Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adware-driven browser redirection to various PC fix sites (PC2)


  • This topic is locked This topic is locked
2 replies to this topic

#1 jwm4

jwm4

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 26 June 2017 - 11:08 AM

This post is for second PC on same network as the one in post title "adware-driven browser redirection to various PC fix sites". Oh My! (Gary) is working with me on these issues.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by jwm4 (administrator) on ALIEN (26-06-2017 12:02:35)
Running from C:\Users\jwm4.LOCAL\Desktop
Loaded Profiles: jwm4 & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER & DefaultAppPool (Available Profiles: jwm4 & jim_000 & jwm4_000 & Administrator & jim & jwm4 & dog & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Platform: Windows 10 Enterprise Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> Secure System
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Stardock Software, Inc) C:\Program Files (x86)\EdgeRunner\Multiplicity\MultiSrv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\Program Files\Everything\Everything.exe
(Actual Tools) C:\Program Files (x86)\Actual Window Manager\LogonScreenService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Corporation) C:\Windows\System32\vmwp.exe
(Stardock Software, Inc) C:\Program Files (x86)\EdgeRunner\Multiplicity\MP2Control.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
(Stardock Software, Inc) C:\Program Files (x86)\EdgeRunner\Multiplicity\Multipl2.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Stardock Software, Inc) C:\Program Files (x86)\EdgeRunner\Multiplicity\MP2Drag.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Program Files\Everything\Everything.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Actual Tools) C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Actual Tools) C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Actual Tools) C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerShellCenter64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Sand Studio) C:\Program Files (x86)\AirDroid\AirDroid.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Spotify Ltd) C:\Users\jwm4.LOCAL\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Dell) C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Dell Inc.) C:\Program Files (x86)\Alienware Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Alienware Update\DellUpTray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Dell) C:\Program Files\Alienware\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(PC-Doctor, Inc.) C:\Program Files\Alienware\SupportAssist\uaclauncher.exe
(PC-Doctor, Inc.) C:\Program Files\Alienware\SupportAssist\uaclauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [MsmqIntCert] => "C:\Windows\System32\regsvr32.exe" /s "C:\Windows\System32\mqrt.dll"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2016-01-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2016-01-07] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1832704 2015-11-24] ()
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [35216 2014-11-03] (Alienware)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-06-16] (Dropbox, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [73448 2017-05-02] (Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [2004200 2017-05-02] (Prosoftnet)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\Run: [Actual Window Manager] => C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe [2124240 2017-03-28] (Actual Tools)
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [10223408 2017-06-19] (Sand Studio)
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2017-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7963552 2017-06-20] (SUPERAntiSpyware)
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\Run: [Spotify Web Helper] => C:\Users\jwm4.LOCAL\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-23] (Spotify Ltd)
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\GlassWire.exe [5788112 2017-02-08] (SecureMix LLC)
HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2017-05-02] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [  0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2017-05-02] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [  0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2017-05-02] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\jwm4.CORP\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\jwm4.CORP\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\jwm4.CORP\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\jwm4.CORP\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\jwm4.CORP\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\jwm4.CORP\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2016-09-29]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-05-10]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-04-15]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2017-04-20]
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-04-15]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2017-04-20]
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\oldjwm4.corp.old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-04-16] ()
Startup: C:\Users\oldjwm4.corp.old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-03-17]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\oldjwm4.corp.old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2017-03-17]
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\oldjwm4.corp.old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Resource Monitor.lnk [2014-02-24]
ShortcutTarget: Resource Monitor.lnk -> C:\Windows\System32\resmon.exe (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.10
Tcpip\..\Interfaces\{28292216-a034-4400-b4a1-6f7be2073a33}: [NameServer] 75.75.75.75
Tcpip\..\Interfaces\{5c872d12-f763-4b25-9f21-578e897066d8}: [DhcpNameServer] 192.168.1.10
Tcpip\..\Interfaces\{6db466d7-2591-4c0a-a45b-d6d66d524bf3}: [NameServer] 192.168.1.5,192.168.1.10
Tcpip\..\Interfaces\{a3316752-c55f-4c76-b849-ae2c1ffeea3f}: [NameServer] 192.168.1.5,192.168.1.10
Tcpip\..\Interfaces\{a3316752-c55f-4c76-b849-ae2c1ffeea3f}: [DhcpNameServer] 192.168.1.5
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\Software\Microsoft\Internet Explorer\Main,Start Page = about://newtab
HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-20] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-05-10] (LastPass)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-20] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-04] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-05-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-05-10] (LastPass)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-06-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-04] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-05-10] (LastPass)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-05-10] (LastPass)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxps://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1447448657982
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
 
Edge: 
======
Edge Extension: (No Name) -> 9nblggh4x0qw_EvernoteEvernoteWebClipper_q4d96b2w5wcc2 => C:\Program Files\WindowsApps\Evernote.EvernoteWebClipper_6.12.1.0_neutral__q4d96b2w5wcc2 [2017-05-23]
Edge Extension: (No Name) -> EdgeExtension_37237honestbleepsRedditEnhancementSuite_jzcrwe0958h6m => C:\Program Files\WindowsApps\37237honestbleeps.RedditEnhancementSuite_5.4.3.0_neutral__jzcrwe0958h6m [not found]
Edge Extension: (No Name) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_1.12.0.0_neutral__c1wakc4j0nefm [not found]
Edge Extension: (Save to Pocket) -> EdgeExtension_PocketSavetoPocket_v63j13wrfzj3t => C:\Program Files\WindowsApps\Pocket.SavetoPocket_2.0.38.0_neutral__v63j13wrfzj3t [2017-04-05]
Edge Extension: (NAME) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.44.0_neutral__qq0fmhteeht3j [not found]
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-09-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-14]
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-05-10] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-04] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-05-10] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-01] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2050356926-2570848730-1589625832-1106: @citrixonline.com/appdetectorplugin -> C:\Users\jwm4.LOCAL\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-04-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-2050356926-2570848730-1589625832-1106: @tools.google.com/Google Update;version=3 -> C:\Users\jwm4.LOCAL\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-2050356926-2570848730-1589625832-1106: @tools.google.com/Google Update;version=9 -> C:\Users\jwm4.LOCAL\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\Nightly\37a1-64\firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default [2017-06-24]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-23]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-23]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-23]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-23]
CHR Extension: (Adobe Acrobat) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-23]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-23]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-23]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-06-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-06-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-23]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-23]
CHR Extension: (Chrome Media Router) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-23]
CHR Profile: C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-06-26]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-22]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-22]
CHR Extension: (WUTemp extension) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\baahcllkjamainfhhdimbnipdlaeappd [2017-06-24]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-22]
CHR Extension: (Pushbullet) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2017-06-22]
CHR Extension: (Clear Cache) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2017-06-23]
CHR Extension: (Adobe Acrobat) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-22]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-22]
CHR Extension: (Vanilla Cookie Manager) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gieohaicffldbmiilohhggbidhephnjj [2017-06-22]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-06-22]
CHR Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog [2017-06-22]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbgplcfihfeioiaddclapccnefggiddn [2017-06-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-06-22]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2017-06-22]
CHR Extension: (Flashcontrol) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2017-06-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-22]
CHR Extension: (Black and White) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\onpphpnfgidbadcijndjfiecbbjdecop [2017-06-23]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-06-22]
CHR Extension: (No Name) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-22]
CHR Extension: (Chrome Media Router) - C:\Users\jwm4.LOCAL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-22]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2050356926-2570848730-1589625832-1106\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 aim_LSService; C:\Program Files (x86)\Actual Window Manager\LogonScreenService.exe [99280 2017-03-28] (Actual Tools)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2278152 2015-07-28] (Broadcom Corporation.)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-06-22] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-10-22] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-02-22] (Creative Labs) [File not signed]
S3 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [112648 2015-06-19] (Creative Technology Ltd)
S3 CyberLink PowerDVD 15 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSMonitorServicePDVD15.exe [85784 2016-09-14] (CyberLink)
S3 CyberLink PowerDVD 15 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe [331544 2016-09-14] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-06] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-06-16] (Dropbox, Inc.)
R2 Dell Foundation Services; C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellUpdate; C:\Program Files (x86)\Alienware Update\DellUpService.exe [229376 2016-05-13] (Dell Inc.)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2013-03-12] () [File not signed]
S3 DsRoleSvc; C:\WINDOWS\system32\dsrolesrv.dll [288768 2017-06-22] (Microsoft Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [1832704 2015-11-24] ()
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4346320 2017-02-08] (SecureMix LLC)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [174312 2017-05-02] (Prosoftnet)
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [17408 2017-06-22] (Microsoft Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
S3 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3877768 2016-12-12] (Paramount Software UK Ltd)
S4 ManicTime Server; C:\Program Files (x86)\ManicTime\ManicTimeServer\ManicTimeServer.exe [82184 2013-11-13] (Finkit d.o.o.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [160256 2017-06-22] (Microsoft Corporation)
S3 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1385280 2013-12-10] (Microsoft Corp.)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [372416 2016-10-06] (Microsoft Corporation)
R2 Multiplicity; C:\Program Files (x86)\EdgeRunner\Multiplicity\MultiSrv.exe [209216 2016-02-12] (Stardock Software, Inc)
S3 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation)
S3 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2467008 2015-04-20] (Microsoft Corporation)
S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-10-03] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2016-01-07] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2016-10-06] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [220440 2017-04-12] (Stardock Software, Inc)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [32728 2017-04-25] (Dell Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-27] (Microsoft Corporation) [File not signed]
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [2231296 2017-06-22] (Microsoft Corporation)
R2 vmms; C:\WINDOWS\system32\vmms.exe [14414336 2017-06-22] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 15.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [199472 2015-07-28] (Broadcom Corporation.)
U5 btwavdt; C:\Windows\System32\Drivers\btwavdt.sys [228568 2015-11-28] (Broadcom Corporation.)
R1 CLBStor; C:\Windows\System32\Drivers\CLBStor.sys [25864 2013-09-24] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [379144 2013-09-24] (CyberLink Corporation.)
R3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink)
S3 CSRBC; C:\WINDOWS\System32\Drivers\csrbc.sys [46944 2011-07-14] (CSR plc.)
R3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1058600 2015-06-19] (Creative Technology Ltd)
R3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [37160 2015-06-19] (Creative Technology Ltd)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R2 Dokan; C:\WINDOWS\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-04-17] ()
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [25144 2013-04-11] () [File not signed]
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [22016 2017-06-22] (Microsoft Corporation)
U5 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [574424 2012-09-14] (Intel Corporation)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [23552 2017-06-22] (Microsoft Corporation)
S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-06-12] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-06-12] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-06-12] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-06-13] (Malwarebytes)
R3 mio; C:\WINDOWS\System32\drivers\mio.sys [8192 2013-06-26] (Dell Inc.)
R1 MpKsle7f3de04; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D1E2DAC-8AA3-4A2F-9B83-C1BC43CED7EF}\MpKsle7f3de04.sys [44928 2017-06-26] (Microsoft Corporation)
R1 networx; C:\WINDOWS\System32\drivers\networx.sys [88504 2016-10-04] (Windows ® Win 7 DDK provider)
R3 NTFS; C:\Windows\SysWow64\Drivers\NTFS.sys [2025792 2014-10-15] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4i.inf_amd64_1854074a80c04de8\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [25088 2017-06-22] (Microsoft Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2017-06-22] (Microsoft Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [38536 2016-05-05] ()
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [168968 2015-10-12] (Windows ® Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [51712 2017-06-22] (Microsoft Corporation)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31232 2017-06-22] (Microsoft Corporation)
S4 RsFx0312; C:\WINDOWS\System32\DRIVERS\RsFx0312.sys [249536 2016-10-06] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
S3 ssmirrdr; C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys [10112 2013-06-14] (support.com, Inc)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [104448 2017-06-22] (Microsoft Corporation)
R3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [31232 2017-06-22] (Microsoft Corporation)
R3 vl810filter; C:\WINDOWS\system32\DRIVERS\vl810filter.sys [17008 2011-11-17] (VIA Labs, Inc.)
R3 vmsmp; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-06-22] (Microsoft Corporation)
R2 VMSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-06-22] (Microsoft Corporation)
R0 vmsproxy; C:\WINDOWS\System32\drivers\vmsproxy.sys [33696 2017-06-22] (Microsoft Corporation)
S3 VMSVSF; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-06-22] (Microsoft Corporation)
S3 VMSVSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-06-22] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R2 WinisoCDBus; C:\WINDOWS\System32\drivers\WinisoCDBus.sys [204032 2016-10-20] (WinISO.com)
S3 WofAdk; C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wofadk.sys [214720 2015-07-09] (Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [35344 2013-08-22] ()
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2016-09-14] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-25 14:17 - 2017-06-25 14:17 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-06-23 17:32 - 2017-06-23 17:32 - 35438416 _____ (Adlice Software ) C:\Users\jwm4.LOCAL\Desktop\RogueKiller_setup_ref3.exe
2017-06-23 17:13 - 2017-06-23 17:16 - 00112785 _____ C:\Users\jwm4.LOCAL\Desktop\Addition.txt
2017-06-23 17:12 - 2017-06-26 12:03 - 00063892 _____ C:\Users\jwm4.LOCAL\Desktop\FRST.txt
2017-06-23 17:12 - 2017-06-26 12:02 - 00000000 ____D C:\Users\jwm4.LOCAL\Desktop\FRST-OlderVersion
2017-06-22 16:15 - 2017-06-22 16:15 - 00002191 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2017-06-22 16:15 - 2017-06-22 16:15 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2017-06-22 12:29 - 2017-06-22 12:29 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\EdgeRunner
2017-06-22 12:29 - 2017-06-22 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EdgeRunner
2017-06-22 10:57 - 2017-06-22 10:57 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-22 08:26 - 2017-06-22 08:26 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 05776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-06-22 08:26 - 2017-06-22 08:26 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 04544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-06-22 08:26 - 2017-06-22 08:26 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 02102272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-22 08:26 - 2017-06-22 08:26 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-06-22 08:26 - 2017-06-22 08:26 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-06-22 08:26 - 2017-06-22 08:26 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-22 08:26 - 2017-06-22 08:26 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-22 08:26 - 2017-06-22 08:26 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-22 08:26 - 2017-06-22 08:26 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-22 08:26 - 2017-06-22 08:26 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-22 08:26 - 2017-06-22 08:26 - 00000000 ____D C:\Windows.old
2017-06-22 08:25 - 2017-06-22 08:25 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 04052480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsai.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 03856896 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmchipset.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02231296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 02228120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-22 08:25 - 2017-06-22 08:25 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-22 08:25 - 2017-06-22 08:25 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01652736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01516448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01458592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00848288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00844696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-22 08:25 - 2017-06-22 08:25 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00751616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wnv.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00697760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-06-22 08:25 - 2017-06-22 08:25 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-22 08:25 - 2017-06-22 08:25 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmusrv.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-22 08:25 - 2017-06-22 08:25 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-22 08:25 - 2017-06-22 08:25 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-06-22 08:25 - 2017-06-22 08:25 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-22 08:25 - 2017-06-22 08:25 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-22 08:25 - 2017-06-22 08:25 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-22 08:25 - 2017-06-22 08:25 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-22 08:23 - 2017-06-22 08:23 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-22 08:23 - 2017-06-22 04:29 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-22 08:23 - 2017-03-18 02:48 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2017-06-22 08:23 - 2017-03-18 02:08 - 17777152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2017-06-22 08:23 - 2017-03-18 02:05 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2017-06-22 08:23 - 2017-03-18 02:02 - 00393216 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2017-06-22 08:23 - 2017-03-18 01:59 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2017-06-22 08:23 - 2017-03-18 01:59 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2017-06-22 08:23 - 2017-03-18 01:57 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2017-06-22 08:23 - 2017-03-18 01:53 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2017-06-22 08:23 - 2017-03-18 01:52 - 04897280 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2017-06-22 08:23 - 2017-03-18 01:49 - 01309184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2017-06-22 08:23 - 2017-03-18 01:49 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2017-06-22 08:23 - 2017-03-18 01:48 - 13785600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2017-06-22 08:23 - 2017-03-18 01:47 - 06806016 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2017-06-22 08:23 - 2017-03-18 01:46 - 00370176 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2017-06-22 08:23 - 2017-03-18 01:44 - 01977344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2017-06-22 08:23 - 2017-03-18 01:44 - 01174528 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2017-06-22 08:23 - 2017-03-18 01:44 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2017-06-22 08:23 - 2017-03-18 01:44 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2017-06-22 08:23 - 2017-03-18 01:43 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2017-06-22 08:23 - 2017-03-18 01:43 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2017-06-22 08:23 - 2017-03-18 01:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2017-06-22 08:23 - 2017-03-18 01:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll
2017-06-22 08:23 - 2017-03-18 01:41 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2017-06-22 08:23 - 2017-03-18 01:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll
2017-06-22 08:23 - 2017-03-18 01:38 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2017-06-22 08:23 - 2017-03-18 01:35 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll
2017-06-22 08:23 - 2017-03-18 01:35 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2017-06-22 08:23 - 2017-03-18 01:33 - 05141504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2017-06-22 08:23 - 2017-03-18 01:33 - 03648000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2017-06-22 08:23 - 2017-03-18 01:30 - 01480704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2017-06-22 08:23 - 2017-03-18 01:30 - 00926208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe
2017-06-22 08:23 - 2017-03-18 01:30 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2017-06-22 08:23 - 2017-03-18 01:30 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2017-06-22 08:23 - 2017-03-18 01:29 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2017-06-22 08:23 - 2017-03-18 01:29 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2017-06-22 08:23 - 2017-03-18 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll
2017-06-22 08:21 - 2017-06-26 06:01 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-06-22 08:21 - 2017-06-22 08:26 - 00000000 ____D C:\Program Files\Hyper-V
2017-06-22 08:21 - 2017-06-22 08:21 - 00000000 ___SD C:\WINDOWS\system32\containers
2017-06-22 08:21 - 2017-06-22 08:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2017-06-22 08:21 - 2017-06-22 08:21 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-06-22 08:21 - 2017-06-22 08:21 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-06-22 08:21 - 2017-06-22 08:21 - 00000000 ____D C:\WINDOWS\ADAM
2017-06-22 08:21 - 2017-06-22 08:21 - 00000000 ____D C:\Program Files\Windows Identity Foundation
2017-06-22 08:21 - 2017-06-22 08:21 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-22 08:21 - 2017-06-22 08:21 - 00000000 ____D C:\Program Files\MSBuild
2017-06-22 08:21 - 2017-06-22 08:21 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-22 08:21 - 2017-06-22 08:21 - 00000000 ____D C:\inetpub
2017-06-22 08:21 - 2017-06-22 04:43 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-22 08:20 - 2017-06-22 08:20 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-06-22 08:20 - 2017-02-10 15:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-06-22 08:20 - 2017-02-10 15:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-22 08:20 - 2017-02-10 15:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-06-22 08:20 - 2017-02-10 15:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-22 08:20 - 2017-02-10 15:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-22 08:20 - 2017-02-10 15:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-22 06:00 - 2017-06-22 06:00 - 00000020 ___SH C:\Users\jwm4.LOCAL\ntuser.ini
2017-06-22 05:17 - 2017-06-22 05:17 - 00000000 _SHDL C:\Users\Default\My Documents
2017-06-22 05:15 - 2017-06-22 05:16 - 00068583 _____ C:\WINDOWS\diagwrn.xml
2017-06-22 05:15 - 2017-06-22 05:16 - 00068583 _____ C:\WINDOWS\diagerr.xml
2017-06-22 05:14 - 2017-06-24 15:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-22 05:14 - 2017-06-22 16:15 - 00003580 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2017-06-22 05:14 - 2017-06-22 10:59 - 00003268 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 05:14 - 2017-06-22 05:14 - 00003928 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{8613AEB2-9237-40E1-9DAC-D54DAB0E28AD}
2017-06-22 05:14 - 2017-06-22 05:14 - 00003764 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-22 05:14 - 2017-06-22 05:14 - 00003554 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{25FBB203-14E8-4D0C-8DC1-A6AE2216304B}
2017-06-22 05:14 - 2017-06-22 05:14 - 00003548 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{96359232-69F9-4EE0-912B-402137A08055}
2017-06-22 05:14 - 2017-06-22 05:14 - 00003532 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2050356926-2570848730-1589625832-1106UA
2017-06-22 05:14 - 2017-06-22 05:14 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-06-22 05:14 - 2017-06-22 05:14 - 00003472 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{2E812EBD-38B6-4AC7-9893-2D2241B6FE5C}
2017-06-22 05:14 - 2017-06-22 05:14 - 00003430 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-06-22 05:14 - 2017-06-22 05:14 - 00003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-22 05:14 - 2017-06-22 05:14 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-22 05:14 - 2017-06-22 05:14 - 00003322 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{33E67A0C-254F-477D-A6EE-E6BCA83A02CE}
2017-06-22 05:14 - 2017-06-22 05:14 - 00003320 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task fbace1da-2c98-42ad-b371-8573ae68902e
2017-06-22 05:14 - 2017-06-22 05:14 - 00003318 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{64CF9195-6F2E-41B8-BCBE-6E8E9114C762}
2017-06-22 05:14 - 2017-06-22 05:14 - 00003280 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 8fc0444d-1d66-4d1c-a083-5dde884b45c3
2017-06-22 05:14 - 2017-06-22 05:14 - 00003276 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2017-06-22 05:14 - 2017-06-22 05:14 - 00003264 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2050356926-2570848730-1589625832-1106Core
2017-06-22 05:14 - 2017-06-22 05:14 - 00003244 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{453EF759-E6CA-4600-8D14-6071FE3C8FA3}
2017-06-22 05:14 - 2017-06-22 05:14 - 00003236 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{8C7B9A6C-82FA-4BC1-8356-98F4870E6853}
2017-06-22 05:14 - 2017-06-22 05:14 - 00003206 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-06-22 05:14 - 2017-06-22 05:14 - 00003184 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2017-06-22 05:14 - 2017-06-22 05:14 - 00003176 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-22 05:14 - 2017-06-22 05:14 - 00003132 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-22 05:14 - 2017-06-22 05:14 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-22 05:14 - 2017-06-22 05:14 - 00003106 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task a059080b-5f28-4554-ab0e-2c283b82c72c
2017-06-22 05:14 - 2017-06-22 05:14 - 00003084 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 72603656-63ec-4a8c-b6f0-d7eeab3c7a29
2017-06-22 05:14 - 2017-06-22 05:14 - 00003066 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 463f54ed-129a-4aed-a5fa-85d5833fbd61
2017-06-22 05:14 - 2017-06-22 05:14 - 00003044 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task d6441c29-0659-49fd-9da7-4475d5c13fff
2017-06-22 05:14 - 2017-06-22 05:14 - 00002998 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2017-06-22 05:14 - 2017-06-22 05:14 - 00002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-22 05:14 - 2017-06-22 05:14 - 00002982 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{418C1245-CBC7-4613-8B6A-F22927BDD6AE}
2017-06-22 05:14 - 2017-06-22 05:14 - 00002968 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-22 05:14 - 2017-06-22 05:14 - 00002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-22 05:14 - 2017-06-22 05:14 - 00002880 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2017-06-22 05:14 - 2017-06-22 05:14 - 00002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-22 05:14 - 2017-06-22 05:14 - 00002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-22 05:14 - 2017-06-22 05:14 - 00002772 _____ C:\WINDOWS\System32\Tasks\DivXUpdate
2017-06-22 05:14 - 2017-06-22 05:14 - 00002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-22 05:14 - 2017-06-22 05:14 - 00002738 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-LOCAL-jwm4
2017-06-22 05:14 - 2017-06-22 05:14 - 00002534 _____ C:\WINDOWS\System32\Tasks\SamsungMagician
2017-06-22 05:14 - 2017-06-22 05:14 - 00002524 _____ C:\WINDOWS\System32\Tasks\DeviceDetector7
2017-06-22 05:14 - 2017-06-22 05:14 - 00002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-06-22 05:14 - 2017-06-22 05:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\Western Digital
2017-06-22 05:02 - 2017-06-22 05:02 - 00000020 ___SH C:\Users\SQLSERVERAGENT\ntuser.ini
2017-06-22 05:01 - 2017-06-22 05:01 - 00000020 ___SH C:\Users\MSSQLSERVER\ntuser.ini
2017-06-22 05:01 - 2017-06-22 05:01 - 00000020 ___SH C:\Users\MSSQLFDLauncher\ntuser.ini
2017-06-22 04:57 - 2017-06-22 04:57 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-22 04:40 - 2017-06-22 04:40 - 00000000 ____D C:\ProgramData\USOShared
2017-06-22 04:37 - 2017-06-22 04:58 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-06-22 04:32 - 2017-06-25 14:17 - 00000000 ____D C:\Users\DefaultAppPool
2017-06-22 04:32 - 2017-06-24 15:07 - 01309286 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-22 04:32 - 2017-06-24 15:01 - 00000000 ____D C:\Users\jwm4.LOCAL
2017-06-22 04:32 - 2017-06-22 05:13 - 00000000 ____D C:\Users\SQLSERVERAGENT
2017-06-22 04:32 - 2017-06-22 05:13 - 00000000 ____D C:\Users\MSSQLSERVER
2017-06-22 04:32 - 2017-06-22 05:13 - 00000000 ____D C:\Users\MSSQLFDLauncher
2017-06-22 04:32 - 2017-06-22 05:13 - 00000000 ____D C:\Users\Classic .NET AppPool
2017-06-22 04:32 - 2017-06-22 05:13 - 00000000 ____D C:\Users\Administrator.alien
2017-06-22 04:32 - 2017-06-22 05:13 - 00000000 ____D C:\Users\.NET v4.5 Classic
2017-06-22 04:32 - 2017-06-22 05:13 - 00000000 ____D C:\Users\.NET v4.5
2017-06-22 04:32 - 2017-06-22 05:12 - 00000000 ____D C:\Users\jim.LOCAL
2017-06-22 04:32 - 2017-06-22 05:03 - 00000000 ____D C:\Users\ReportServer
2017-06-22 04:32 - 2017-06-22 05:03 - 00000000 ____D C:\Users\dog
2017-06-22 04:32 - 2017-06-22 05:02 - 00000000 ____D C:\Users\jwm4_000
2017-06-22 04:32 - 2017-06-22 05:02 - 00000000 ____D C:\Users\jwm4
2017-06-22 04:32 - 2017-06-22 05:02 - 00000000 ____D C:\Users\jim_000
2017-06-22 04:32 - 2017-06-22 05:02 - 00000000 ____D C:\Users\.NET v2.0 Classic
2017-06-22 04:32 - 2017-06-22 05:02 - 00000000 ____D C:\Users\.NET v2.0
2017-06-22 04:32 - 2017-06-22 04:32 - 01036776 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\SQLSERVERAGENT\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\ReportServer\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\MSSQLSERVER\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\MSSQLFDLauncher\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\jwm4_000\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\jwm4\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\jwm4.LOCAL\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\jim_000\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\jim.LOCAL\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\dog\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\Classic .NET AppPool\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\Administrator.alien\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\.NET v4.5\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\.NET v2.0\My Documents
2017-06-22 04:32 - 2017-06-22 04:32 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\My Documents
2017-06-22 04:31 - 2017-06-22 04:43 - 00000000 ____D C:\Users\Public\Creative
2017-06-22 04:30 - 2017-06-25 12:25 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-22 04:30 - 2017-06-22 04:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-22 04:30 - 2017-06-22 04:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-22 04:30 - 2017-06-22 04:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-22 04:30 - 2017-06-22 04:31 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2017-06-22 04:30 - 2017-06-22 04:30 - 00849474 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2017-06-22 04:30 - 2017-06-22 04:30 - 00165026 _____ C:\WINDOWS\system32\Drivers\RTWAVES40.dat
2017-06-22 04:30 - 2017-06-22 04:30 - 00031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2017-06-22 04:30 - 2017-06-22 04:30 - 00010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2017-06-22 04:30 - 2017-06-22 04:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-06-22 04:30 - 2017-06-22 04:30 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-06-22 04:30 - 2017-06-22 04:30 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-06-22 04:30 - 2017-06-22 04:30 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-06-22 04:30 - 2017-06-22 04:30 - 00000000 ____D C:\Program Files\Realtek
2017-06-22 04:30 - 2017-05-18 01:55 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-06-22 04:30 - 2017-05-18 01:48 - 06437824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-06-22 04:30 - 2017-05-18 01:48 - 02479736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-06-22 04:30 - 2017-05-18 01:48 - 01762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-06-22 04:30 - 2017-05-18 01:48 - 00548984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-06-22 04:30 - 2017-05-18 01:48 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-06-22 04:30 - 2017-05-18 01:48 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-06-22 04:30 - 2017-05-18 01:48 - 00069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-06-22 04:30 - 2017-05-16 14:09 - 07993157 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-06-22 04:30 - 2017-03-18 16:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-22 04:29 - 2017-06-26 11:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-22 04:29 - 2017-06-22 12:20 - 05118328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-21 22:34 - 2017-06-21 22:34 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Roaming\ISESteroids
2017-06-19 12:30 - 2017-06-22 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-16 13:33 - 2017-06-16 13:33 - 00049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-06-16 13:33 - 2017-06-16 13:33 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-06-16 13:33 - 2017-06-16 13:33 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-06-16 13:33 - 2017-06-16 13:33 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-06-15 22:47 - 2017-06-26 12:02 - 02441216 _____ (Farbar) C:\Users\jwm4.LOCAL\Desktop\FRST64.exe
2017-06-14 21:09 - 2017-06-22 10:56 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-14 20:59 - 2017-06-14 20:59 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 20:21 - 2017-06-22 04:58 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-06-14 20:21 - 2017-06-14 20:23 - 00000000 ____D C:\Program Files\UNP
2017-06-14 00:12 - 2017-06-03 05:18 - 00303104 _____ C:\WINDOWS\system32\OverlayHNSPlugin.dll
2017-06-13 23:06 - 2017-06-22 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-06-13 17:15 - 2017-06-13 17:15 - 00001110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2017.lnk
2017-06-12 20:26 - 2017-06-22 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2017-06-12 20:26 - 2017-06-22 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-06-12 20:26 - 2017-06-12 20:26 - 00000000 ____D C:\Program Files\CCleaner
2017-06-08 13:24 - 2017-06-08 13:24 - 00001263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-06-02 09:25 - 2017-06-22 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2017-06-01 18:43 - 2017-06-01 18:43 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Roaming\Google
2017-06-01 13:51 - 2017-06-22 05:01 - 00002309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-31 22:57 - 2017-05-31 22:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-05-31 22:57 - 2017-05-18 01:21 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-05-31 22:57 - 2017-03-10 17:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-05-31 22:57 - 2017-03-10 17:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-05-31 22:57 - 2017-03-10 17:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-05-31 22:57 - 2017-03-10 17:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-05-31 22:52 - 2017-05-18 03:35 - 40201848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 35390072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 35282040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 28624504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 11056456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 11028664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 10551072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 09248144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 09014976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 08808488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 04114248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 03797112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 03624784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 03256440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 01988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438233.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 01606592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438233.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 01600560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 01278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 01056704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 00995736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 00993912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 00964032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 00914880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 00775864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 00725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 00688968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 00612272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 00583800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 00499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 00218040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-05-31 22:52 - 2017-05-18 03:35 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-05-31 22:52 - 2017-05-18 03:35 - 00046008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-05-31 22:52 - 2017-05-18 03:35 - 00045061 _____ C:\WINDOWS\system32\nvinfo.pb
2017-05-31 22:52 - 2017-05-18 03:35 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-05-31 22:52 - 2017-05-18 03:35 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-05-31 22:16 - 2017-05-03 16:21 - 00175736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-05-31 22:16 - 2017-05-03 16:21 - 00143480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-05-31 22:16 - 2017-05-03 16:21 - 00048248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-05-31 22:12 - 2017-06-13 23:06 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\Google
2017-05-28 15:35 - 2017-05-28 15:35 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\GlassWire
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-26 12:02 - 2017-04-28 16:31 - 00000000 ____D C:\FRST
2017-06-26 11:30 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-26 10:44 - 2013-01-31 18:00 - 00000144 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-06-26 06:01 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-06-26 01:18 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-25 15:32 - 2017-04-15 15:37 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\Adobe
2017-06-25 02:53 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-24 15:02 - 2015-08-07 23:44 - 00191826 __RSH C:\ProgramData\ntuser.pol
2017-06-24 15:02 - 2013-02-10 03:02 - 00000000 ____D C:\ProgramData\PCDr
2017-06-24 15:01 - 2015-07-31 14:53 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2017-06-24 14:59 - 2017-04-15 18:57 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Roaming\Everything
2017-06-24 14:59 - 2017-04-15 18:57 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\Everything
2017-06-24 14:59 - 2017-03-18 07:40 - 02097152 _____ C:\WINDOWS\system32\config\BBI
2017-06-24 12:56 - 2017-05-03 21:26 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Roaming\Spotify
2017-06-23 23:55 - 2017-05-03 21:27 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\Spotify
2017-06-23 10:53 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-23 04:24 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-22 21:36 - 2017-04-19 17:12 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\Pushbullet
2017-06-22 16:15 - 2017-04-24 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware
2017-06-22 15:43 - 2017-04-28 16:42 - 00000000 ____D C:\AdwCleaner
2017-06-22 12:29 - 2014-03-06 23:42 - 00000000 ____D C:\Program Files (x86)\EdgeRunner
2017-06-22 12:29 - 2014-02-13 04:52 - 00000000 ____D C:\ProgramData\EdgeRunner
2017-06-22 12:17 - 2015-12-02 15:11 - 00000000 ____D C:\Program Files (x86)\Digify
2017-06-22 11:12 - 2017-04-15 15:36 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\Packages
2017-06-22 11:00 - 2017-04-17 23:05 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-06-22 10:59 - 2017-04-15 15:37 - 00002421 _____ C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 10:59 - 2017-04-15 15:37 - 00000000 ___RD C:\Users\jwm4.LOCAL\OneDrive
2017-06-22 10:57 - 2017-04-15 15:36 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\ConnectedDevicesPlatform
2017-06-22 10:56 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-22 10:56 - 2013-02-11 02:26 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-22 08:28 - 2017-03-18 17:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-22 08:26 - 2017-03-18 17:06 - 00000000 ____D C:\WINDOWS\Setup
2017-06-22 08:26 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-22 08:26 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-22 08:26 - 2017-03-18 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-22 08:26 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-22 08:26 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-22 08:26 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-22 08:26 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-22 08:26 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-22 08:26 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-22 08:26 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-22 08:21 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\schemas
2017-06-22 08:21 - 2017-03-18 17:00 - 00423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcdiag.exe
2017-06-22 08:21 - 2017-03-18 17:00 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsrolesrv.dll
2017-06-22 08:21 - 2017-03-18 17:00 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\repadmin.exe
2017-06-22 08:21 - 2017-03-18 17:00 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsdbutil.exe
2017-06-22 08:21 - 2017-03-18 17:00 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsatq.dll
2017-06-22 08:21 - 2017-03-18 17:00 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDEWSProxy.DLL
2017-06-22 08:21 - 2017-03-18 17:00 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsacls.exe
2017-06-22 08:21 - 2017-03-18 17:00 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\csvde.exe
2017-06-22 08:21 - 2017-03-18 17:00 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdsperf.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 14414336 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe
2017-06-22 08:21 - 2017-03-18 16:59 - 04525568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvgm.exe
2017-06-22 08:21 - 2017-03-18 16:59 - 02008248 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2017-06-22 08:21 - 2017-03-18 16:59 - 01570212 _____ C:\WINDOWS\system32\WindowsVirtualization.V2.mof
2017-06-22 08:21 - 2017-03-18 16:59 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmuidevices.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 01261568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmemulateddevices.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 01149404 _____ C:\WINDOWS\system32\WindowsHyperVCluster.V2.mof
2017-06-22 08:21 - 2017-03-18 16:59 - 01129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Windows.Smc.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 01007104 _____ (Microsoft Corporation) C:\WINDOWS\system32\adprop.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe
2017-06-22 08:21 - 2017-03-18 16:59 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsiedit.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedStorage.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicvdev.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00341512 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmEngUM.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthstor.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsmb.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsmgmt.exe
2017-06-22 08:21 - 2017-03-18 16:59 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmserial.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqtrig.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthfcvdev.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00144967 _____ C:\WINDOWS\system32\virtmgmt.msc
2017-06-22 08:21 - 2017-03-18 16:59 - 00144380 _____ C:\WINDOWS\system32\adsiedit.msc
2017-06-22 08:21 - 2017-03-18 16:59 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\HgsClientWmi.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmtpm.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00135424 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsp.exe
2017-06-22 08:21 - 2017-03-18 16:59 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbusvdev.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdp4vs.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2017-06-22 08:21 - 2017-03-18 16:59 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCG.exe
2017-06-22 08:21 - 2017-03-18 16:59 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2017-06-22 08:21 - 2017-03-18 16:59 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ldifde.exe
2017-06-22 08:21 - 2017-03-18 16:59 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDRCWSProxy.DLL
2017-06-22 08:21 - 2017-03-18 16:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2017-06-22 08:21 - 2017-03-18 16:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys
2017-06-22 08:21 - 2017-03-18 16:59 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqise.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\HyperVSysprepProvider.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2017-06-22 08:21 - 2017-03-18 16:59 - 00036696 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbresources.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00033614 _____ C:\WINDOWS\system32\ScanManagement.msc
2017-06-22 08:21 - 2017-03-18 16:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ramparser.sys
2017-06-22 08:21 - 2017-03-18 16:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdvgmProxy.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdvGpuInfo.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys
2017-06-22 08:21 - 2017-03-18 16:59 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcomputeeventlog.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RdvgmProxy.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-06-22 08:21 - 2017-03-18 16:59 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifproxystub.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-06-22 08:21 - 2017-03-18 16:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\HostGuardianServiceClientResources.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00012192 _____ (Microsoft Corporation) C:\WINDOWS\system32\e517e4cd-0fde-406b-b1cf-56cd97edd483_hyperv.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-06-22 08:21 - 2017-03-18 16:59 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2017-06-22 08:21 - 2017-03-18 16:56 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-06-22 08:21 - 2017-03-18 16:56 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2017-06-22 08:21 - 2017-03-18 16:56 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-06-22 08:21 - 2017-03-18 16:56 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-06-22 08:21 - 2017-03-18 16:56 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-06-22 08:21 - 2017-03-18 16:56 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsp.sys
2017-06-22 08:21 - 2017-03-18 16:56 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcip.sys
2017-06-22 08:20 - 2017-03-18 17:00 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SMCNative.dll
2017-06-22 08:20 - 2017-03-18 17:00 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdskcc.dll
2017-06-22 08:20 - 2017-03-18 17:00 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsadb.dll
2017-06-22 08:20 - 2017-03-18 17:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsetup.dll
2017-06-22 08:20 - 2017-03-18 17:00 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsmgmt.exe
2017-06-22 08:20 - 2017-03-18 17:00 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqtrig.dll
2017-06-22 08:20 - 2017-03-18 17:00 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsa.dll
2017-06-22 08:20 - 2017-03-18 17:00 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ldifde.exe
2017-06-22 08:20 - 2017-03-18 17:00 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsbsrv.dll
2017-06-22 08:20 - 2017-03-18 17:00 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDRCWSProxy.DLL
2017-06-22 08:20 - 2017-03-18 17:00 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqise.dll
2017-06-22 08:20 - 2017-03-18 17:00 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsperf.dll
2017-06-22 08:20 - 2017-03-18 17:00 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsamain.exe
2017-06-22 08:20 - 2017-03-18 17:00 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsmsg.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 01116672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsadmin.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsconfig.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcdiag.exe
2017-06-22 08:20 - 2017-03-18 16:59 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMCNative.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00376320 _____ C:\WINDOWS\system32\VmDataStore.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ldp.exe
2017-06-22 08:20 - 2017-03-18 16:59 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\repadmin.exe
2017-06-22 08:20 - 2017-03-18 16:59 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\schmmgmt.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedNic.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynth3dvideo.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmSynthNic.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsdbutil.exe
2017-06-22 08:20 - 2017-03-18 16:59 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdynmem.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsuiwiz.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicrdv.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\hcsdiag.exe
2017-06-22 08:20 - 2017-03-18 16:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpupvdev.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpcievdev.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00144646 _____ C:\WINDOWS\system32\dssite.msc
2017-06-22 08:20 - 2017-03-18 16:59 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdebug.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCGLaunchPad.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00074656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtpm.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDEWSProxy.DLL
2017-06-22 08:20 - 2017-03-18 16:59 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmmsprox.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wnvapi.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsacls.exe
2017-06-22 08:20 - 2017-03-18 16:59 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vid.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\csvde.exe
2017-06-22 08:20 - 2017-03-18 16:59 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationVdev.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmsproxy.sys
2017-06-22 08:20 - 2017-03-18 16:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdparser.sys
2017-06-22 08:20 - 2017-03-18 16:59 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspperf.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lunparser.sys
2017-06-22 08:20 - 2017-03-18 16:59 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocketcontrol.sys
2017-06-22 08:20 - 2017-03-18 16:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\synth3dvideoproxy.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\adamssip.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\infoadmn.dll
2017-06-22 08:20 - 2017-03-18 16:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\infoctrs.dll
2017-06-22 08:20 - 2017-03-18 16:56 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-06-22 08:20 - 2017-03-18 16:56 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-06-22 08:20 - 2017-03-18 16:56 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-06-22 08:20 - 2017-03-18 16:56 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqtgsvc.exe
2017-06-22 08:20 - 2017-03-18 16:56 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbusr.sys
2017-06-22 08:20 - 2017-03-18 16:56 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-06-22 08:20 - 2017-03-18 16:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-06-22 08:20 - 2017-03-18 16:56 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-06-22 08:20 - 2017-03-18 16:56 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-06-22 08:20 - 2017-03-18 16:56 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-06-22 08:20 - 2017-03-18 16:56 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspperf.dll
2017-06-22 08:20 - 2017-03-18 16:56 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-06-22 08:20 - 2017-03-18 16:56 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TFTP.EXE
2017-06-22 08:20 - 2017-03-18 16:56 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\infoadmn.dll
2017-06-22 08:20 - 2017-03-18 16:56 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-06-22 08:20 - 2017-03-18 16:56 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspiper.dll
2017-06-22 08:20 - 2017-03-18 16:56 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\infoctrs.dll
2017-06-22 08:20 - 2017-03-18 16:56 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-06-22 06:01 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Registration
2017-06-22 05:17 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-22 05:16 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-22 05:16 - 2017-03-18 07:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-22 05:15 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-22 05:14 - 2017-03-27 11:32 - 00000502 _____ C:\WINDOWS\Tasks\Macrium-Backup-{8C7B9A6C-82FA-4BC1-8356-98F4870E6853}.job
2017-06-22 05:14 - 2017-03-27 11:32 - 00000502 _____ C:\WINDOWS\Tasks\Macrium-Backup-{2E812EBD-38B6-4AC7-9893-2D2241B6FE5C}.job
2017-06-22 05:14 - 2017-03-18 22:49 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-22 05:14 - 2017-03-13 16:31 - 00000510 _____ C:\WINDOWS\Tasks\Macrium-Backup-{8613AEB2-9237-40E1-9DAC-D54DAB0E28AD}.job
2017-06-22 05:14 - 2017-03-13 16:31 - 00000510 _____ C:\WINDOWS\Tasks\Macrium-Backup-{453EF759-E6CA-4600-8D14-6071FE3C8FA3}.job
2017-06-22 05:14 - 2013-10-22 15:12 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-22 05:13 - 2017-03-18 17:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-22 04:59 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-22 04:58 - 2017-05-20 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2017-06-22 04:58 - 2017-05-10 21:33 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2017-06-22 04:58 - 2017-05-10 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2017-06-22 04:58 - 2017-05-04 18:20 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Right Click Enhancer Professional
2017-06-22 04:58 - 2017-05-03 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDrive
2017-06-22 04:58 - 2017-04-28 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-06-22 04:58 - 2017-04-20 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-06-22 04:58 - 2017-04-17 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-06-22 04:58 - 2017-04-17 16:59 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-06-22 04:58 - 2017-04-17 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-06-22 04:58 - 2017-04-11 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Power BI Desktop
2017-06-22 04:58 - 2017-03-18 22:47 - 00000000 ____D C:\WINDOWS\system32\0409
2017-06-22 04:58 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-06-22 04:58 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-06-22 04:58 - 2017-03-15 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-22 04:58 - 2017-03-09 01:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016
2017-06-22 04:58 - 2016-10-03 15:24 - 00000000 ____D C:\WINDOWS\SysWOW64\dumps
2017-06-22 04:58 - 2016-02-22 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Code Editors
2017-06-22 04:58 - 2016-01-15 01:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Environment Variables Editor
2017-06-22 04:58 - 2015-10-13 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-06-22 04:58 - 2015-10-10 01:45 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-06-22 04:58 - 2015-08-28 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2015
2017-06-22 04:58 - 2014-02-18 21:20 - 00000000 ____D C:\Users\Administrator.alien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-06-22 04:58 - 2013-10-22 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud Services
2017-06-22 04:58 - 2013-10-09 20:03 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2017-06-22 04:58 - 2013-10-09 19:56 - 00000000 ____D C:\WINDOWS\system32\1033
2017-06-22 04:58 - 2013-07-25 02:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\2C0A
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0C0A
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0C04
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0816
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0804
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0424
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\041F
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\041E
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\041D
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\041B
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0419
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0416
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0415
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0414
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0413
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0412
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0411
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0410
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\040E
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\040D
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\040C
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\040B
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\040A
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0408
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0407
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0406
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0405
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0404
2017-06-22 04:58 - 2013-02-10 20:56 - 00000000 ____D C:\WINDOWS\system32\0401
2017-06-22 04:58 - 2013-02-09 04:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google
2017-06-22 04:44 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-22 04:44 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-06-22 04:44 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-06-22 04:44 - 2016-11-08 14:30 - 00000000 ____D C:\WINDOWS\SysWOW64\ipam
2017-06-22 04:44 - 2016-09-27 21:03 - 00000000 ___RD C:\WINDOWS\WebManagement
2017-06-22 04:44 - 2016-02-19 01:34 - 00000000 ____D C:\WINDOWS\SysWOW64\Visual Studio 2013Templates
2017-06-22 04:44 - 2016-02-18 23:45 - 00000000 ____D C:\WINDOWS\SysWOW64\Visual Studio 2015Templates
2017-06-22 04:44 - 2016-02-17 21:27 - 00000000 ____D C:\WINDOWS\SysWOW64\Visual Studio 2010Templates
2017-06-22 04:44 - 2013-02-11 12:56 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-06-22 04:43 - 2017-05-25 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2017-06-22 04:43 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-22 04:43 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-22 04:43 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-22 04:43 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-22 04:43 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-22 04:43 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-06-22 04:43 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\IME
2017-06-22 04:43 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-22 04:43 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\InputMethod
2017-06-22 04:43 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\IME
2017-06-22 04:43 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-06-22 04:43 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-22 04:43 - 2016-11-08 14:30 - 00000000 ____D C:\WINDOWS\system32\ServerManagerInternal
2017-06-22 04:43 - 2016-11-08 14:30 - 00000000 ____D C:\WINDOWS\system32\ipam
2017-06-22 04:43 - 2016-11-08 14:30 - 00000000 ____D C:\WINDOWS\Cluster
2017-06-22 04:43 - 2016-11-08 14:30 - 00000000 ____D C:\Program Files\Update Services
2017-06-22 04:43 - 2016-09-27 21:03 - 00000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2017-06-22 04:43 - 2016-07-20 05:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2014
2017-06-22 04:43 - 2016-04-15 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-06-22 04:43 - 2015-12-22 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dev
2017-06-22 04:43 - 2015-08-05 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server
2017-06-22 04:43 - 2015-03-04 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notes
2017-06-22 04:43 - 2013-10-22 00:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping
2017-06-22 04:43 - 2013-10-09 20:25 - 00000000 ____D C:\Program Files\IIS
2017-06-22 04:43 - 2013-09-21 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security
2017-06-22 04:43 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-06-22 04:43 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-06-22 04:43 - 2013-07-25 02:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Networking
2017-06-22 04:43 - 2013-07-09 15:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-22 04:43 - 2013-03-16 17:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardware
2017-06-22 04:43 - 2013-03-16 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communications
2017-06-22 04:43 - 2013-03-16 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2017-06-22 04:43 - 2013-02-16 15:37 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-06-22 04:43 - 2013-02-11 12:54 - 00000000 ____D C:\Program Files\Intel
2017-06-22 04:40 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-22 04:37 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-06-22 04:37 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-22 04:36 - 2017-04-15 19:19 - 00000000 ____D C:\Users\jim.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-06-22 04:36 - 2017-04-15 19:17 - 00000000 ____D C:\Users\jim.LOCAL\AppData\Local\Packages
2017-06-22 04:36 - 2014-02-18 18:58 - 00000000 ____D C:\Users\Administrator.alien\AppData\Local\Packages
2017-06-22 04:35 - 2017-04-16 04:16 - 00000000 ____D C:\Users\dog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-06-22 04:35 - 2017-04-16 04:14 - 00000000 ____D C:\Users\dog\AppData\Local\Packages
2017-06-22 04:35 - 2017-04-15 15:38 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-06-22 04:35 - 2017-02-14 03:21 - 00000000 ____D C:\Users\jwm4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-06-22 04:35 - 2013-01-31 16:59 - 00000000 ____D C:\Users\jwm4\AppData\Local\Packages
2017-06-22 04:34 - 2016-12-06 02:30 - 00000000 ____D C:\Users\jim_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-06-22 04:34 - 2016-12-06 02:29 - 00000000 ____D C:\Users\jim_000\AppData\Local\Packages
2017-06-22 04:34 - 2014-02-18 17:56 - 00000000 ____D C:\Users\jwm4_000\AppData\Local\Packages
2017-06-22 04:31 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-22 04:30 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Help
2017-06-22 04:30 - 2016-03-30 10:18 - 00000000 ____D C:\temp
2017-06-22 04:04 - 2017-03-18 23:30 - 00000000 ___HD C:\$WINDOWS.~BT
2017-06-22 00:12 - 2013-02-09 14:33 - 00000000 ____D C:\Program Files\Registry Workshop
2017-06-21 23:10 - 2017-03-08 20:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-21 22:22 - 2013-02-20 01:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-21 22:06 - 2016-04-16 00:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-06-21 22:06 - 2014-11-13 22:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-06-21 22:06 - 2013-10-09 19:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2017-06-20 20:56 - 2013-02-09 14:41 - 00000000 ____D C:\ProgramData\Temp
2017-06-19 12:31 - 2015-05-21 17:40 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-19 12:06 - 2015-07-07 15:42 - 00000000 ____D C:\Program Files (x86)\AirDroid
2017-06-15 23:30 - 2017-04-16 04:36 - 00000000 ____D C:\Users\oldjwm4.corp.old
2017-06-14 21:00 - 2016-04-16 06:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 21:00 - 2016-04-16 06:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 20:22 - 2013-01-31 18:38 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 16:06 - 2017-04-15 23:40 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\ElevatedDiagnostics
2017-06-13 23:06 - 2013-02-09 04:22 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-13 19:09 - 2017-02-13 22:23 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-13 17:32 - 2017-04-15 18:35 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\CrashDumps
2017-06-13 17:18 - 2013-02-10 05:04 - 00000000 ____D C:\ProgramData\Adobe
2017-06-13 17:15 - 2017-04-15 15:36 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Roaming\Adobe
2017-06-13 17:08 - 2017-01-23 20:03 - 00002557 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2017.lnk
2017-06-13 17:08 - 2015-10-10 02:03 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-12 20:26 - 2013-07-01 16:40 - 00000000 ____D C:\Program Files\Recuva
2017-06-12 18:54 - 2017-02-13 22:23 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-12 18:53 - 2017-02-13 22:23 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-12 18:53 - 2017-02-13 22:23 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-09 22:18 - 2017-04-15 15:38 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\NVIDIA Corporation
2017-06-09 12:56 - 2017-04-18 01:21 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\EvernoteNW
2017-06-08 13:23 - 2014-05-30 15:03 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-03 02:32 - 2017-03-18 17:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 02:32 - 2017-03-18 17:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-02 09:55 - 2017-04-19 23:28 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\Microsoft Help
2017-06-02 09:23 - 2013-06-19 16:29 - 00000000 ____D C:\Program Files (x86)\Evernote
2017-06-01 13:48 - 2017-04-16 01:25 - 00000000 ____D C:\Users\jwm4.LOCAL\AppData\Local\MicrosoftEdge
2017-06-01 13:39 - 2015-07-14 23:23 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-05-31 20:54 - 2013-01-31 18:38 - 00565416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-30 22:22 - 2017-04-19 15:57 - 00000000 ___RD C:\Users\jwm4.LOCAL\Google Drive
2017-05-28 16:19 - 2017-02-13 22:24 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-28 09:16 - 2014-09-13 01:55 - 00000000 ____D C:\ProgramData\DivX
 
==================== Files in the root of some directories =======
 
2013-09-10 19:13 - 2017-05-10 21:34 - 19120152 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2017-04-27 20:51 - 2017-04-28 00:08 - 0000600 _____ () C:\Users\jwm4.LOCAL\AppData\Roaming\winscp.rnd
2017-06-22 04:30 - 2017-06-22 04:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-06-22 10:57 - 2017-03-28 03:02 - 0861136 ____N (Actual Tools) C:\Users\jwm4.LOCAL\AppData\Local\Temp\aimemb.dll
2017-06-22 10:57 - 2017-03-28 03:02 - 2409936 ____N (Actual Tools) C:\Users\jwm4.LOCAL\AppData\Local\Temp\aimemb64.dll
2017-01-12 15:54 - 2017-03-28 03:02 - 0861136 _____ (Actual Tools) C:\Users\oldjwm4.corp.old\AppData\Local\Temp\aimemb.dll
2017-01-12 15:54 - 2017-03-28 03:02 - 2409936 _____ (Actual Tools) C:\Users\oldjwm4.corp.old\AppData\Local\Temp\aimemb64.dll
2017-03-13 15:15 - 2017-02-23 04:17 - 0754168 _____ (NVIDIA Corporation) C:\Users\oldjwm4.corp.old\AppData\Local\Temp\nvSCPAPI.dll
2017-03-13 15:15 - 2017-02-23 04:17 - 0868152 _____ (NVIDIA Corporation) C:\Users\oldjwm4.corp.old\AppData\Local\Temp\nvSCPAPI64.dll
2017-03-13 15:13 - 2017-02-23 04:17 - 0354176 _____ (NVIDIA Corporation) C:\Users\oldjwm4.corp.old\AppData\Local\Temp\nvStInst.exe
2017-04-05 12:04 - 2017-04-05 12:04 - 0040448 _____ () C:\Users\oldjwm4.corp.old\AppData\Local\Temp\proxy_vole4365541176571202420.dll
2017-03-13 16:12 - 2017-03-13 16:12 - 15452552 _____ () C:\Users\oldjwm4.corp.old\AppData\Local\Temp\reflectPatch.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-22 04:29
 
==================== End of FRST.txt ============================

Edited by hamluis, 26 June 2017 - 11:10 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:18 PM

Posted 26 June 2017 - 11:40 AM

This is a duplicate post. Issue is being handled here:

https://www.bleepingcomputer.com/forums/t/650163/adware-driven-browser-redirection-to-various-pc-fix-sites-pc2
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:18 PM

Posted 26 June 2017 - 11:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users