-13 23:18:15 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Downloads
2017-06-13 23:18:15 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Documents
2017-06-13 23:18:15 -------- d-----r- C:\WINDOWS\serviceprofiles\Localservice\Desktop
2017-06-13 23:18:14 -------- d--h--w- C:\WINDOWS\serviceprofiles\networkservice\AppData
2017-06-13 23:18:14 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\Saved Games
2017-06-13 23:18:14 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Videos
2017-06-13 23:18:14 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Pictures
2017-06-13 23:18:14 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Music
2017-06-13 23:18:14 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Links
2017-06-13 23:18:14 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Favorites
2017-06-13 23:18:14 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Downloads
2017-06-13 23:18:14 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Documents
2017-06-13 23:18:14 -------- d-----r- C:\WINDOWS\serviceprofiles\networkservice\Desktop
2017-06-13 21:59:33 -------- d-----w- C:\Users\jwm4.LOCAL\.atom
2017-06-06 02:43:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2017-06-02 13:34:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

====== C: exe-files ==
2017-06-22 02:54:43 0101294E7BA216B0158056AFA42A7AAB 257152 ----a-w- C:\Windows\Temp\DPTF\esif_assist_64.exe
2017-06-22 02:52:29 0350B1842A2F3222CB028C27418E18D8 1395144 ----a-w- C:\Users\jwm4.LOCAL\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
2017-06-22 02:51:12 5EE89C0B4819AFAB9C3D4C4BB9737531 10134688 ----a-w- C:\Dropbox\Downloads\Applications\Multiplicity_3.43_setup_sd.exe
2017-06-22 02:50:25 5EE89C0B4819AFAB9C3D4C4BB9737531 10134688 ----a-w- C:\Dropbox\.dropbox.cache\2017-06-21\Multiplicity_3.43_setup_sd (1) (deleted e9801bbd3b20a09a6383e9c07fdf1da3).exe
2017-06-22 01:46:10 5EE89C0B4819AFAB9C3D4C4BB9737531 10134688 ----a-w- C:\Dropbox\.dropbox.cache\2017-06-21\Multiplicity3_setup (deleted 06b854dc2207cded1f753a2325035df9).exe
2017-06-21 23:53:45 95AA0019C99BC1AFF4DC1872707F6D71 4272744 ----a-w- C:\Program Files (x86)\Google\Update\Install\{01FFDA49-B138-4806-803F-9E27F2B51F9F}\60.0.3112.40_60.0.3112.32_chrome_updater.exe
2017-06-21 23:53:44 95AA0019C99BC1AFF4DC1872707F6D71 4272744 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\60.0.3112.40\60.0.3112.40_60.0.3112.32_chrome_updater.exe
2017-06-21 23:03:01 BA48A1159EC864CAA010721486D1919C 3743864 ----a-w- C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\SwReporter\19.109.2\software_reporter_tool.exe
2017-06-21 18:02:42 560039D82FB76F14CA6529BF339CD850 778288 ----a-w- C:\Users\jwm4.LOCAL\AppData\Local\NVIDIA\NvBackend\Packages\0000a2ad\CoProc update.22349045.exe
2017-06-20 07:23:11 9D85CD8E245989DE49CB1A7FF89EF320 26435280 ----a-w- C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
2017-06-20 07:23:11 9D85CD8E245989DE49CB1A7FF89EF320 26435280 ----a-w- C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\OneDriveSetup.exe
2017-06-20 07:22:58 1358394DD0CF1191D726692A9372FE8F 236240 ----a-w- C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncConfig.exe
2017-06-20 07:22:47 9EB92488BA203BA99FF632500689A221 229584 ----a-w- C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileCoAuth.exe
2017-06-19 19:57:27 C4C52196501F0CA232198ADEF5389199 2439680 ----a-w- C:\Users\jwm4.LOCAL\Desktop\FRST64.exe
2017-06-19 19:57:27 7E5F4C6A0D64D88973C33064954011DE 2439680 ----a-w- C:\Users\jwm4.LOCAL\Desktop\FRST-OlderVersion\FRST64.exe
2017-06-19 16:09:34 99989D102D1FA4EB6ACB5736134850D2 174152 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe
2017-06-19 16:09:33 9B8FD3A3DC5A8F9EBA0696E9F25162B3 49992 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbxsvc.exe
2017-06-19 16:09:33 55DBA1FAA2CF5051F96B434622991001 42824 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbxsvc.exe
2017-06-19 16:09:33 31BC4CD7E6E36792453DCA3325CED050 3486520 ----a-w- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
2017-06-19 16:08:47 89B47C32724E2E6DFF8AABFFE456C600 79276696 ----a-w- C:\Program Files (x86)\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\29.3.19\DropboxClient_29.3.19.exe
2017-06-17 02:36:53 BB1E6DF64B83D7E8FB3F36B1741CED2A 60198210 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Ann & Jim\Wedding\Tom Smith CD\James & Ann McClintock.exe
2017-06-16 17:33:08 9B8FD3A3DC5A8F9EBA0696E9F25162B3 49992 ----a-w- C:\Windows\System32\DbxSvc.exe
2017-06-16 11:58:38 261614566744E1548E500353B90EE5D9 114368 ----a-w- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
=== C: other files ==
2017-06-19 16:09:39 266EFF5F03CC068950BE6A94B37E8C72 25780966 ----a-w- C:\Program Files (x86)\Dropbox\Client\python-packages.zip
2017-06-19 16:09:33 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-stable.sys
2017-06-19 16:09:33 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-dev.sys
2017-06-19 16:09:33 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-canary.sys
2017-06-19 16:09:33 0A9383A95D3FE631650567C9DFC17E03 35408 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-stable.sys
2017-06-19 16:09:33 0A9383A95D3FE631650567C9DFC17E03 35408 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-dev.sys
2017-06-19 16:09:33 0A9383A95D3FE631650567C9DFC17E03 35408 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-canary.sys
2017-06-17 03:47:42 CC581AFC8798F1F2CBFC779399D60333 191296228 ----a-w- C:\Dropbox\Images\Screenclips\My Scans\MetLifeBeneChange0001.zip
2017-06-17 02:57:34 F44A3CDED102D5D26B201A27302D5F6C 721672 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012756.d20050101-u050000.JPG.s727029.zip
2017-06-17 02:57:34 AD7C218C461EEC148AC7331DCBFC273E 732324 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012748.d20050101-u050000.JPG.s739321.zip
2017-06-17 02:57:34 A735933D852C5587516ABE537A0C2CD5 712469 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012751.d20050101-u050000.JPG.s721230.zip
2017-06-17 02:57:34 A70D4DB9F0A201892B1470EC9328C45A 687608 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012750.d20050101-u050000.JPG.s696419.zip
2017-06-17 02:57:34 7D517A2FCCDC0429839268FCFA2EA313 718290 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012755.d20050101-u050000.JPG.s725283.zip
2017-06-17 02:57:34 76E914EDD9DA95344428E73FB6B06E43 676188 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012749.d20050101-u050000.JPG.s684638.zip
2017-06-17 02:57:34 6F1FD8DE098C585E531F3167DDADEAF6 1379164 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012754.d20050101-u050000.MOV.s1539574.zip
2017-06-17 02:57:34 678D6E079DC83EB738485FFA12EC2C94 2132733 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012725.d20050101-u050000.MOV.s2372978.zip
2017-06-17 02:57:33 C93EFC7333E6EFC28D8515E7ADD8162E 726041 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012744.d20050101-u050000.JPG.s735095.zip
2017-06-17 02:57:33 92A1F5239DD91C4EACA0C01F23B0CB76 709471 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012742.d20050101-u050000.JPG.s719955.zip
2017-06-17 02:57:33 711845845454CBA83752CEAB694DEC1F 641567 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012747.d20050101-u050000.JPG.s649924.zip
2017-06-17 02:57:33 48B9C5E9EB1B961B521346ABBFE49F04 679304 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012746.d20050101-u050000.JPG.s687349.zip
2017-06-17 02:57:33 43B5D4285171B20A24E78050F18AA4BE 745913 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012743.d20050101-u050000.JPG.s754482.zip
2017-06-17 02:57:33 37246D37A181493635265D4CE55F9EC1 655884 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012745.d20050101-u050000.JPG.s667013.zip
2017-06-17 02:57:28 1B4F15C649C71495A37CC7B75599D712 9792 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\Thumbs.d20130522-u041835.db.s12288.zip
2017-06-17 02:55:25 CAB571A22DF1279BB6BD7110784BD42B 743623 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012732.d20050101-u050000.JPG.s750198.zip
2017-06-17 02:55:25 AE24FE1F3B048BE71235781A8B914CCC 793375 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012736.d20050101-u050000.JPG.s800773.zip
2017-06-17 02:55:25 7B16887DD304B8C4EAF634BDE2030EED 743234 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012738.d20050101-u050000.JPG.s750659.zip
2017-06-17 02:55:25 5C3D93973D99C67005AC290545B080CC 745056 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012737.d20050101-u050000.JPG.s752639.zip
2017-06-17 02:55:25 484C4217CBAB2104D74DC1E540D5B459 744503 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012733.d20050101-u050000.JPG.s753555.zip
2017-06-17 02:55:25 257CAD8F7F01FECAFEC8003EC7E168D0 742272 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012735.d20050101-u050000.JPG.s749444.zip
2017-06-17 02:55:25 0D2472A73DBB05DBACB919F36B0ACEFF 732637 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012740.d20050101-u050000.JPG.s740569.zip
2017-06-17 02:55:25 093D78A0E0DDAD16D240CD088EC286F3 758310 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012734.d20050101-u050000.JPG.s767126.zip
2017-06-17 02:55:24 D81604F93708433D72585FFA2F10FA78 742364 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012729.d20050101-u050000.JPG.s747639.zip
2017-06-17 02:55:24 BAE2F97A932840BC4D92F4FF52DC2071 714672 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012731.d20050101-u050000.JPG.s721016.zip
2017-06-17 02:55:24 936990DCA22BBCB85CE5ED039F1215EC 721140 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012724.d20050101-u050000.JPG.s749751.zip
2017-06-17 02:55:24 5739B73327BD3B9BCE8893F8A28883AE 740310 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012730.d20050101-u050000.JPG.s745462.zip
2017-06-17 02:55:24 3EAA59795416AFE42DE69B5775F38DEC 741840 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012728.d20050101-u050000.JPG.s747564.zip
2017-06-17 02:55:16 F32E971250E91ED157F915704F0652F5 651281 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012739.d20050101-u050000.JPG.s659722.zip
2017-06-17 02:55:16 EEC658D1C47341F819C03AFB53E49D6F 701432 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012741.d20050101-u050000.JPG.s713509.zip
2017-06-17 02:55:16 77628DF567192D0C50D7E6582D058140 687668 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012726.d20050101-u050000.JPG.s697773.zip
2017-06-17 02:55:16 4B54ACD362764BBD35C9D4C23F0E4A10 636438 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Dogs\2012 - Summer\P1012727.d20050101-u050000.JPG.s645549.zip
2017-06-17 02:36:02 78116EABF92183E21C13D5BF72C07337 4820197 ----a-w- C:\Dropbox\Images\Photos\Family & Friends\Ann & Jim\Jim\Advanced Photo\Initial photos\Desktop.zip
2017-06-16 17:33:08 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\Windows\System32\drivers\dbx-stable.sys
2017-06-16 17:33:08 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\Windows\System32\drivers\dbx-dev.sys
2017-06-16 17:33:08 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\Windows\System32\drivers\dbx-canary.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-2050356926-2570848730-1589625832-1106\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Pushbullet"="C:\Program Files (x86)\Pushbullet\pushbullet.exe -show false"
"Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BingDesktop"="C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey"
"Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true"
"atom"="C:\ProgramData\SquirrelMachineInstalls\atom.exe --checkInstall"
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
"Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Pushbullet"="C:\Program Files (x86)\Pushbullet\pushbullet.exe -show false"
"Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"RtHDVBg_MA3Firmware"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /VIENNAMA3"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SecurityHealth"="%ProgramFiles%\Windows Defender\MSASCuiL.exe"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [04/09/2017 06:29 PM]
C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [04/09/2017 06:29 PM]
C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-471456211-1128354712-3898517561-1001.job --a-------- C:\Users\jwm4\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe [12/05/2016 01:02 PM]
C:\WINDOWS\tasks\G2MUploadTask-S-1-5-21-471456211-1128354712-3898517561-1001.job --a-------- C:\Users\jwm4\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe [12/05/2016 01:02 PM]
C:\WINDOWS\tasks\Macrium-Backup-{1D39F467-290C-44F6-AFBC-FF612CCC61AC}.job --a-------- C:\Program Files\Macrium\Reflect\reflect.exe [06/07/2017 09:26 AM]
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 1eca1489-d8dc-47cb-9b69-1f7079ae57be.job --a-------- C:\Program Files\SUPERAntiSpyware\SASTask.exe [11/07/2013 04:08 PM]
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 3b88d034-aced-4806-85fe-c9b66d7437cb.job --a-------- [Undetermined Task]
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d31ca9b6-e88e-4b38-b514-66dcdc2daa58.job --a-------- C:\Program Files\SUPERAntiSpyware\SASTask.exe [11/07/2013 04:08 PM]
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dccc58fd-18f3-45e3-a58a-43ab56de83b2.job --a-------- C:\Program Files\SUPERAntiSpyware\SASTask.exe [11/07/2013 04:08 PM]
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task f556320e-6c0a-446d-a322-2dfa48b8ead3.job --a-------- C:\Program Files\SUPERAntiSpyware\SASTask.exe [11/07/2013 04:08 PM]
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [02/16/2017 02:07 AM]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\AdobeAAMUpdater-1.0-NGT-jwm4" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\WINDOWS\SysNative\tasks\CreateExplorerShellUnelevatedTask" [C:\WINDOWS\explorer.exe]
"C:\WINDOWS\SysNative\tasks\Dell SupportAssistAgent AutoUpdate" [C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe]
"C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe]
"C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe]
"C:\WINDOWS\SysNative\tasks\G2MUpdateTask-S-1-5-21-471456211-1128354712-3898517561-1001" [C:\Users\jwm4\AppData\Local\Citrix\GoToMeeting\4431\g2mupdate.exe]
"C:\WINDOWS\SysNative\tasks\G2MUploadTask-S-1-5-21-471456211-1128354712-3898517561-1001" [C:\Users\jwm4\AppData\Local\Citrix\GoToMeeting\4431\g2mupload.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Macrium-Backup-{1D39F467-290C-44F6-AFBC-FF612CCC61AC}" [C:\Program Files\Macrium\Reflect\reflect.exe]
"C:\WINDOWS\SysNative\tasks\Macrium-Backup-{DADDA4FC-A4D6-4AEF-BCA6-A41C7190A477}" [C:\Program Files\Macrium\Reflect\reflect.exe]
"C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task" [C:\Users\jwm4\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe]
"C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task v2" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe]
"C:\WINDOWS\SysNative\tasks\PCDDataUploadTask" ["uaclauncher.exe"]
"C:\WINDOWS\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\Dell\SupportAssist\sessionchecker.exe"]
"C:\WINDOWS\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\Dell\SupportAssist\uaclauncher.exe"]
"C:\WINDOWS\SysNative\tasks\SUPERAntiSpyware Scheduled Task 1eca1489-d8dc-47cb-9b69-1f7079ae57be" [C:\Program Files\SUPERAntiSpyware\SASTask.exe]
"C:\WINDOWS\SysNative\tasks\SUPERAntiSpyware Scheduled Task 3b88d034-aced-4806-85fe-c9b66d7437cb" [C:\Program Files\SUPERAntiSpyware\SASTask.exe]
"C:\WINDOWS\SysNative\tasks\SUPERAntiSpyware Scheduled Task 60c1b5b1-2b20-4444-ad04-556611266d4c" [C:\Program Files\SUPERAntiSpyware\SASTask.exe]
"C:\WINDOWS\SysNative\tasks\SUPERAntiSpyware Scheduled Task d31ca9b6-e88e-4b38-b514-66dcdc2daa58" [C:\Program Files\SUPERAntiSpyware\SASTask.exe]
"C:\WINDOWS\SysNative\tasks\SUPERAntiSpyware Scheduled Task dccc58fd-18f3-45e3-a58a-43ab56de83b2" [C:\Program Files\SUPERAntiSpyware\SASTask.exe]
"C:\WINDOWS\SysNative\tasks\SUPERAntiSpyware Scheduled Task f556320e-6c0a-446d-a322-2dfa48b8ead3" [C:\Program Files\SUPERAntiSpyware\SASTask.exe]
"C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\WINDOWS\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{984B9A72-2F7B-46C5-B5CE-93F9E0C1B0AA}" [C:\WINDOWS\system32\msfeedssync.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension.15@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn" [04/12/2017 07:22 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\jwm4\AppData\Roaming\Mozilla\Firefox\Profiles\32ix0cf1.default
- Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
- EverSync - Sync bookmarks backup your favorites. - %ProfilePath%\extensions\fvdmedia@gmail.com
- MinimizeToTray revived MinTrayR - %ProfilePath%\extensions\mintrayr@tn123.ath.cx
- Regn Alarm tillegg - %ProfilePath%\extensions\rain-alarm@mdiener.de
- TableTools2 em:version1.17.1-signed em:creatorMingyi Liu em:descriptionSort search filter chart summarize copy rearrange combine and compare HTML tables em:homepageURLhttp:www.mingyi.org em:iconURLchrome:tabletools2skinttool_small.png em:optionsURLchrome:tabletools2contenttabletoolsOptions.xul em:aboutURLchrome:tabletools2contentabout.xul em:contributorTT2 Charting function uses the canvasXpress package by Isaac Neuhaus - %ProfilePath%\extensions\tabletools2@mingyi.org
- TooManyTabs - %ProfilePath%\extensions\TooManyTabs@visibotech.com
- Zotero Word for Windows Integration - %ProfilePath%\extensions\zoteroWinWordIntegration@zotero.org
- Forecastfox - %ProfilePath%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
- FireShot - %ProfilePath%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
- Autocopy - %ProfilePath%\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
- IE Tab 2 FF 3.6 - %ProfilePath%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
- ColorZilla - %ProfilePath%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
- Nightly Tester Tools - %ProfilePath%\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
- ViewSourceWith - %ProfilePath%\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
- Add Bookmark Here - %ProfilePath%\extensions\abhere2@moztw.org.xpi
- about:addons-memory - %ProfilePath%\extensions\about-addons-memory@tn123.org.xpi
- Roomy Bookmarks Toolbar - %ProfilePath%\extensions\ALone-live@ya.ru.xpi
- AutoCopy 2 - %ProfilePath%\extensions\autocopy2@teo.pl.xpi
- Undetermined - %ProfilePath%\extensions\cam@sdrocking.com.xpi
- checkCompatibility em:type2 em:homepageURLhttps:addons.mozilla.orgfirefoxaddoncheckcompatibility em:version1.3.1-signed em:descriptionReinstates the extensions.checkCompatibility preference. em:creatorKris Maglione em:bootstraptrue - %ProfilePath%\extensions\check-compatibility@dactyl.googlecode.com.xpi
- Undetermined - %ProfilePath%\extensions\cookieexporter@krk.xpi
- Cookie Importer - %ProfilePath%\extensions\cookieimporter@krk.xpi
- CookieKeeper - %ProfilePath%\extensions\cookiekeeper@cookiekeeper.mozdev.org.xpi
- Copy Plain Text 2 - %ProfilePath%\extensions\copyplaintext@teo.pl.xpi
- CSS Usage - %ProfilePath%\extensions\csscoverage@spaghetticoder.org.xpi
- Customizations for Adblock Plus - %ProfilePath%\extensions\customization@adblockplus.org.xpi
- Exif Viewer em:version2.00.1-signed em:type2 em:descriptionExtracts and displays the Exif Exchangeable Image File IPTC-NAAIIM International Press Telecommunications Council Newspaper Association of America Information Interchange Model and IPTC Core Adobe XMP Extensible Metadata Platform metadata as stored by digital still cameras in both local and remote JPEG images. em:creatorAlan Raskin asraskin@gmail.com em:homepageURLhttp:araskin.webs.comexifexif.html - %ProfilePath%\extensions\exif_viewer@mozilla.doslash.org.xpi
- feedly - %ProfilePath%\extensions\feedly@devhd.xpi
- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi
- FireDiff - %ProfilePath%\extensions\firediff@johnjbarton.com.xpi
- Firepicker - %ProfilePath%\extensions\firepicker@thedarkone.xpi
- FireQuery - %ProfilePath%\extensions\firequery@binaryage.com.xpi
- FireRainbow - %ProfilePath%\extensions\firerainbow@hildebrand.cz.xpi
- Imgur Uploader - %ProfilePath%\extensions\giorgio@gilestro.tk.xpi
- Hide Find Bar em:version1.3.1.1-signed em:creatorJared McAteer em:descriptionHide the Find Bar after a certain interval of inactivity has elapsed. em:homepageURLhttp:hidefindbar.jaredmcateer.com em:optionsURLchrome:hidefindbarcontentoptions.xul - %ProfilePath%\extensions\hidefindbar@jaredmcateer.com.xpi
- HTML5 Notifications - %ProfilePath%\extensions\html5notifications@paxal.net.xpi
- cssUpdater - %ProfilePath%\extensions\info@cssUpdater.com.xpi
- Undetermined - %ProfilePath%\extensions\jid0-3QEpG5ls0asBzmaAcQiXOQdz7s8@jetpack.xpi
- Free Visio Viewer Mac Windows Linux - %ProfilePath%\extensions\jid0-3uZ3BaNBn8N0eej5ThAAoBGd4SA@jetpack.xpi
- Self-Destructing Cookies - %ProfilePath%\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
- Awesome screenshot: Capture and Annotate - %ProfilePath%\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
- Pushbullet - %ProfilePath%\extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi
- Reddit Enhancement Suite - %ProfilePath%\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
- Add to feedly - %ProfilePath%\extensions\jid1-YZsgHbPHarNxRg@jetpack.xpi
- DuckDuckGo Plus - %ProfilePath%\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
- Multiple Tab Handler - %ProfilePath%\extensions\multipletab@piro.sakura.ne.jp.xpi
- NoSquint - %ProfilePath%\extensions\nosquint@urandom.ca.xpi
- Omnibar - %ProfilePath%\extensions\omnibar@ajitk.com.xpi
- Pencil - %ProfilePath%\extensions\pencil@evolus.vn.xpi
- Rehost Image - %ProfilePath%\extensions\rehostimage@engy.us.xpi
- Undetermined - %ProfilePath%\extensions\restartless.restart@erikvold.com.xpi
- Menu Wizard - %ProfilePath%\extensions\s3menu@wizard.xpi
- Fox To Phone - %ProfilePath%\extensions\sendtophone@martinezdelizarrondo.com.xpi
- Undetermined - %ProfilePath%\extensions\skip_compatibility_check@sdrocking.com.xpi
- SQLite Manager - %ProfilePath%\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
- Status-4-Evar - %ProfilePath%\extensions\status4evar@caligonstudios.com.xpi
- The Addon Bar restored - %ProfilePath%\extensions\the-addon-bar@GeekInTraining-GiT.xpi
- Thumbnail Zoom Plus - %ProfilePath%\extensions\thumbnailZoom@dadler.github.com.xpi
- TinEye Reverse Image Search - %ProfilePath%\extensions\tineye@ideeinc.com.xpi
- Troubleshooter - %ProfilePath%\extensions\troubleshooter@mozilla.org.xpi
- PDF Viewer - %ProfilePath%\extensions\uriloader@pdf.js.xpi
- ViewAbout - %ProfilePath%\extensions\viewabout@rumblingedge.com.xpi
- Wappalyzer - %ProfilePath%\extensions\wappalyzer@crunchlabz.com.xpi
- Zotero - %ProfilePath%\extensions\zotero@chnm.gmu.edu.xpi
- CSSsir - %ProfilePath%\extensions\{0103572f-d20f-4039-9eaa-ded7c4a97124}.xpi
- Toolbar Buttons - %ProfilePath%\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
- Trnh Qun L Phin - %ProfilePath%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
- Config Descriptions - %ProfilePath%\extensions\{1823e248-6bf4-f6f1-7901-65a68e8b6c1e}.xpi
- Image Zoom - %ProfilePath%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
- Undetermined - %ProfilePath%\extensions\{1feca320-6b4d-11df-a08a-0800200c9a66}.xpi
- Table Filter - %ProfilePath%\extensions\{2E18002D-DF43-4c65-ABCD-40D02F066D9E}.xpi
- Organize Status Bar - %ProfilePath%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}.xpi
- Undetermined - %ProfilePath%\extensions\{3669edc0-b1ad-11d8-92e7-00d09e0179f2}.xpi
- PDF Download - %ProfilePath%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
- HttpFox - %ProfilePath%\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi
- Text Link - %ProfilePath%\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
- Textarea Cache - %ProfilePath%\extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f}.xpi
- Save Image in Folder - %ProfilePath%\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi
- View Source Chart - %ProfilePath%\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}.xpi
- MeasureIt - %ProfilePath%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
- YouTube High Definition - %ProfilePath%\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
- ReloadEvery - %ProfilePath%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
- Showcase - %ProfilePath%\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}.xpi
- Table2Clipboard - %ProfilePath%\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}.xpi
- Browser View Plus PlayLink - %ProfilePath%\extensions\{9bae89f4-fe30-4710-bbed-256c9d6af2c3}.xpi
- Cookie Controller - %ProfilePath%\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi
- Undetermined - %ProfilePath%\extensions\{b6f3913d-d2e8-480c-9aca-c41d3d4c1db3}.xpi
- Modify Headers - %ProfilePath%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
- Download YouTube Videos as MP4 - %ProfilePath%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
- Web Developer - %ProfilePath%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
- RightToClick em:version2.9.6 em:type2 em:descriptionAllows right clicks highlighting and more where forbidden by javascript em:creatorIkrg em:contributor em:optionsURLchrome:rtccontentrtcOptions.xul em:homepageURLhttps:addons.mozilla.orgen-USfirefoxaddonrighttoclick em:iconURLchrome:rtcskinrtclogo.png - %ProfilePath%\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
- Undetermined - %ProfilePath%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi
- Server Switcher - %ProfilePath%\extensions\{F7D360DC-B8F8-11DA-86BD-3EC8728786A0}.xpi
- ppna lnk i... - %ProfilePath%\extensions\{ff81e780-5cc0-11d9-9669-0800200c9a66}.xpi

==== Firefox Plugins ======================

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]

Google Slides - ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Adobe Acrobat - ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
Google Sheets - ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
LastPass - ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Chrome Web Store Payments - ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Magic Actions for YouTube - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif
Text URL Linker - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegfbpchoheaflicfmggkmlmcccpjpgd
ChromeAccess - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeoigbhkilbllfomkmmilbfochhlgdmh
SEOquake - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc
Google Docs - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
WUTemp extension - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\baahcllkjamainfhhdimbnipdlaeappd
Open with Microsoft Office Online Viewer - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcknfcclbcpdeopdopomkdbjmldgdeld
Adguard AdBlocker - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg
ColorZilla - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp
MEGA - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod
YouTube - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
History 2 - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp
Pushbullet - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd
Clear Cache - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn
Search by Image by Google - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
Last Tab Standing - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopnnfglheodcopccdllffcijjeenkj
Add to Wunderlist - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnddeddcgdllibmaodanoonljfdmooc
Session Buddy - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko
Adobe Acrobat - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
Tabs Outliner - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl
Copytables - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdpkppgmlalfkphpibadldikjimijon
Photo Zoom for Facebook - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi
Photo Zoom for Twitter - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc
Recent History - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmkfdfomhhlonpbnpiibloacemdhjjm
Search in background tab - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikfhablannhlgejpiklhbkonjkakodf
Feedly Subscribe Button - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbbnddjfcllebfcnihfgmdplgaiejepc
Vanilla - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj
Wappalyzer - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg
Open SEO Stats - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn
SearchPreview - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo
4.1.55 - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
database.ldjson - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlhjgianpocpoppaiihmlpgcoehlhio
Video Bookmarks - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpgpmmooejhfhojndincjeonokodggj
META SEO inspector - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibkclpciafdglkjkcibmohobjkcfkaef
Tables Available to Select - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebpjdmgckacbodjpijphcplhebcmeop
bookmarks - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog
Quick Tabs - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnjfeinjfmenlddahdjdmgpbokiacbbb
Reddit Enhancement Suite - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb
Zoom - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd
mobile browser emulator - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbofcampnkjmiomohpbaihdcbjhbfepf
Image Backtrace - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\llegpclcdlmjgegelelbbddjcpbhdfbm
Extensions Manager (aka Switcher) - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc
Flashcontrol - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe
Copy as plain text - amaz.ing - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkkcgjeddgdnikkeoinjgbocghokolck
Cellect - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcoeiihmfepcagkdeoodgnegkddcpop
feedly Mini - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja
Save to Pocket - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Chrome Web Store Payments - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
It appears you are not connected to the internet. Your tags will be read only until you are connected. - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb
ColorPick Eyedropper - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg
Black and White - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\onpphpnfgidbadcijndjfiecbbjdecop
Sorry a notebook with this name already exists. - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc
Gmail - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
RightToCopy - jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmcimdddlobkphnofejmeidjblideca

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O4 - HKLM\..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [atom] C:\ProgramData\SquirrelMachineInstalls\atom.exe --checkInstall
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Pushbullet] "C:\Program Files (x86)\Pushbullet\pushbullet.exe" -show false
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - (no file)
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - (no file)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local.newgroundtech.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local.newgroundtech.com
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @oem70.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\WINDOWS\SysWOW64\esif_uf.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GlassWire Control Service (GlassWire) - SecureMix LLC - C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @oem166.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
O23 - Service: Intel® Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Logitech Solar Keyboard Service (L4301_Solar) - Logitech, Inc. - C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Macrium Service (MacriumService) - Paramount Software UK Ltd - C:\Program Files\Macrium\Common\MacriumService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Multiplicity Service (Multiplicity) - Stardock Software, Inc - C:\Program Files (x86)\EdgeRunner\Multiplicity\MultiSrv.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - CyberLink - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Stardock Start10 (Start10) - Stardock Software, Inc - C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vmcompute.exe,-100 (vmcompute) - Unknown owner - C:\WINDOWS\system32\vmcompute.exe (file missing)
O23 - Service: @%systemroot%\system32\vmms.exe,-10 (vmms) - Unknown owner - C:\WINDOWS\system32\vmms.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jwm4\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\jwm4\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\jwm4\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\jwm4\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\Windows\INetCache\IE\WPF6358.tmp will be deleted at reboot
C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\Windows\INetCache\IE\WPF63B7.tmp will be deleted at reboot
C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\Windows\INetCache\IE\WPF63B8.tmp will be deleted at reboot
C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\Windows\INetCache\IE\WPF63D8.tmp will be deleted at reboot
C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\Windows\INetCache\IE\WPF63D9.tmp will be deleted at reboot
C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\Windows\INetCache\IE\WPF63EA.tmp will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=724 folders=913 1776890792 bytes)

==== Empty Temp Folders ======================

C:\Users\jwm4\AppData\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\JWM4~1.LOC\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\Windows\INetCache\IE\WPF6358.tmp" not found
"C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\Windows\INetCache\IE\WPF63B7.tmp" not found
"C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\Windows\INetCache\IE\WPF63B8.tmp" not found
"C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\Windows\INetCache\IE\WPF63D8.tmp" not found
"C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\Windows\INetCache\IE\WPF63D9.tmp" not found
"C:\Users\jwm4.LOCAL\AppData\Local\Microsoft\Windows\INetCache\IE\WPF63EA.tmp" not found
"C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted
"C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted
"C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted
"C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted
"C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted

==== EOF on Thu 06/22/2017 at  1:01:26.58 ======================


Edited by jwm4, 22 June 2017 - 02:52 AM.


#5 jwm4

jwm4
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 AM

Posted 22 June 2017 - 02:56 AM

RogueKiller V12.11.3.0 (x64) [Jun 19 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : jwm4 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 06/22/2017 01:34:12 (Duration : 00:29:39)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

¤¤¤ Tasks : 3 ¤¤¤
[Suspicious.Path] \G2MUpdateTask-S-1-5-21-471456211-1128354712-3898517561-1001 -- C:\Users\jwm4\AppData\Local\Citrix\GoToMeeting\4431\g2mupdate.exe -> Found
[Suspicious.Path] \G2MUploadTask-S-1-5-21-471456211-1128354712-3898517561-1001 -- C:\Users\jwm4\AppData\Local\Citrix\GoToMeeting\4431\g2mupload.exe -> Found
[Suspicious.Path] \OneDrive Standalone Update Task -- C:\Users\jwm4\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Zoom [lajondecmobodlejlcjllhojikagldgd] -> Found
[PUM.HomePage][Chrome:Config] Default : homepage [http://mybrowserpage.com/] -> Found
[PUM.HomePage][Chrome:Config] Default : session.startup_urls [https://www.startpage.com/] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SSD SM841 mSATA 512GB +++++
--- User ---
[MBR] e9eb9c397e76e9c3942a43ec468fde1b
[BSP] 9e26c1022daa5ff2c385ed9b63b4e443 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 487090 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 998588416 | Size: 792 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Dell USB Portable HDD SCSI Disk Device +++++
--- User ---
[MBR] 7e3c450711309c46647d6f8ee82eb248
[BSP] 8ac843cd5282489942dc3c4bbeb38da2 : Empty|VT.Unknown MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 953740 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )



#6 jwm4

jwm4
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 AM

Posted 22 June 2017 - 02:58 AM

Had to use bottom "reply" window. One at top would not work (save changes failed multiple times). 

 

Malware still operative. In fact, clicking on bleepingcomputer.com forum pages triggers it in Chrome. Haven't seen it ever in IE or Edge, but I don't use IE at all, and Edge very infrequently. I use Vivaldi (chromium based) on the other PC a good bit and have never experienced the malware in it either. Only Chrome.


Edited by jwm4, 22 June 2017 - 03:00 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 33,546 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 AM

Posted 22 June 2017 - 10:33 AM

Hi Jim,

Thanks for the detailed description.

Yes, we are only working on one computer.

Did you set these homepages? 

[PUM.HomePage][Chrome:Config] Default : homepage [http://mybrowserpage.com/] -> Found
[PUM.HomePage][Chrome:Config] Default : session.startup_urls [https://www.startpage.com/] -> Found


Please do this.

===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --disable-extensions and press Enter
  • Check the browser behavior
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Homepages?
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#8 jwm4

jwm4
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 AM

Posted 22 June 2017 - 10:54 AM

No, I did not set those homepages. Chrome homepage was set to NewTab with no home page. I recently (week or two ago) confirmed that, so this is a very recent malware induced change. 
 
 
No presenting adware/malware after loading Chrome with no extensions, but that doesn't mean it's gone. Have previously eliminated it temporarily using Adwcleaner and via Chrome reset, only to have it return within a few hours or days. 

Edited by jwm4, 22 June 2017 - 11:06 AM.


#9 jwm4

jwm4
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 AM

Posted 22 June 2017 - 11:05 AM

As I believe I mentioned in initial post, I've previously reset Chrome on both PC's, deleted all Chrome folders (C:\Program Files (x86)\Google\Chrome, C:\Users\myuseraccount\AppData\Local\Google\Chrome, C:\Users\myuseraccount\AppData\Roaming\Google\Chrome), restarted PC's, confirmed no Chrome folders\data remains, reinstalled Chrome, manually reinstalled desire extensions. Would that not eliminate do the same as disabling extensions, or do you think one of the extensions I have been using is the culprit?

 

Interestingly, I've installed most of those extensions in the Vivaldi browser, but never experience the adware in it.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 33,546 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 AM

Posted 22 June 2017 - 11:18 AM

Hi Jim,
 

or do you think one of the extensions I have been using is the culprit?

This is what I suspect.

Let's start with this.

===================================================

RogueKiller Selecting Deletions

--------------------
  • Close any open programs
  • Please disconnect any USB or external drives from the computer before you run the scan
  • Right click on the RogueKiller icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click Scan
  • When the Status box shows Scan Finished place a check mark in the following and select Delete

[PUP.Gen0][Chrome:Addon] Default : Zoom [lajondecmobodlejlcjllhojikagldgd] -> Found
[PUM.HomePage][Chrome:Config] Default : homepage [http://mybrowserpage.com/] -> Found
[PUM.HomePage][Chrome:Config] Default : session.startup_urls [https://www.startpage.com/] -> Found

  • Click Report
  • Copy and paste the contents of the report in your reply
  • Launch Chrome normally and check the behavior
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • Chrome?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#11 jwm4

jwm4
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 AM

Posted 22 June 2017 - 02:58 PM

RogueKiller V12.11.3.0 (x64) [Jun 19 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : jwm4 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/22/2017 12:42:00 (Duration : 00:29:02)
Switches : -refid
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2050356926-2570848730-1589625832-1106\Software\Microsoft\Internet Explorer\Main | Start Page : about:NewsFeed  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2050356926-2570848730-1589625832-1106\Software\Microsoft\Internet Explorer\Main | Start Page : about:NewsFeed  -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
 
¤¤¤ Tasks : 3 ¤¤¤
[Suspicious.Path] \G2MUpdateTask-S-1-5-21-471456211-1128354712-3898517561-1001 -- C:\Users\jwm4\AppData\Local\Citrix\GoToMeeting\4431\g2mupdate.exe -> Not selected
[Suspicious.Path] \G2MUploadTask-S-1-5-21-471456211-1128354712-3898517561-1001 -- C:\Users\jwm4\AppData\Local\Citrix\GoToMeeting\4431\g2mupload.exe -> Not selected
[Suspicious.Path] \OneDrive Standalone Update Task -- C:\Users\jwm4\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe -> Not selected
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Zoom [lajondecmobodlejlcjllhojikagldgd] -> Deleted
[PUM.HomePage][Chrome:Config] Default : session.startup_urls [https://www.startpage.com/] -> ERROR [0]
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SSD SM841 mSATA 512GB +++++
--- User ---
[MBR] e9eb9c397e76e9c3942a43ec468fde1b
[BSP] 9e26c1022daa5ff2c385ed9b63b4e443 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 487090 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 998588416 | Size: 792 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Dell USB Portable HDD SCSI Disk Device +++++
--- User ---
[MBR] 7e3c450711309c46647d6f8ee82eb248
[BSP] 8ac843cd5282489942dc3c4bbeb38da2 : Empty MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 953740 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
Opened Chrome and got an error msg stating that profile is corrupted. Started to log back into my Google Apps based Google domain email acct and it occurred to me that if I, those PUM/PUP's are going to be downloaded again to this PC. How do I get those settings out of the "master" profile? Eliminate them from each PC that I use using Rogue Killer? In addition to these two primary PC's, there are a couple of others (wifes's and an old Windows 8.1 machine that I can't upgrade and only use infrequentlybleefore) that I occasionally use, with the same Google Apps domain email acct being the default profile for Chrome on each.
 
Seems like the lesson from this is that Google sync'd profile accounts are somewhat of a "safe haven" for malware to reside. If removed from the machine, it comes right back as soon as the profile is resync'd. So clearing/cleaning the profile is essential, yet I'm not sure its really possible to completely clean it. There are other PC's at family member's homes where i might have logged into my Google account using a Chrome browser to make all my  time saving Chrome customizations available if doing work while staying at their homes. So, any Chrome user with an infected Google Apps profile would have to be very careful to clean any machine before logging into and resyncing that profile??? 

Edited by jwm4, 22 June 2017 - 03:14 PM.


#12 jwm4

jwm4
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 AM

Posted 22 June 2017 - 03:18 PM

Chrome working ok with no user profile on cleaned machine. On other machine that we haven't cleaned, I've logged out of that sync'd profile.  Using Chrome with no profile on "dirty" machine, it seems to work ok. 

 

It now makes sense why the Vivaldi chromium-based browser never had adware/malware - not sync'd to Google Apps account profile!



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 33,546 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 AM

Posted 22 June 2017 - 03:38 PM

Greetings Jim.

When you say working with no user profile are you referring to disabling the sync feature? You still have your extensions and bookmarks, etc. even though you disabled the sync feature, correct?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#14 jwm4

jwm4
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:48 AM

Posted 22 June 2017 - 03:56 PM

I guess there's the option to log into the local Chrome profile and not sync it, but that eliminates a lot of the benefits of common extensions, settings, and history. Until this year, I kept a sync'd short whitelist of cookies for regularly visited sites, but adware and loss of privacy have convinced me that's a security risk/privacy invasion not worth taking. This PUM/PUP has to be stored in that sync'd Google App profile as well as the local profiles, don't you think? 


Edited by jwm4, 22 June 2017 - 03:59 PM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 33,546 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:48 AM

Posted 22 June 2017 - 04:39 PM

Thanks for your patience while I tested some things.

I don't routinely use Chrome but only launch it for testing purposes. Generally speaking here is how I approach a potential extension issue compounded by the sync function that reintroduces either a malicious or corrupt extension. I quickly played with Chrome to see if this seems to work, which it does.

On your current computer:

  • Disable the sync within the browser
  • Go to Google Dashboard, signing in with the user profile having issues
  • Click Reset Sync which should clear out all synced data on the Google Server
  • Address whatever issues there may be in the un-synced browser, i.e. get to where the browser functions appropriately
  • From within the Chrome browser Settings page Sign into Chrome with the same user profile
  • The browser should sync to the Google Server with a clean copy of information

-----

Now regarding the profiles on other computers, these are my thoughts:

  • I would log in while disconnected from the Internet
  • Launch Chrome
  • Go to the Settings screen and Disconnect your Google Account, additionally clearing all Data
  • Go to the Extensions page and delete all Extensions
  • Close Chrome browser
  • Using Windows Explorer navigate to C:\Users\jwm4\AppData\Local\Google\Chrome\User Data\Default\Extensions and remove any remaining Extensions
  • Connect to the Internet
  • Launch Chrome
  • On the Setting page click Sign in to Chrome
  • Once you are signed in click OK, GOT IT to sync the fresh data

Let me know your thoughts or the results.


Edited by Oh My!, 22 June 2017 - 04:43 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users