Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dragonboost, CPX adware blocking internet


  • This topic is locked This topic is locked
20 replies to this topic

#1 jgaro

jgaro

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 30 July 2017 - 11:46 AM

Hi all,

 

Trying to fight this one off. Random pop up ads are showing up, and I've lost access to system restore, and other malware blocker installations...seems to be blocking internet access for some.

 

I've tried to follow some of the previous guidance here and have attached a few logs. Any help is greatly appreciated!!

Attached Files


Edited by hamluis, 30 July 2017 - 12:27 PM.
Moved from W10 Spt to Am I Infected, moved to MRL at MRT request - Hamluis.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 30 July 2017 - 11:57 AM

Hi jgaro :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 jgaro

jgaro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 30 July 2017 - 12:19 PM

Malwarebytes Anti-Rootkit BETA 1.9.4.1001
www.malwarebytes.org

Database version:
  main:    v2017.07.30.04
  rootkit: v2017.05.27.01

Windows 10 x64 NTFS
Internet Explorer 11.483.15063.0
jeff :: DESKTOP-EPH7TG4 [administrator]

7/30/2017 12:01:01 PM
mbar-log-2017-07-30 (12-01-01).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 324346
Time elapsed: 10 minute(s), 36 second(s)

Memory Processes Detected: 6
C:\Users\jeff\AppData\Local\ntuserlitelist\dataup\dataup.exe (Adware.Yelloader) -> 3756 -> Delete on reboot. [dd8f680407a20234a9e4eaddde22f709]
c:\windows\system32\tprdpw64.exe (Trojan.SmartService) -> 8272 -> Delete on reboot. [d993adbfb0f9b4822a57b4f80af7867a]
C:\Program Files\6QRU3HI4YP\6QRU3HI4Y.exe (Adware.Tuto4PC) -> 14228 -> Delete on reboot. [96d6eb816c3da78f9682604fc83959a7]
C:\Program Files\8NWAWK585J\8NWAWK585.exe (Adware.Tuto4PC) -> 14272 -> Delete on reboot. [9fcdd7957336a88e6eaa46695aa75ca4]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe (Trojan.Clicker) -> 14996 -> Delete on reboot. [4e1ee5871990c175f38d921a6b962cd4]
C:\Users\jeff\AppData\Local\gggatvei\hxggio\ct.exe (Adware.Agent) -> 4464 -> Delete on reboot. [b1bb91dbc4e564d2e224335dfd04b050]

Memory Modules Detected: 1
C:\Users\jeff\AppData\Local\ntuserlitelist\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]

Registry Keys Detected: 13
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup (Adware.Yelloader) -> Delete on reboot. [dd8f680407a20234a9e4eaddde22f709]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\windowsmanagementservice (Adware.Agent) -> Delete on reboot. [b1bb91dbc4e564d2e224335dfd04b050]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WEATHERINSPECT_IS1 (Adware.Tuto4PC.Generic) -> Delete on reboot. [9ad2323a3d6c3afc64b2d7c73cc543bd]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [650764088c1d51e57a059f53f50b31cf]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [4329d09c4d5c1a1c582493379b659b65]
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\BIGTIME (Adware.Tuto4PC) -> Delete on reboot. [bfadafbd92172c0a24c7574ab64b45bb]
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\EWMON (Adware.Tuto4PC) -> Delete on reboot. [15578be15b4ef04613d9edb4010022de]
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\119 (Adware.REOptimizer) -> Delete on reboot. [2f3d8ce0fbaecd69c6d4315415ec7789]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
HKLM\SOFTWARE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]

Registry Values Detected: 16
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|LIIGWVMVUJE06VO (Adware.Tuto4PC) -> Data: "C:\Program Files\6QRU3HI4YP\6QRU3HI4Y.exe" -> Delete on reboot. [96d6eb816c3da78f9682604fc83959a7]
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MHKOTFFFXGFCBHH (Adware.Tuto4PC) -> Data: "C:\Program Files\8NWAWK585J\8NWAWK585.exe" -> Delete on reboot. [9fcdd7957336a88e6eaa46695aa75ca4]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx (Trojan.Clicker) -> Data: "C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [4e1ee5871990c175f38d921a6b962cd4]
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MO0OAEEHJ7EQ1NB (Adware.Tuto4PC) -> Data: "C:\Program Files\HSXXKV8BHI\HSXXKV8BH.exe" -> Delete on reboot. [81eb43291b8e3afc66b28e21c43d8d73]
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FAEF9Y41AAZF95F (Adware.Tuto4PC) -> Data: "C:\Program Files\0ATCRLW0VE\0ATCRLW0V.exe" -> Delete on reboot. [c5a76a025950d46260b89d128c75b050]
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FZY0TH1RODH2PTC (Adware.Tuto4PC) -> Data: "C:\Program Files\MJZRVKYEQQ\MJZRVKYEQ.exe" -> Delete on reboot. [ce9e7cf0e3c683b3c5538629bd44e21e]
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|1X26G4VXQBE0P5H (Adware.Tuto4PC) -> Data: "C:\Program Files\RO3UZFPVK2\RO3UZFPVK.exe" -> Delete on reboot. [c3a9c4a89a0ff14519ff535c69988d73]
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|OESGUNMQDE09M5Z (Adware.Tuto4PC) -> Data: "C:\Program Files\WD7JVAD1QM\WD7JVAD1Q.exe" -> Delete on reboot. [8ae23d2f753436001800f3bc0cf53ac6]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WeatherInspect (Adware.Tuto4PC) -> Data: "C:\Program Files (x86)\WeatherInspect\WeatherInspect.exe" -> Delete on reboot. [a6c66b014e5b96a079aa823035ccb64a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cpx (Trojan.Clicker) -> Data: "C:\Users\jeff\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup -> Delete on reboot. [d89481eb6b3ed95d43111c3c90717c84]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WeatherInspect_is1|Publisher (Adware.Tuto4PC.Generic) -> Data: WeMonetize -> Delete on reboot. [9ad2323a3d6c3afc64b2d7c73cc543bd]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\Users\jeff\AppData\Local\ntuserlitelist\dataup\dataup.exe -> Delete on reboot. [56160d5f01a8b482a96795362bd5d030]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath (Trojan.Clicker) -> Data: C:\Users\jeff\AppData\Local\gggatvei\hxggio\ct.exe -> Delete on reboot. [89e37af25a4f8aaca0cc6dea10f1847c]
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\BIGTIME|partner (Adware.Tuto4PC) -> Data: marketator -> Delete on reboot. [bfadafbd92172c0a24c7574ab64b45bb]
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\EWMON|partner (Adware.Tuto4PC) -> Data: marketator -> Delete on reboot. [15578be15b4ef04613d9edb4010022de]
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\119|DisplayName (Adware.REOptimizer) -> Data: DragonBoost -> Delete on reboot. [2f3d8ce0fbaecd69c6d4315415ec7789]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 12
C:\Users\jeff\AppData\Local\ntuserlitelist (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\dataup (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\regtool (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\locales (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\winscr (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Program Files\0ATCRLW0VE (Adware.Tuto4PC.Generic) -> Delete on reboot. [600cadbf81287abc3832e177b948b749]
C:\Program Files\6QRU3HI4YP (Adware.Tuto4PC.Generic) -> Delete on reboot. [4b2197d5b2f79e98f2780e4ad82909f7]
C:\Program Files\8NWAWK585J (Adware.Tuto4PC.Generic) -> Delete on reboot. [90dc0f5dacfdb284d694f761b64b6f91]
C:\Program Files\MJZRVKYEQQ (Adware.Tuto4PC.Generic) -> Delete on reboot. [6b01155752576dc90466580053ae619f]
C:\Program Files\RO3UZFPVK2 (Adware.Tuto4PC.Generic) -> Delete on reboot. [4b21c6a6dbce082e5416bf99fe0323dd]
C:\Program Files\WD7JVAD1QM (Adware.Tuto4PC.Generic) -> Delete on reboot. [4f1d9dcff4b590a6551562f6c53cd729]

Files Detected: 60
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [a1184d89fddc3c481bce6ecc1384a192]
C:\Users\jeff\AppData\Local\ntuserlitelist\dataup\dataup.exe (Adware.Yelloader) -> Delete on reboot. [dd8f680407a20234a9e4eaddde22f709]
c:\windows\system32\tprdpw64.exe (Trojan.SmartService) -> Delete on reboot. [d993adbfb0f9b4822a57b4f80af7867a]
C:\Program Files\6QRU3HI4YP\6QRU3HI4Y.exe (Adware.Tuto4PC) -> Delete on reboot. [96d6eb816c3da78f9682604fc83959a7]
C:\Program Files\8NWAWK585J\8NWAWK585.exe (Adware.Tuto4PC) -> Delete on reboot. [9fcdd7957336a88e6eaa46695aa75ca4]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe (Trojan.Clicker) -> Delete on reboot. [4e1ee5871990c175f38d921a6b962cd4]
C:\Users\jeff\AppData\Local\gggatvei\hxggio\ct.exe (Adware.Agent) -> Delete on reboot. [b1bb91dbc4e564d2e224335dfd04b050]
C:\Program Files\HSXXKV8BHI\HSXXKV8BH.exe (Adware.Tuto4PC) -> Delete on reboot. [81eb43291b8e3afc66b28e21c43d8d73]
C:\Program Files\0ATCRLW0VE\0ATCRLW0V.exe (Adware.Tuto4PC) -> Delete on reboot. [c5a76a025950d46260b89d128c75b050]
C:\Program Files\MJZRVKYEQQ\MJZRVKYEQ.exe (Adware.Tuto4PC) -> Delete on reboot. [ce9e7cf0e3c683b3c5538629bd44e21e]
C:\Program Files\RO3UZFPVK2\RO3UZFPVK.exe (Adware.Tuto4PC) -> Delete on reboot. [c3a9c4a89a0ff14519ff535c69988d73]
C:\Program Files\WD7JVAD1QM\WD7JVAD1Q.exe (Adware.Tuto4PC) -> Delete on reboot. [8ae23d2f753436001800f3bc0cf53ac6]
C:\Program Files\0ATCRLW0VE\uninstaller.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [87e5bcb0228746f0aec1d1c380812bd5]
C:\Program Files\6QRU3HI4YP\uninstaller.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [f97393d96a3f92a4bcb33f55cc35e31d]
C:\Program Files\8NWAWK585J\uninstaller.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [e9834329d9d02d09c5aaf1a30bf645bb]
C:\Program Files\MJZRVKYEQQ\uninstaller.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [026a4626aefbb3834c23eea6d130ce32]
C:\Program Files\RO3UZFPVK2\uninstaller.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [7cf0620a9b0e71c5dc931e76e51c2ad6]
C:\Program Files\WD7JVAD1QM\uninstaller.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [69032349585140f65718e7ad0ef3c33d]
C:\Users\jeff\AppData\Local\aqedlyh\fmckhbge (Adware.Yelloader) -> Delete on reboot. [3b31c0ac4762280e1b2e4b476d9455ab]
C:\Program Files (x86)\WeatherInspect\WeatherInspect.exe (Adware.Tuto4PC) -> Delete on reboot. [a6c66b014e5b96a079aa823035ccb64a]
C:\Users\jeff\AppData\Local\ntuserlitelist\dataup\dataup.ini (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\dataup\NTSVC.ocx (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\regtool\regtool.exe (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\cef.pak (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\cef_100_percent.pak (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\cef_200_percent.pak (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\cef_extensions.pak (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\icudtl.dat (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\natives_blob.bin (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\snapshot_blob.bin (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\widevinecdm.dll (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\widevinecdmadapter.dll (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\locales\en-US.pak (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Users\jeff\AppData\Local\ntuserlitelist\svcvmx\locales\zh-CN.pak (Trojan.Clicker) -> Delete on reboot. [d597d5977534b77f567caa9f6899827e]
C:\Program Files\0ATCRLW0VE\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [600cadbf81287abc3832e177b948b749]
C:\Program Files\0ATCRLW0VE\0ATCRLW0V.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [600cadbf81287abc3832e177b948b749]
C:\Program Files\0ATCRLW0VE\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [600cadbf81287abc3832e177b948b749]
C:\Program Files\6QRU3HI4YP\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [4b2197d5b2f79e98f2780e4ad82909f7]
C:\Program Files\6QRU3HI4YP\6QRU3HI4Y.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [4b2197d5b2f79e98f2780e4ad82909f7]
C:\Program Files\6QRU3HI4YP\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [4b2197d5b2f79e98f2780e4ad82909f7]
C:\Program Files\8NWAWK585J\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [90dc0f5dacfdb284d694f761b64b6f91]
C:\Program Files\8NWAWK585J\8NWAWK585.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [90dc0f5dacfdb284d694f761b64b6f91]
C:\Program Files\8NWAWK585J\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [90dc0f5dacfdb284d694f761b64b6f91]
C:\Program Files\MJZRVKYEQQ\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [6b01155752576dc90466580053ae619f]
C:\Program Files\MJZRVKYEQQ\MJZRVKYEQ.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [6b01155752576dc90466580053ae619f]
C:\Program Files\MJZRVKYEQQ\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [6b01155752576dc90466580053ae619f]
C:\Program Files\RO3UZFPVK2\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [4b21c6a6dbce082e5416bf99fe0323dd]
C:\Program Files\RO3UZFPVK2\RO3UZFPVK.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [4b21c6a6dbce082e5416bf99fe0323dd]
C:\Program Files\RO3UZFPVK2\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [4b21c6a6dbce082e5416bf99fe0323dd]
C:\Program Files\WD7JVAD1QM\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [4f1d9dcff4b590a6551562f6c53cd729]
C:\Program Files\WD7JVAD1QM\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [4f1d9dcff4b590a6551562f6c53cd729]
C:\Program Files\WD7JVAD1QM\WD7JVAD1Q.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [4f1d9dcff4b590a6551562f6c53cd729]

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 30 July 2017 - 12:28 PM

Good :) Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 jgaro

jgaro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 30 July 2017 - 12:38 PM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/30/17
Scan Time: 12:31 PM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.139
Update Package Version: 1.0.2468
License: Trial

-System Information-
OS: Windows 10 (Build 15063.483)
CPU: x64
File System: NTFS
User: DESKTOP-EPH7TG4\jeff

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 418263
Threats Detected: 19
Threats Quarantined: 19
Time Elapsed: 2 min, 36 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 8
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [503], [260991],1.0.2468
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASAPI32, Quarantined, [606], [389038],1.0.2468
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASMANCS, Quarantined, [606], [389038],1.0.2468
PUP.Optional.Plumbytes, HKLM\SOFTWARE\MICROSOFT\TRACING\Plumbytes_RASAPI32, Quarantined, [8007], [396951],1.0.2468
PUP.Optional.Plumbytes, HKLM\SOFTWARE\MICROSOFT\TRACING\Plumbytes_RASMANCS, Quarantined, [8007], [396951],1.0.2468
PUP.Optional.WinYahoo, HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}, Quarantined, [71], [254682],1.0.2468
PUP.Optional.SearchManager, HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [503], [183362],1.0.2468
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [503], [260991],1.0.2468

Registry Value: 2
PUP.Optional.WinYahoo, HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}|URL, Quarantined, [71], [254682],1.0.2468
PUP.Optional.ByteFence, HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC|103, Quarantined, [606], [393167],1.0.2468

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.AnonymizerGadget, C:\Users\jeff\AppData\Roaming\AGData\bin, Quarantined, [1494], [338259],1.0.2468
PUP.Optional.AnonymizerGadget, C:\USERS\JEFF\APPDATA\ROAMING\AGDATA, Quarantined, [1494], [338259],1.0.2468

File: 7
PUP.Optional.AnonymizerGadget, C:\USERS\JEFF\APPDATA\ROAMING\AGDATA\BIN\AGLOADER.DLL, Quarantined, [1494], [338559],1.0.2468
PUP.Optional.AnonymizerGadget, C:\USERS\JEFF\APPDATA\ROAMING\AGDATA\BIN\ANONYMIZERLAUNCHER.EXE, Quarantined, [1494], [338241],1.0.2468
PUP.Optional.AnonymizerGadget, C:\USERS\JEFF\APPDATA\ROAMING\AGDATA\CONFIG.JSON, Quarantined, [1494], [338259],1.0.2468
PUP.Optional.AnonymizerGadget, C:\Users\jeff\AppData\Roaming\AGData\add.json, Quarantined, [1494], [338259],1.0.2468
PUP.Optional.REOptimizer, C:\USERS\JEFF\APPDATA\LOCAL\SIRECD.DLL, Quarantined, [7422], [419764],1.0.2468
PUP.Optional.SearchManager, C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarantined, [503], [260990],1.0.2468
PUP.Optional.REOptimizer, C:\USERS\JEFF\APPDATA\LOCAL\UNINSTALLCE.EXE, Quarantined, [7422], [412227],1.0.2468

Physical Sector: 0
(No malicious items detected)

(end)



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 30 July 2017 - 01:06 PM

Good :) Now let's run a sweep with AdwCleaner and JRT.

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes;
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted JRT log;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 jgaro

jgaro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 30 July 2017 - 01:11 PM

# AdwCleaner 7.0.0.0 - Logfile created on Sun Jul 30 18:08:12 2017
# Updated on 2017/17/07 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

 

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2627 B] - [2017/7/30 16:34:49]
C:/AdwCleaner/AdwCleaner[C1].txt - [1542 B] - [2017/7/30 16:39:34]
C:/AdwCleaner/AdwCleaner[S0].txt - [2941 B] - [2017/7/30 16:34:28]
C:/AdwCleaner/AdwCleaner[S1].txt - [1425 B] - [2017/7/30 16:38:17]
C:/AdwCleaner/AdwCleaner[S2].txt - [1279 B] - [2017/7/30 18:8:3]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by jeff (Administrator) on Sun 07/30/2017 at 13:09:28.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 1

Successfully deleted: C:\WINDOWS\wininit.ini (File)

 

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{12451705-CE77-4F13-A163-711AE83B6CA2} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{12451705-CE77-4F13-A163-711AE83B6CA2} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/30/2017 at 13:10:50.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 30 July 2017 - 02:03 PM

Good :) Now let's run a scan with FRST to see what's left to remove.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 jgaro

jgaro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 30 July 2017 - 06:18 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2017
Ran by jeff (30-07-2017 18:17:01)
Running from C:\Users\jeff\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-13 14:57:58)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-651533093-3901169317-4024127600-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-651533093-3901169317-4024127600-503 - Limited - Disabled)
Guest (S-1-5-21-651533093-3901169317-4024127600-501 - Limited - Disabled)
jeff (S-1-5-21-651533093-3901169317-4024127600-1001 - Administrator - Enabled) => C:\Users\jeff

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
µTorrent (HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
ABM HART Gateway version 2.8 (HKLM-x32\...\{B81AB43A-CCE3-4920-90F5-6BD660717AF9}_is1) (Version: 2.8 - ABM Sensor Technology Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.33 - NVIDIA Corporation) Hidden
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.12 - Arduino LLC)
Atmel Driver Files (HKLM-x32\...\{6F7D7F68-DBBF-45E2-ADE8-B78E72C2D1C1}) (Version: 7.1.16 - Atmel Corporation)
Atmel LibUSB0 Driver (x64) (HKLM\...\{C1F86585-CDAC-4ABE-B163-161DDBCC4332}) (Version: 7.0.125 - Atmel)
Atmel Segger USB Drivers (501e) (HKLM-x32\...\{156C0C95-4DDE-4F88-97A0-5EEE22269CE3}) (Version: 7.0.417 - Atmel)
Atmel Software Framework (HKLM-x32\...\{E3F0760B-113D-4271-A2BE-B97752BF0B33}) (Version: 7.0.1186 - Atmel) Hidden
Atmel Studio 7.0 (HKLM-x32\...\{9b226216-cf50-48b3-a6e2-3dd5a9b3406d}) (Version: 7.0.1188 - Atmel)
Atmel Studio Development Environment (HKLM-x32\...\{D1E22058-E061-42D1-A710-C11FAFF3E252}) (Version: 7.0.1188 - Atmel) Hidden
Atmel WinDriver (HKLM-x32\...\{FAF2A9D1-33C8-48FF-8FD5-20075A53AB9C}) (Version: 7.0.23 - Atmel)
Atmel WinUSB (HKLM-x32\...\{22D3C72E-42F9-4B0F-B331-E0AA134ADF76}) (Version: 6.2.32 - Atmel)
Atom (HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\atom) (Version: 1.18.0 - GitHub Inc.)
AVR32 Device Support (HKLM-x32\...\{B4FF8137-23C8-4AC9-BC91-6A25E317D374}) (Version: 7.0.1183 - Atmel) Hidden
AVR32 Toolchain 7.0 (HKLM-x32\...\{8AF6AD1C-A2DE-412D-9FEE-ECF60AD534BB}) (Version: 7.0.536 - Atmel) Hidden
AVR8 Device Support (HKLM-x32\...\{C64B8FC0-9017-4BDC-972A-F8F7AD8903E0}) (Version: 7.0.1188 - Atmel) Hidden
AVR8 Toolchain (HKLM-x32\...\{3E4193B4-89BB-4576-9C8F-ADF3439D0B33}) (Version: 7.0.1185 - Atmel) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite HL-L2380DW series (HKLM-x32\...\{A3C8ED27-D848-441A-AE81-E42E27109558}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
Brother MFL-Pro Suite HL-L2380DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Cura 2.1 (HKLM-x32\...\Cura 2.1) (Version: 2.1.3 - Ultimaker)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
f.lux (HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\Flux) (Version:  - )
Flip 3.4.7 (HKLM-x32\...\flip.exe) (Version: 3.4.7 - Atmel)
GitHub (HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\5f7eb300e2ea4ebf) (Version: 3.3.4.0 - GitHub, Inc.)
HART Analyzer (HKLM-x32\...\HART Analyzer) (Version:  - HART Analyzer)
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
HeidiSQL (HKLM\...\HeidiSQL_is1) (Version:  - Ansgar Becker)
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP ESU for Microsoft Windows 10 (HKLM-x32\...\{2CDA0D13-ED4D-4E66-B920-9AE696F9992E}) (Version: 1.1.1 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8305.5282 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{76272057-98E0-4DC4-AAC3-10C546C47195}) (Version: 14.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.7.27.15 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IVI Shared Component 64-bit (HKLM\...\{F35499BF-B4E7-4C3F-8769-229D9DE3E07E}) (Version: 2.21.49152 - IVI Foundation Inc.) Hidden
IVI Shared Components 2.2.1 (HKLM-x32\...\IviSharedComponent) (Version: 2.21.49152 - IVI Foundation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
KiCad 4.0.4 (HKLM-x32\...\KiCad) (Version: 4.0.4 - KiCad)
LLVM (HKLM-x32\...\LLVM) (Version: 3.9.1 - LLVM)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
LTspice XVII (HKLM\...\LTspice XVII) (Version:  - Linear Technology Corporation)
Macrium Reflect Free Edition (HKLM\...\{F11B4FAA-198D-441F-85E4-7EED9E2D823B}) (Version: 6.2.1549 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Math Kernel Libraries (64-bit) (HKLM\...\{56B02DF2-C570-43E0-A16A-C6A1CE4AD7FB}) (Version: 1.0.31.0 - National Instruments) Hidden
Math Kernel Libraries (HKLM-x32\...\{9BA528A0-F33B-4162-993A-538CF56A005E}) (Version: 1.0.31.0 - National Instruments) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
mipc v3.8.1.1608301607 (HKLM-x32\...\mipc) (Version: v3.8.1.1608301607 - mipc)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version:  - National Instruments)
NI .NET Framework 4.0 (HKLM-x32\...\{5CC95D76-A798-4722-AE76-E494D9664907}) (Version: 4.01.49152 - National Instruments) Hidden
NI ActiveX Container (64-bit) (HKLM\...\{CC4F5200-2852-441F-A0CB-4A299E18657E}) (Version: 12.1.3.0 - National Instruments) Hidden
NI ActiveX Container (HKLM-x32\...\{CFF1C12E-8A62-41D3-8B51-15BFC9DD345C}) (Version: 12.1.3.0 - National Instruments) Hidden
NI Authentication 13.0.0 (64-bit) (HKLM\...\{2BF63B6D-6B44-46D5-8F2C-5BFBC78D9593}) (Version: 13.0.326 - National Instruments) Hidden
NI Authentication 13.0.0 (HKLM-x32\...\{6CB3DA3D-C753-423D-AB3B-670C5C2FE6C4}) (Version: 13.0.326 - National Instruments) Hidden
NI Certificates Deployment Support (HKLM-x32\...\{92AE2189-B5BF-409E-A6BB-BB2D390CCD8E}) (Version: 1.04.49153 - National Instruments) Hidden
NI Curl 13.0.0 (64-bit) (HKLM\...\{E957A395-E199-4B35-B06A-FF7CBA66B953}) (Version: 13.0.324 - National Instruments) Hidden
NI Curl 13.0.0 (HKLM-x32\...\{2DD33997-3C3E-4517-9D98-0CC5802D6D53}) (Version: 13.0.324 - National Instruments) Hidden
NI Error Reporting 2013 (HKLM-x32\...\{DF549FB9-B94F-4B8D-B007-39281EDB9A52}) (Version: 13.0.324 - National Instruments) Hidden
NI Error Reporting Interface Installer 5.5 (HKLM-x32\...\{843AA365-C682-4540-9E7C-9B9A10C6A539}) (Version: 5.50.49152 - National Instruments) Hidden
NI Error Reporting Interface Installer 5.5 for Windows 64-bit (HKLM\...\{817746FE-367D-4BA3-9ABF-D2214D0E5E33}) (Version: 5.50.49152 - National Instruments) Hidden
NI EulaDepot (HKLM-x32\...\{87F60C46-07E2-46B4-B872-680DE4184C0A}) (Version: 3.20.363 - National Instruments) Hidden
NI GMP Windows 32-bit Installer 13.0.0 (HKLM-x32\...\{0AF8A008-7141-40DD-BB99-10B7F0C4769A}) (Version: 13.0.45.0 - National Instruments) Hidden
NI GMP Windows 64-bit Installer 13.0.0 (HKLM\...\{00D12A70-7B79-4A14-80B5-F12626237DE7}) (Version: 13.0.45.0 - National Instruments) Hidden
NI Help Assistant 2.0 (64bit) (HKLM\...\{DDAAADDD-C57E-4731-A29C-133191587488}) (Version: 2.0.3 - National Instruments) Hidden
NI Help Assistant 2.0 (HKLM-x32\...\{C9A0D47F-9A68-4917-868C-79E384E4DEE6}) (Version: 2.0.3 - National Instruments) Hidden
NI I/O Trace 3.1.1 (HKLM-x32\...\{B82851CD-7715-4AA6-BCAF-390E75E229CF}) (Version: 3.17.768 - National Instruments) Hidden
NI IVI Class Drivers (64-bit) (HKLM\...\{BB6F8F83-2484-4289-B723-57071E0F0EC5}) (Version: 6.50.49152 - National Instruments) Hidden
NI IVI Class Drivers (HKLM-x32\...\{FC648883-3637-4B07-9B92-9E9457BC7667}) (Version: 6.50.49152 - National Instruments) Hidden
NI IVI Class Simulation Drivers (64-bit) (HKLM\...\{BB8EC46A-4719-4CD4-896E-2EB35011CC9C}) (Version: 4.50.49152 - National Instruments) Hidden
NI IVI Class Simulation Drivers (HKLM-x32\...\{4082517D-4A7D-4797-AE4D-F28EFF83CF8D}) (Version: 4.50.49152 - National Instruments) Hidden
NI IVI Compliance Package 4.5 (64-bit) (HKLM\...\{E254DB06-1259-4C88-91AF-CC4AF398B0E6}) (Version: 4.50.49152 - National Instruments) Hidden
NI IVI Compliance Package 4.5 (HKLM-x32\...\{BD9DCCB8-3F53-4CDC-98AD-E39B3860693F}) (Version: 4.50.49152 - National Instruments) Hidden
NI IVI Engine (64-bit) (HKLM\...\{1467F113-8107-4E81-8E2D-74EB39077344}) (Version: 134.50.49152 - National Instruments) Hidden
NI IVI Engine (HKLM-x32\...\{B1896E45-B69C-4F10-AD24-095E24B779E9}) (Version: 134.50.49152 - National Instruments) Hidden
NI IVI Online Help (HKLM-x32\...\{0EA5EBE6-7571-493F-8DDB-1667648989A0}) (Version: 4.50.49152 - National Instruments) Hidden
NI IVI Provider for MAX (HKLM-x32\...\{20F01188-72F9-4CE7-B57F-60417A00EF2D}) (Version: 5.60.49152 - National Instruments) Hidden
NI LabVIEW 2010 Real-Time NBFifo (HKLM-x32\...\{2BC9B2CE-D569-4ADC-A8A0-170F2FD57139}) (Version: 10.0.214.0 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time NBFifo (HKLM-x32\...\{B4A772D4-ED42-4484-8C0E-663A52D07A2F}) (Version: 12.0.219.0 - National Instruments) Hidden
NI LabVIEW 2012 Run-Time Engine Web Server (HKLM-x32\...\{3C717C2C-A9F4-4236-A539-89592B0652A7}) (Version: 12.5.198.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 Deployment Framework (HKLM-x32\...\{428B6473-1A49-4EF8-A18B-650B623FACCC}) (Version: 12.0.463.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 Run-Time Engine Non-English Support. (HKLM-x32\...\{06897ACD-84E1-4F9E-8848-3E3BF27D2D99}) (Version: 12.1.52.0 - National Instruments) Hidden
NI LabVIEW 2013 Real-Time Error Dialog (HKLM-x32\...\{EA289B2D-80CE-486A-935D-FC3F088AB5C7}) (Version: 13.0.123 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2010 SP1 (HKLM-x32\...\{1478F207-677B-443B-B305-E924A6289F1B}) (Version: 10.1.114.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2012 SP1 f3 (HKLM-x32\...\{5157CC53-EB17-4E69-A5C9-73E5695198B1}) (Version: 12.1.58.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2010 (HKLM-x32\...\{7247ABF1-C9E4-4242-8DA5-D0DF6977B018}) (Version: 10.1.115.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2012 SP1 (HKLM-x32\...\{3750BCB6-B4E7-4678-817D-732F1CD84EF5}) (Version: 12.1.58.0 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (HKLM-x32\...\{DB68B420-5382-48EE-9A2A-CB984FEBB192}) (Version: 10.0.235.0 - National Instruments) Hidden
NI LabWindows/CVI 2012 Low-Level Driver (Original) (HKLM-x32\...\{5E0CDB63-8465-440D-8829-6F69B81DC779}) (Version: 12.0.0422 - National Instruments) Hidden
NI LabWindows/CVI 2012 Low-Level Driver (Updated) (HKLM-x32\...\{1E2F864C-D04D-44FF-B411-DF4BE148DCB3}) (Version: 12.0.0422 - National Instruments) Hidden
NI Logos 5.5 (64-bit) (HKLM\...\{B2149E16-A01C-458E-A6E5-B9DC96EAD1AA}) (Version: 5.5.293 - National Instruments) Hidden
NI Logos 5.5 (HKLM-x32\...\{CA533BA0-E6F9-4349-B0EC-ABDEB0481E77}) (Version: 5.5.293 - National Instruments) Hidden
NI Logos XT Support (HKLM-x32\...\{A05EFB3F-19E2-4F9E-8380-BE095CCF0BE4}) (Version: 5.5.294 - National Instruments) Hidden
NI Logos64 XT Support (HKLM\...\{A3154334-4692-449E-8836-3CCD28D0B1D7}) (Version: 5.5.294 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (HKLM\...\{4EE0B022-366F-432B-98C6-4EB27C87774E}) (Version: 1.0.15.0 - National Instruments) Hidden
NI Math Kernel Libraries (HKLM-x32\...\{AB55A100-AAC9-43EA-845E-2DCDC0D4D2B8}) (Version: 1.0.25.0 - National Instruments) Hidden
NI MAX Remote Configuration 64-bit Installer 5.5 (HKLM\...\{4768A660-5962-491F-8B1D-9A3FA35819A6}) (Version: 5.50.49152 - National Instruments) Hidden
NI MAX Remote Configuration Installer 5.5 (HKLM-x32\...\{5A073702-D6E0-4D28-B43B-4C4D5DFB752D}) (Version: 5.50.49152 - National Instruments) Hidden
NI MAX Support for 64 Bit Windows (HKLM\...\{C7D66BE3-9A63-47A0-A422-D772F1216F43}) (Version: 5.50.49152 - National Instruments) Hidden
NI MDF Support (HKLM-x32\...\{FA35D849-889D-4454-9532-6BE2008D2CDF}) (Version: 3.20.363 - National Instruments) Hidden
NI mDNS Responder 2.2 for Windows 64-bit (HKLM\...\{3A6898F6-9B23-40DE-9B2D-617DBDEFDBF9}) (Version: 2.20.49152 - National Instruments) Hidden
NI mDNS Responder 2.2.0 (HKLM-x32\...\{1F7F5330-D1C5-49D8-85A3-75E29C2434FE}) (Version: 2.20.49152 - National Instruments) Hidden
NI Measurement & Automation Explorer 5.5.0 (HKLM-x32\...\{6A996EAF-F118-4C11-AD14-8029547085CB}) (Version: 5.50.49152 - National Instruments) Hidden
NI Measurement Studio Common .NET Assemblies for .NET 2.0 (HKLM-x32\...\{B930056F-D07E-419D-83F4-7AFCB212A3D8}) (Version: 12.0.00258 - National Instruments) Hidden
NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 1.1 (HKLM-x32\...\{6B54DB6D-6F00-4353-AB03-27374FC91F2F}) (Version: 8.1.20417 - National Instruments) Hidden
NI MXS 5.5.0 (HKLM-x32\...\{DB974CAC-E29F-4F36-9343-6B589DF80593}) (Version: 5.50.49152 - National Instruments) Hidden
NI MXS 5.5.0 for 64 Bit Windows (HKLM\...\{2C222477-A505-4ACF-A5F2-1E026DBA288D}) (Version: 5.50.49152 - National Instruments) Hidden
NI Network Discovery 5.5 (HKLM-x32\...\{FC89B79E-AE5F-495F-A2B5-4469E5E2E284}) (Version: 5.50.49152 - National Instruments) Hidden
NI Network Discovery 5.5 for Windows 64-bit (HKLM\...\{B847F6E6-0C6C-4FE8-8BF2-E864F3520DC2}) (Version: 5.50.49152 - National Instruments) Hidden
NI Portable Configuration 5.5.0 (HKLM-x32\...\{646550E5-F469-410B-9721-01E3DCAFA7D2}) (Version: 5.50.49152 - National Instruments) Hidden
NI Portable Configuration for 64 Bit Windows 5.5.0 (HKLM\...\{91D415DC-5C6C-4512-902A-EEB48545A299}) (Version: 5.50.49152 - National Instruments) Hidden
NI Remote Provider for MAX 5.5.0 (HKLM-x32\...\{4EDA6809-BAD6-416D-AACD-1EC39BF6DD41}) (Version: 5.50.49152 - National Instruments) Hidden
NI Remote PXI Provider for MAX 5.5.0 (HKLM-x32\...\{D426844E-2735-4881-BD41-29F7530FA06C}) (Version: 5.50.49152 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (HKLM\...\{4A78D9E6-D349-4CCA-9295-45B12BE5BC6C}) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (HKLM-x32\...\{20124E21-206B-485F-838F-14BB88161045}) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB67L8KSQW) (HKLM-x32\...\{54E6C462-1BFD-4A24-8956-865337B283F8}) (Version: 8.6.10500 - National Instruments) Hidden
NI Security Update (KB67L8L0QW) (HKLM-x32\...\{805A48E3-9FF6-4609-AE46-C90F094E6B28}) (Version: 8.6.10500 - National Instruments) Hidden
NI Service Locator 13.5 (HKLM-x32\...\{5CE16272-2DA3-409F-8ACE-2C3A29DF9B7F}) (Version: 13.5.70 - National Instruments) Hidden
NI Software Provider for MAX 5.5.0 (HKLM-x32\...\{A6025DDF-67EF-4B5D-8365-907295F5D469}) (Version: 5.50.49152 - National Instruments) Hidden
NI Spy Windows 64 Support 3.1.1 (HKLM\...\{2C5AD68D-A348-49BF-8CEB-BAFEAF2490F8}) (Version: 3.17.768 - National Instruments) Hidden
NI SSL LabVIEW RTE 2012 SP1 Support (HKLM-x32\...\{DFEB5AEC-611E-466F-A072-956751A66880}) (Version: 12.5.8.0 - National Instruments) Hidden
NI SSL Support (64-bit) (HKLM\...\{A6E0DCE3-A917-4234-B401-6D630E869FB3}) (Version: 13.0.319 - National Instruments) Hidden
NI SSL Support (HKLM-x32\...\{87392509-BFBD-4780-9170-E0106DB472DF}) (Version: 13.0.324 - National Instruments) Hidden
NI System API .NET 5.5.0 (HKLM-x32\...\{556653E7-A474-4D05-AA00-D555DF8609C6}) (Version: 5.50.157 - National Instruments) Hidden
NI System API Web-Service 32-bit 5.5.0 (HKLM-x32\...\{0E5A6C9B-E5F6-4BBD-8942-FC9BFC287F68}) (Version: 5.50.405 - National Instruments) Hidden
NI System API Windows 32-bit 5.5.0 (HKLM-x32\...\{A8779088-85BA-4CC0-8205-1C7AF40FCDBD}) (Version: 5.50.589 - National Instruments) Hidden
NI System API Windows 64-bit 5.5.0 (HKLM\...\{6662C75A-9A77-4959-9853-F4A2AF15C4B8}) (Version: 5.50.588 - National Instruments) Hidden
NI System Configuration Runtime 5.5.0 (HKLM-x32\...\{FCBEDF17-375A-4963-B6BC-B8DD66036D2F}) (Version: 5.50.226 - National Instruments) Hidden
NI System Configuration Runtime 5.5.0 for Windows 64-bit (HKLM\...\{E24A808C-68AE-4204-A6B5-55656CBE7AF1}) (Version: 5.50.226 - National Instruments) Hidden
NI System State Publisher (64-bit) (HKLM\...\{68319FE7-1E06-4156-BC00-8D24828B5084}) (Version: 13.0.299 - National Instruments) Hidden
NI System State Publisher (HKLM-x32\...\{AE20D525-5D10-475F-9115-963DB67D49DF}) (Version: 13.0.304 - National Instruments) Hidden
NI System Web Server 13.0 (HKLM-x32\...\{6246AACB-D78A-4563-B76E-34C722A8A715}) (Version: 13.0.333 - National Instruments) Hidden
NI System Web Server Base 13.0.0 (64-bit) (HKLM\...\{A0133B57-1D4B-4D89-A0EF-1453ECECA58A}) (Version: 13.0.323 - National Instruments) Hidden
NI System Web Server Base 13.0.0 (HKLM-x32\...\{69D447B3-1B3F-42A9-9605-A8533BE06D17}) (Version: 13.0.323 - National Instruments) Hidden
NI TDM Streaming 2.4 (64-bit) (HKLM\...\{000A570E-F926-4808-956C-A57EE91B75F6}) (Version: 2.4.55.0 - National Instruments) Hidden
NI TDM Streaming 2.4 (HKLM-x32\...\{5A6C68D9-FDCB-4675-A95A-CD908D103614}) (Version: 2.4.55.0 - National Instruments) Hidden
NI Trace Engine (64-bit) (HKLM\...\{DA83B4AC-EC3C-4F13-A867-CB0C24A8E1D5}) (Version: 13.0.324 - National Instruments) Hidden
NI Trace Engine (HKLM-x32\...\{63495F25-850C-4127-8BA6-1DFD5144723C}) (Version: 13.0.324 - National Instruments) Hidden
NI Uninstaller (HKLM-x32\...\{C7743231-5899-418D-8CA5-22B0F654D894}) (Version: 3.20.363 - National Instruments) Hidden
NI VC2005MSMs x64 (HKLM\...\{E3E3E625-8F74-44CE-A6D2-C31CB43DA23D}) (Version: 8.05.0 - National Instruments) Hidden
NI VC2005MSMs x86 (HKLM-x32\...\{4B877FC6-F44C-4B39-B0B6-CE15ADC63997}) (Version: 8.05.0 - National Instruments) Hidden
NI VC2008MSMs x64 (HKLM\...\{07E00E94-7A78-40FA-9BEF-71C190E98041}) (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (HKLM-x32\...\{E84997A1-4D6F-4C0B-B60D-F85B360D2666}) (Version: 9.0.401 - National Instruments) Hidden
NI VC2010SP1MSMs x64 (HKLM\...\{AFC5A844-CA3A-4566-89E7-3E24E6AFF9A3}) (Version: 10.0.100 - National Instruments) Hidden
NI VC2010SP1MSMs x86 (HKLM-x32\...\{F2273FA7-117C-43D7-BD59-00B025535442}) (Version: 10.0.100 - National Instruments) Hidden
NI Web Application Server 13.0 (64-bit) (HKLM\...\{62126BD1-8107-48A1-9889-FA16F064893C}) (Version: 13.0.319 - National Instruments) Hidden
NI Web Application Server 13.0 (HKLM-x32\...\{4845B7A3-DDC3-44F9-A7DB-C50C94017129}) (Version: 13.0.324 - National Instruments) Hidden
NI Xalan Delay Load 1.10.2 (HKLM-x32\...\{2CB15350-C073-4A5B-A706-59E1F69DE11C}) (Version: 1.10.72.0 - National Instruments) Hidden
NI Xalan Delay Load 1.10.2 64-bit (HKLM\...\{B9293F41-3CB1-4E86-9523-010F8ACB782D}) (Version: 1.10.73.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 (HKLM-x32\...\{E6068691-1FBC-4EF0-87E8-609CDB32038A}) (Version: 2.7.180.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 64-bit (HKLM\...\{50B2D9D8-87B6-49EE-BC5C-874119FD6B7B}) (Version: 2.7.190.0 - National Instruments) Hidden
NI-DIM 1.13.0f0 (HKLM-x32\...\{9B7F4E37-64DC-4B50-A504-124C665AD3FA}) (Version: 1.130.49152 - National Instruments) Hidden
NI-DIM 1.13.0f0 for 64 Bit Windows (HKLM\...\{B684BA02-6EF0-4C0F-B29A-611BFB01436B}) (Version: 1.130.49152 - National Instruments) Hidden
NI-ORB 3.0 (HKLM-x32\...\{3DFE81D3-F8A9-4746-BC91-1C219EDEC95A}) (Version: 3.00.49152 - National Instruments) Hidden
NI-ORB 3.0 for 64-bit Windows (HKLM\...\{AC599511-CD0C-4B9E-9DC1-C0D3C87D6FCA}) (Version: 3.00.49152 - National Instruments) Hidden
NI-PAL 2.9.1 64-Bit Error Files (HKLM\...\{B8A07D12-1F88-499B-86A7-F9597D4C37F8}) (Version: 2.91.49152 - National Instruments) Hidden
NI-PAL 2.9.1 Error Files (HKLM-x32\...\{6F3933B2-DA98-43EF-950E-CF2373918A12}) (Version: 2.91.49152 - National Instruments) Hidden
NI-PAL 2.9.1f0 (HKLM-x32\...\{D0D82E7B-8456-4FE7-A09C-0B3A49C2A4C5}) (Version: 10.101.49152 - National Instruments) Hidden
NI-PAL 2.9.1f0 for 64 Bit Windows (HKLM\...\{86DFA469-CA55-49E1-87A1-6B56AAB7D3C8}) (Version: 10.101.49152 - National Instruments) Hidden
NI-RPC 4.4.0f0 for Phar Lap ETS (HKLM-x32\...\{9CF01499-669E-472A-89E3-54CC30C4FDBB}) (Version: 4.40.49152 - National Instruments) Hidden
NI-RPC 4.4.1f0 (HKLM-x32\...\{9ED2055F-890A-4991-B2AD-5B02DAF574B6}) (Version: 4.41.49152 - National Instruments) Hidden
NI-RPC 4.4.1f0 for 64 Bit Windows (HKLM\...\{0887A2E8-2FF0-4584-B168-C331540B2144}) (Version: 4.41.49152 - National Instruments) Hidden
NI-VISA Runtime 5.4.1 (HKLM-x32\...\{20955267-2BD4-4152-8896-A7EFDF73EEA4}) (Version: 5.41.49152 - National Instruments) Hidden
NI-VISA x64 support 5.4.1 (HKLM\...\{94D8AABB-33BF-4063-BBDA-9821ED339ACE}) (Version: 5.41.49152 - National Instruments) Hidden
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.33 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Prusa3D version 1.7.4 (HKLM\...\Prusa3D_is1) (Version: 1.7.4 - Prusa Research s.r.o.)
PuTTY release 0.69 (64-bit) (HKLM\...\{5FE84905-DAF1-4319-82B2-D60BCA095BCE}) (Version: 0.69.0.0 - Simon Tatham)
Python 2.7.13 (HKLM-x32\...\{4A656C6C-D24A-473F-9747-3A8D00907A03}) (Version: 2.7.13150 - Python Software Foundation)
Quartus Prime Lite Edition (Free) 16.0.0.211 (HKLM-x32\...\Quartus Prime Lite Edition (Free) 16.0.0.211) (Version: 16.0 - Altera Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7530 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
Reset NI Config 5.5.0 (HKLM-x32\...\{32D5858D-5BCE-407A-93CD-897E867ABA51}) (Version: 5.50.227 - National Instruments) Hidden
RIGOL Ultra Sigma (HKLM-x32\...\{378CCBE0-E5F2-45BB-973C-6808367BE025}) (Version: 1.6.1 - RIGOL Technologies, Inc.)
RogueKiller version 12.11.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.8.0 - Adlice Software)
Sensing Solutions EVM GUI (HKLM-x32\...\Sensing Solutions EVM GUI 1.9.2) (Version: 1.9.2 - Texas Instruments Inc.)
Serial Port Monitor 6.0.235 (HKLM\...\Serial Port Monitor_is1) (Version: 6.0 - ELTIMA Software)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
SolidWorks 2012 x64 Edition SP05 (HKLM\...\{4C66F076-D3AB-49C8-85D4-BAA6D82FCAE2}) (Version: 20.150.80 - SolidWorks) Hidden
SolidWorks 2012 x64 Edition SP05 (HKLM-x32\...\SolidWorks Installation Manager 20120-40500-1100-100) (Version: 20.5.0.80 - SolidWorks Corporation)
SolidWorks eDrawings 2012 x64 Edition SP05 (HKLM\...\{91B765A6-D8CD-4DCC-B5C3-B04E5B563482}) (Version: 12.5.114 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2012 SP05 x64 Edition (HKLM\...\{65DDB7D8-5E04-45DF-B60E-89557ED37ED2}) (Version: 20.50.80 - SolidWorks Corporation) Hidden
Stamps.com (HKLM-x32\...\{698AC01B-DF0C-4BCE-940C-EB29AD23A560}) (Version: 15.0.0.3337 - Stamps.com, Inc.) Hidden
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - Stamps.com, Inc.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.1 - Tweaking.com)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VISA Shared Components 64-Bit (HKLM\...\{9FB0BB7E-7418-41EA-86AE-82A98317D52F}) (Version: 1.6.0 - IVI Foundation) Hidden
VISA Shared Components 64-Bit (HKLM-x32\...\VISASharedComponents) (Version: 1.6 - IVI Foundation)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Altera (WinUSB) JTAG cables  (02/11/2014,2014.02.11 ) (HKLM\...\6D27F566AFC20C2281F903D0D9620D335BBAF1AB) (Version: 02/11/2014,2014.02.11  - Altera)
Windows Driver Package - Prusa Research s.r.o. Original Prusa i3 MK2 (02/13/2013 1.0.0.0) (HKLM\...\E6CFEF5357DD0E2F987E98779FD6603959DA391B) (Version: 02/13/2013 1.0.0.0 - Prusa Research s.r.o.)
Windows Driver Package - UltiMachine 3D Printer (RAMBo) (02/13/2013 1.0.0.0) (HKLM\...\D77EC126405DC217C7BF7DA6669B51E297D5CF23) (Version: 02/13/2013 1.0.0.0 - UltiMachine)
WPS Office (9.1.0.5157) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5157 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-10-05] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-18] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0423BB01-4237-4A69-8179-389260F7A1AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {054521BB-E042-4B66-877C-8B401163C778} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {09A0C01C-5BCF-4EB9-8CD2-443DC73816AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {17C98DB9-889A-4DF6-84B5-79752E0906A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {1C295617-6B1E-4FE0-B64C-7228A7E528BA} - System32\Tasks\HPCeeScheduleForjeff => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {2D8C28E0-34A1-4690-95E6-8E1F61926A3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {3A9741AB-0BB4-4194-8B71-8AA01C252EF7} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-10-06] ()
Task: {44360564-DFAA-4119-A2C0-78100F12BF16} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {51A7D8DC-059B-4739-88A3-DA87B96195BD} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {5623610D-4772-4161-8C95-4AF411D29373} - System32\Tasks\{4FCD3F8C-0211-4EC0-9AE8-9A732873D8FB} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\jeff\Downloads\hmusb_driver\CDM20814_Setup.exe -d C:\Users\jeff\Downloads\hmusb_driver
Task: {5E6C1A40-EC02-4683-9ECB-E8E35F27C5AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {61F0A719-17B5-4552-8EDC-71085A08DA9E} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {646CB90C-5802-484D-9AB2-39103E65DC56} - System32\Tasks\{B15D828F-7C60-4FFF-A6E2-3C76F5C5FF75} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\jeff\Downloads\hmusb_driver (2)\CDM20814_Setup.exe" -d "C:\Users\jeff\Downloads\hmusb_driver (2)"
Task: {67C12F72-58F1-43B6-880C-C265BA392404} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {72D3ECC7-D22B-406F-AB08-FD7050E01C66} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {740A5068-04AB-4440-B44E-2D8849F71BF8} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5157\wtoolex\wpsupdate.exe [2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {746D4675-F832-4278-8B1D-696AB38B3BBB} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {88375E39-EF5E-43CA-9394-23563B57E98C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-06-28] (HP Inc.)
Task: {8C18FA0A-4FEE-45C6-8C5C-440007AAB7C5} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {A344AB56-D510-434C-A125-305C7A1D7566} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-21] ()
Task: {A52B6449-BCD5-411E-B89A-D63951CF74C4} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {A5301A2E-8026-47D2-9734-FD8ADC535892} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {A76E87BC-D079-45F0-A3E2-58C28453BB04} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {A9C892B6-6502-4998-887F-7469437D9CD9} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {AAC529A1-9FE9-4C0D-BA30-DEFEEA372646} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5157\wtoolex\wpsnotify.exe [2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {AE46DE70-33B3-47A2-8881-13C748FBC44A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {B5497CD8-FFC4-475F-8ADB-019D1D02516A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {C0973513-1711-4E91-8BA3-83956DF10FB1} - System32\Tasks\{54A390B0-EC5E-41D5-ACA9-28F7E1BCF737} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\jeff\Downloads\DRIVER-MK2-AS-6-7-W10\WindowsDriver\installer_x86.exe -d C:\Users\jeff\Downloads\DRIVER-MK2-AS-6-7-W10\WindowsDriver
Task: {CE136A46-F8D8-4ACA-B530-D69001861839} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {E4D11664-57FC-4E02-9AEA-267253FB7D0D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-21] ()
Task: {F3108302-8EF7-43B0-98E0-59C9F5D8049C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {F4273462-8A58-4091-A197-79B1EA40B727} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {FC4D5318-37CE-42C9-A34C-9994EE24D2E5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForjeff.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5157\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5157\wtoolex\wpsupdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

==================== Loaded Modules (Whitelisted) ==============

2016-10-05 17:49 - 2016-04-27 23:01 - 000309760 _____ () C:\altera_lite\16.0\quartus\bin64\jtagserver.exe
2016-10-05 17:50 - 2016-04-27 22:58 - 000054784 _____ () C:\altera_lite\16.0\quartus\bin64\ccl_ver.dll
2016-10-05 17:50 - 2016-04-27 23:01 - 000017920 _____ () C:\altera_lite\16.0\quartus\bin64\jtag_hw_usb-blaster.dll
2016-10-05 17:50 - 2016-04-28 05:47 - 000064512 _____ () C:\altera_lite\16.0\quartus\bin64\pgm_pgmdrv_apu_usb.dll
2016-10-05 17:50 - 2016-04-27 22:58 - 000402944 _____ () C:\altera_lite\16.0\quartus\bin64\CCL_GEN.dll
2016-10-05 17:50 - 2016-04-27 22:58 - 000167424 _____ () C:\altera_lite\16.0\quartus\bin64\ccl_mem.dll
2016-10-05 17:50 - 2016-04-27 22:58 - 000816640 _____ () C:\altera_lite\16.0\quartus\bin64\CCL_MSG.dll
2016-10-05 17:50 - 2016-04-27 22:58 - 000185344 _____ () C:\altera_lite\16.0\quartus\bin64\CCL_FIO.dll
2016-10-05 17:50 - 2016-04-27 22:58 - 000054272 _____ () C:\altera_lite\16.0\quartus\bin64\ccl_thr.dll
2016-10-05 17:50 - 2016-04-27 22:58 - 000056320 _____ () C:\altera_lite\16.0\quartus\bin64\CCL_ERR.dll
2016-10-05 17:50 - 2015-12-08 18:54 - 000903680 _____ () C:\altera_lite\16.0\quartus\bin64\boost_regex-mt.dll
2016-10-05 17:50 - 2015-12-08 18:54 - 000019456 _____ () C:\altera_lite\16.0\quartus\bin64\boost_system-mt.dll
2016-10-05 17:50 - 2016-04-27 21:11 - 000007168 _____ () C:\altera_lite\16.0\quartus\bin64\tbbamalloc.dll
2016-10-05 17:50 - 2016-04-27 22:58 - 000156160 _____ () C:\altera_lite\16.0\quartus\bin64\ccl_cfg_ini.dll
2016-10-05 17:50 - 2016-04-27 22:58 - 000375296 _____ () C:\altera_lite\16.0\quartus\bin64\ccl_atcl.dll
2016-10-05 17:50 - 2016-04-27 22:58 - 000100352 _____ () C:\altera_lite\16.0\quartus\bin64\CCL_BIG.dll
2016-10-05 17:50 - 2016-04-27 22:58 - 000057856 _____ () C:\altera_lite\16.0\quartus\bin64\ccl_tst.dll
2016-10-05 17:50 - 2016-04-28 07:04 - 000126976 _____ () C:\altera_lite\16.0\quartus\bin64\ccl_qtl.dll
2016-10-05 17:50 - 2016-04-27 22:58 - 000107008 _____ () C:\altera_lite\16.0\quartus\bin64\CCL_FSTR.dll
2016-10-05 17:50 - 2016-04-27 22:58 - 000771072 _____ () C:\altera_lite\16.0\quartus\bin64\ccl_sqlite3.dll
2016-10-05 17:50 - 2016-04-27 22:58 - 000046592 _____ () C:\altera_lite\16.0\quartus\bin64\ccl_xml.dll
2016-10-05 17:50 - 2016-04-28 07:04 - 000160256 _____ () C:\altera_lite\16.0\quartus\bin64\DB_PDB.dll
2016-10-05 17:50 - 2015-12-08 18:54 - 000116736 _____ () C:\altera_lite\16.0\quartus\bin64\boost_filesystem-mt.dll
2016-10-05 17:50 - 2016-04-27 22:58 - 000076800 _____ () C:\altera_lite\16.0\quartus\bin64\ccl_zlib.dll
2016-10-05 17:50 - 2016-04-27 22:58 - 000018944 _____ () C:\altera_lite\16.0\quartus\bin64\CCL_CLW.dll
2016-10-05 17:50 - 2016-04-27 21:11 - 000002048 _____ () C:\altera_lite\16.0\quartus\bin64\icudt34.dll
2017-07-27 19:16 - 2017-07-30 14:23 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 000117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2017-07-14 13:51 - 2017-07-21 09:33 - 008932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-07-17 09:13 - 2017-07-17 09:13 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-17 09:13 - 2017-07-17 09:13 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-17 09:13 - 2017-07-17 09:13 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-17 09:13 - 2017-07-17 09:13 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2016-10-18 10:20 - 2017-05-03 15:21 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-06-06 08:51 - 2017-06-06 08:52 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-25 15:21 - 2017-07-25 15:21 - 010631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-07-25 15:21 - 2017-07-25 15:21 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-07-12 06:40 - 2017-07-12 06:40 - 000020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-07-12 06:40 - 2017-07-12 06:40 - 027590144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-07-12 06:40 - 2017-07-12 06:40 - 000428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-07-12 06:40 - 2017-07-12 06:40 - 020649984 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-07-12 06:40 - 2017-07-12 06:40 - 002305536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-07-12 06:40 - 2017-07-12 06:40 - 002856448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-06 08:51 - 2017-06-06 08:52 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-06 08:51 - 2017-06-06 08:52 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-10-05 13:40 - 2016-10-05 13:41 - 000680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-07-12 06:40 - 2017-07-12 06:40 - 001127936 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-09 08:58 - 2017-05-09 08:59 - 001062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-20 11:28 - 2017-06-20 11:28 - 001997792 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-03-06 17:04 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-10-18 10:20 - 2017-05-03 15:21 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-06-24 04:07 - 2015-06-24 04:07 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:40C12C39 [136]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\sharepoint.com -> hxxps://fcinc-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2017-07-30 11:07 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-651533093-3901169317-4024127600-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_SNOW_1920x1080.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "FZY0TH1RODH2PTC"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "b2etad00njr"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "qwloryzlg1v"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "r54ergwgkff"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "MO0OAEEHJ7EQ1NB"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "FAEF9Y41AAZF95F"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "OESGUNMQDE09M5Z"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "1X26G4VXQBE0P5H"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{96C16F8E-B778-4285-9576-73F46C3757A3}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{279969CC-2915-4ACB-9432-433A39B35675}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{4C0F34CD-49BD-411D-BC27-35E72A34BE43}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{8A23F9AB-1505-4731-A466-5592BC188159}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Restore Points =========================

20-07-2017 17:51:10 Scheduled Checkpoint
29-07-2017 09:56:52 Scheduled Checkpoint
30-07-2017 12:12:18 Malwarebytes Anti-Rootkit Restore Point
30-07-2017 13:09:30 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2017 01:26:12 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected

Error: (07/30/2017 01:26:12 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected

Error: (07/30/2017 01:18:06 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.8784 - Fatal Execution Engine Error (00007FFFE2D10D3E) (80131506)

Error: (07/30/2017 01:18:06 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.8784 - Fatal Execution Engine Error (00007FFFE2D10D3E) (80131506)

Error: (07/30/2017 01:10:00 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.8784 - Fatal Execution Engine Error (00007FFFE2D10D3E) (80131506)

Error: (07/30/2017 01:10:00 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.8784 - Fatal Execution Engine Error (00007FFFE2D10D3E) (80131506)

Error: (07/30/2017 01:09:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-EPH7TG4)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/30/2017 01:08:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-EPH7TG4)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/30/2017 01:08:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-EPH7TG4)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/30/2017 01:07:46 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.8784 - Fatal Execution Engine Error (00007FFB8C3A0D3E) (80131506)

System errors:
=============
Error: (07/30/2017 01:09:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (07/30/2017 01:09:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (07/30/2017 01:08:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error:
An attempt was made to reference a token that does not exist.

Error: (07/30/2017 01:08:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error:
A device attached to the system is not functioning.

Error: (07/30/2017 01:08:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft_WPS_UpdateService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/30/2017 01:08:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Kingsoft_WPS_UpdateService service to connect.

Error: (07/30/2017 01:08:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (07/30/2017 01:08:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Error: (07/30/2017 01:08:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Error: (07/30/2017 01:08:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error:
The service did not start due to a logon failure.

CodeIntegrity:
===================================
  Date: 2017-07-30 12:14:00.882
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-07-30 11:42:43.256
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-07-30 11:38:00.414
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-07-30 11:19:39.312
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-30 11:19:39.311
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-30 11:19:39.308
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-30 11:19:39.305
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-30 11:08:55.939
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-07-30 11:07:42.266
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-30 11:07:42.265
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i3-4170 CPU @ 3.70GHz
Percentage of memory in use: 22%
Total physical RAM: 16343.64 MB
Available physical RAM: 12688.82 MB
Total Virtual: 18775.64 MB
Available Virtual: 15108.31 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:244.04 GB) (Free:123.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 256.2 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#10 jgaro

jgaro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 30 July 2017 - 06:19 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-07-2017
Ran by jeff (administrator) on DESKTOP-EPH7TG4 (30-07-2017 18:16:26)
Running from C:\Users\jeff\Desktop
Loaded Profiles: jeff (Available Profiles: jeff)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\altera_lite\16.0\quartus\bin64\jtagserver.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8483032 2015-06-16] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\Run: [Akamai NetSession Interface] => C:\Users\jeff\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\Run: [f.lux] => C:\Users\jeff\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2016-10-05]
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk [2016-10-05]
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2013-05-11] (National Instruments Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2fcf8639-e0ed-46d6-91fa-665b004bd02c}: [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{3e4e88e7-41f5-46e5-9b9c-06cd9dbd4e80}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{409c4424-2194-4b0e-9e51-739a54b6243e}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{6816739f-4eea-4b43-9354-5ce1f495499d}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> {12451705-CE77-4F13-A163-711AE83B6CA2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-651533093-3901169317-4024127600-1001 -> {B1E6523D-C428-469A-8B51-90F856DC45E6} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-651533093-3901169317-4024127600-1001 -> {FDC75619-E676-4845-AB13-8EA6B5A1959B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-21] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-27] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-27] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-651533093-3901169317-4024127600-1001: jpl.nasa.gov/NASAEyes -> C:\Users\jeff\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-03-22] (Jet Propulsion Laboratory)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR DefaultSearchURL: Profile 1 -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Profile 1 -> Yahoo
CHR DefaultSuggestURL: Profile 1 -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default [2017-07-30]
CHR Profile: C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-27]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-10-05] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 JTAGServer; C:\altera_lite\16.0\quartus\bin64\jtagserver.exe [309760 2016-04-27] () [File not signed]
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5157\wtoolex\wpsupdatesvr.exe [133480 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 LkCitadelServer; C:\windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
R2 lkClassAds; C:\windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
R2 lkTimeSync; C:\windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [83768 2013-06-11] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)
R2 niLXIDiscovery; C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [236768 2013-11-22] (National Instruments Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [176512 2013-06-19] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-12-10] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-06-16] (Realtek Semiconductor)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2016-10-06] (SolidWorks) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AlteraUSBBlaster; C:\WINDOWS\system32\drivers\usbblstr.sys [98160 2016-04-27] (FTDI Ltd.)
R3 atmelwindrvr; C:\WINDOWS\system32\drivers\atmelwindrvr.sys [300488 2015-08-12] (Jungo Connectivity)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-07-30] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-07-30] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-07-30] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-30] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-30] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-30] (Malwarebytes)
R1 MpKsl3857ebd5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1951D6D2-37AC-480F-90B3-F5ECCDF4C7FB}\MpKsl3857ebd5.sys [44928 2017-07-30] (Microsoft Corporation)
S3 nidimk; C:\windows\system32\drivers\nidimkl.sys [12968 2012-01-27] (National Instruments Corporation)
S3 niorbk; C:\windows\system32\drivers\niorbkl.sys [12992 2012-06-28] (National Instruments Corporation)
S3 nipalfwedl; C:\WINDOWS\System32\drivers\nipalfwedl.sys [13624 2012-12-19] (National Instruments Corporation)
R0 NIPALK; C:\WINDOWS\System32\drivers\nipalk.sys [926992 2012-12-19] (National Instruments Corporation)
S3 nipalusbedl; C:\WINDOWS\System32\drivers\nipalusbedl.sys [13624 2012-12-19] (National Instruments Corporation)
R0 nipbcfk; C:\WINDOWS\System32\drivers\nipbcfk.sys [16984 2012-12-18] (National Instruments Corporation)
S3 NiViPciK; C:\WINDOWS\System32\drivers\NiViPciKl.sys [15200 2013-12-11] (National Instruments Corporation)
R2 NiViPxiK; C:\WINDOWS\System32\drivers\NiViPxiKl.sys [15200 2013-12-11] (National Instruments Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7209bde3180ef5f7\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-06-01] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation                           )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
S3 SIVDRIVER; C:\windows\system32\Drivers\SIVX64.sys [57312 2008-06-14] (Ray Hinchliffe)
R2 SPSniff; C:\Program Files\Eltima Software\Serial Port Monitor\SPSniff.sys [36512 2015-07-16] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-07-30] ()
S3 Usbtmc; C:\WINDOWS\System32\Drivers\ausbtmc.sys [24064 2013-10-07] (IVI Foundation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [268800 2014-01-28] (Jungo Connectivity)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-30 18:16 - 2017-07-30 18:16 - 000025016 _____ C:\Users\jeff\Desktop\FRST.txt
2017-07-30 18:16 - 2017-07-30 18:16 - 000000000 ____D C:\FRST
2017-07-30 18:15 - 2017-07-30 18:15 - 002381312 _____ (Farbar) C:\Users\jeff\Desktop\FRST64.exe
2017-07-30 13:21 - 2017-07-30 13:21 - 000029170 _____ C:\ProgramData\agent.1501438868.bdinstall.bin
2017-07-30 13:10 - 2017-07-30 13:10 - 000000872 _____ C:\Users\jeff\Desktop\JRT.txt
2017-07-30 13:07 - 2017-07-30 13:07 - 001790024 _____ (Malwarebytes) C:\Users\jeff\Downloads\JRT.exe
2017-07-30 12:30 - 2017-07-30 16:37 - 000093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-30 12:30 - 2017-07-30 14:23 - 000101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-30 12:30 - 2017-07-30 14:23 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-30 12:29 - 2017-07-30 12:29 - 064025992 _____ (Malwarebytes ) C:\Users\jeff\Downloads\mb3-setup-1878.1878-3.1.2.1733-10139.exe
2017-07-30 12:00 - 2017-07-30 14:23 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-30 12:00 - 2017-07-30 12:35 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-30 12:00 - 2017-07-30 12:30 - 000188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-07-30 12:00 - 2017-07-30 12:12 - 000000000 ____D C:\Users\jeff\Desktop\mbar
2017-07-30 12:00 - 2017-07-30 12:00 - 016564750 _____ (Malwarebytes Corp.) C:\Users\jeff\Downloads\mbar-1.09.4.1001.exe
2017-07-30 11:38 - 2017-07-30 11:38 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\jeff\Downloads\rkill.exe
2017-07-30 11:36 - 2017-07-30 11:36 - 000002627 _____ C:\Users\jeff\Desktop\AdwCleaner[C0].txt
2017-07-30 11:33 - 2017-07-30 13:08 - 000000000 ____D C:\AdwCleaner
2017-07-30 11:29 - 2017-07-30 11:31 - 000000000 ____D C:\WINDOWS\Minidump
2017-07-30 11:29 - 2017-07-30 11:29 - 000451356 _____ C:\WINDOWS\Minidump\073017-9875-01.dmp
2017-07-30 11:22 - 2017-07-30 11:22 - 008162248 _____ (Malwarebytes) C:\Users\jeff\Downloads\AdwCleaner.exe
2017-07-30 11:20 - 2017-07-30 11:20 - 005198336 _____ (AVAST Software) C:\Users\jeff\Downloads\aswMBR.exe
2017-07-30 11:20 - 2017-07-30 11:20 - 000002451 _____ C:\Users\jeff\Desktop\FSS.txt
2017-07-30 11:19 - 2017-07-30 11:19 - 000899584 _____ (Farbar) C:\Users\jeff\Downloads\FSS.exe
2017-07-30 11:18 - 2017-07-30 11:19 - 004922400 _____ (AO Kaspersky Lab) C:\Users\jeff\Downloads\tdsskiller.exe
2017-07-30 11:07 - 2017-07-30 11:07 - 000003654 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-07-30 10:55 - 2017-07-30 10:55 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-EPH7TG4-Windows-10-Home-(64-bit).dat
2017-07-30 10:55 - 2017-07-30 10:55 - 000000000 ____D C:\RegBackup
2017-07-30 10:52 - 2017-07-30 10:52 - 000194500 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2017-07-30 10:52 - 2017-07-30 10:52 - 000003780 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-07-30 10:52 - 2017-07-30 10:52 - 000002239 _____ C:\Users\jeff\Desktop\Tweaking.com - Windows Repair.lnk
2017-07-30 10:52 - 2017-07-30 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-07-30 10:52 - 2017-07-30 10:52 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2017-07-30 10:48 - 2017-07-30 10:48 - 016563352 _____ (Malwarebytes Corp.) C:\Users\jeff\Downloads\mbar-1.09.3.1001.exe
2017-07-30 10:43 - 2017-07-30 10:43 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-07-30 10:43 - 2017-07-30 10:43 - 000000000 ____D C:\ProgramData\RogueKiller
2017-07-30 10:43 - 2017-07-30 10:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-30 10:43 - 2017-07-30 10:43 - 000000000 ____D C:\Program Files\RogueKiller
2017-07-30 10:41 - 2017-07-30 10:41 - 000000000 ____D C:\WINDOWS\ERDNT
2017-07-30 10:39 - 2017-07-30 11:39 - 000002814 _____ C:\Users\jeff\Desktop\Rkill.txt
2017-07-29 11:16 - 2017-07-29 11:20 - 000000000 ____D C:\Users\jeff\AppData\Local\AvgSetupLog
2017-07-29 11:16 - 2017-07-29 11:20 - 000000000 ____D C:\ProgramData\Avg
2017-07-29 11:16 - 2017-07-29 11:16 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\jeff\Downloads\AVG_Protection_Free_1606.exe
2017-07-29 11:16 - 2017-07-29 11:16 - 000000000 ____D C:\Users\jeff\AppData\Local\Avg
2017-07-29 11:14 - 2017-07-30 13:21 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-07-29 11:14 - 2017-07-29 11:14 - 008465984 _____ C:\Users\jeff\Downloads\bitdefender_online.exe
2017-07-29 11:14 - 2017-07-29 11:14 - 000047527 _____ C:\ProgramData\agent.1501344893.bdinstall.bin
2017-07-29 11:14 - 2017-07-29 11:14 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-07-29 11:02 - 2017-07-29 11:02 - 000000000 ____D C:\WINDOWS\pss
2017-07-27 19:28 - 2017-07-27 19:28 - 044003024 _____ (Microsoft Corporation) C:\Users\jeff\Downloads\Windows-KB890830-x64-V5.50.exe
2017-07-27 19:16 - 2017-07-30 14:23 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-27 19:16 - 2017-07-30 12:30 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-27 19:16 - 2017-07-30 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-27 19:16 - 2017-07-30 12:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-07-27 19:16 - 2017-07-27 19:16 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-27 19:13 - 2017-07-27 19:16 - 000032887 _____ C:\Users\jeff\Desktop\mb-clean-results.txt
2017-07-27 18:59 - 2017-07-27 18:59 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Yahoo
2017-07-27 18:58 - 2017-07-30 11:34 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2017-07-27 18:47 - 2017-07-27 19:03 - 000000000 ____D C:\Users\jeff\AppData\Local\Deployment
2017-07-27 18:33 - 2017-07-27 18:33 - 065033984 _____ (Malwarebytes ) C:\Users\jeff\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe
2017-07-27 18:25 - 2017-07-27 18:27 - 000000000 ____D C:\Users\jeff\AppData\Roaming\ygujmhkjsnc
2017-07-27 18:23 - 2017-07-27 18:23 - 006199800 _____ (Malwarebytes ) C:\Users\jeff\Downloads\Unconfirmed 861909.crdownload
2017-07-27 18:20 - 2017-07-27 18:22 - 006810504 _____ (Malwarebytes ) C:\Users\jeff\Downloads\Unconfirmed 103733.crdownload
2017-07-27 18:19 - 2017-07-27 18:20 - 065033984 _____ (Malwarebytes ) C:\Users\jeff\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-27 18:03 - 2017-07-27 18:24 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-07-27 18:03 - 2017-07-27 18:07 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-07-27 18:03 - 2017-07-27 18:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-07-27 18:00 - 2017-07-27 18:00 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-651533093-3901169317-4024127600-1001
2017-07-27 17:47 - 2017-07-27 18:31 - 000000000 ____D C:\Users\jeff\AppData\Roaming\kkyjhkwnqtg
2017-07-27 17:38 - 2017-07-27 18:31 - 000000000 ____D C:\Users\jeff\AppData\Roaming\li23iqhtpxt
2017-07-27 17:37 - 2017-07-30 12:12 - 000000000 ____D C:\Users\jeff\AppData\Local\aqedlyh
2017-07-27 17:37 - 2017-07-30 12:12 - 000000000 ____D C:\Program Files\HSXXKV8BHI
2017-07-27 17:37 - 2017-07-30 12:12 - 000000000 ____D C:\Program Files (x86)\WeatherInspect
2017-07-27 17:37 - 2017-07-27 18:31 - 000000000 ____D C:\Users\jeff\AppData\Roaming\m5ux5gjac33
2017-07-27 17:37 - 2017-07-27 17:37 - 000000000 ____D C:\Users\jeff\AppData\Roaming\c
2017-07-27 17:37 - 2017-07-27 17:37 - 000000000 ____D C:\Users\jeff\AppData\Local\gggatvei
2017-07-27 17:23 - 2017-07-27 19:13 - 2954291200 _____ C:\Users\jeff\Downloads\mathworks_matlab_r2013b.iso
2017-07-27 17:13 - 2017-07-27 17:13 - 000000000 ____D C:\Users\jeff\Downloads\MATLAB
2017-07-27 17:11 - 2017-07-27 19:13 - 000000000 ____D C:\Users\jeff\AppData\Roaming\uTorrent
2017-07-27 17:11 - 2017-07-27 17:12 - 000000000 ____D C:\Users\jeff\AppData\Local\{64485214-40E0-3EAC-2D78-1B440910E7DC}
2017-07-27 17:11 - 2017-07-27 17:11 - 000000902 _____ C:\Users\jeff\Desktop\µTorrent.lnk
2017-07-27 17:11 - 2017-07-27 17:11 - 000000882 _____ C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-07-27 17:10 - 2017-07-27 17:10 - 001733104 _____ (BitTorrent Inc.) C:\Users\jeff\Downloads\uTorrent.exe
2017-07-27 17:03 - 2017-06-15 17:02 - 005110348 _____ C:\Users\jeff\Downloads\Mathworks.Filter.Design.Hdl.Co.keygen.exe
2017-07-27 16:34 - 2017-07-27 16:34 - 000007051 _____ C:\Users\jeff\Documents\Book1.csv
2017-07-26 13:41 - 2017-07-26 13:41 - 000000900 _____ C:\Users\jeff\Documents\Footage Calculation.txt
2017-07-26 12:59 - 2017-07-26 12:59 - 006119631 _____ C:\Users\jeff\Documents\1YCF1UA.pdf
2017-07-26 12:57 - 2017-07-26 12:57 - 007649457 _____ C:\Users\jeff\Documents\838517040002.pdf
2017-07-26 12:54 - 2017-07-26 12:54 - 000076429 _____ C:\Users\jeff\Documents\jdr468p5wn.pdf
2017-07-26 12:53 - 2017-07-26 12:53 - 000278019 _____ C:\Users\jeff\Documents\2016HearingRulesProcedures.pdf
2017-07-26 12:53 - 2017-07-26 12:53 - 000198486 _____ C:\Users\jeff\Documents\Practical tips to win your property tax protest in Houston.html
2017-07-26 12:53 - 2017-07-26 12:53 - 000172667 _____ C:\Users\jeff\Documents\GTA-IAD-002_v012016.pdf
2017-07-26 12:53 - 2017-07-26 12:53 - 000125616 _____ C:\Users\jeff\Documents\GTA-IAD-001.pdf
2017-07-26 12:53 - 2017-07-26 12:53 - 000000000 ____D C:\Users\jeff\Documents\Practical tips to win your property tax protest in Houston_files
2017-07-26 12:49 - 2017-07-26 12:49 - 002114536 _____ C:\Users\jeff\Downloads\Taylor appraisal.pdf
2017-07-26 11:27 - 2017-07-26 11:27 - 002183099 _____ C:\Users\jeff\Downloads\RFIntrinsicSafety.pdf
2017-07-25 17:09 - 2017-07-25 17:09 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-07-25 17:04 - 2017-07-25 17:04 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Subversion
2017-07-25 17:04 - 2017-07-25 17:04 - 000000000 ____D C:\Users\jeff\AppData\Local\MathWorks
2017-07-25 17:03 - 2017-07-27 16:51 - 000000000 ____D C:\Users\jeff\Documents\MATLAB
2017-07-25 17:03 - 2017-07-25 17:03 - 000000000 ____D C:\Users\jeff\AppData\Roaming\MathWorks
2017-07-25 16:29 - 2017-07-25 16:29 - 000000000 ____D C:\Program Files\MATLAB
2017-07-25 16:26 - 2017-07-25 16:27 - 092691288 _____ C:\Users\jeff\Downloads\matlab_R2017a_win64.exe
2017-07-25 16:21 - 2017-07-25 16:21 - 000219756 _____ C:\Users\jeff\Downloads\Comparison Tables UL 60079-11.pdf
2017-07-24 17:01 - 2017-07-24 17:02 - 054260969 _____ C:\Users\jeff\Downloads\stp2.stp
2017-07-24 15:52 - 2017-07-24 15:52 - 000074861 _____ C:\Users\jeff\Documents\certificate-of-earnings.pdf
2017-07-24 14:49 - 2017-07-24 14:49 - 000053492 _____ C:\Users\jeff\Downloads\Doppler Flow Meter Test Report-20170724.xlsx
2017-07-24 11:43 - 2017-07-24 11:43 - 000066702 _____ C:\Users\jeff\Downloads\Doppler PCB Troubleshooting.pdf
2017-07-22 11:42 - 2017-07-22 11:42 - 000000000 ____D C:\Users\jeff\AppData\Local\DBG
2017-07-21 14:21 - 2017-07-21 14:21 - 000076100 _____ C:\Users\jeff\Downloads\Proposal 4357 FlowCommand IP Testing.pdf
2017-07-20 10:35 - 2017-07-20 10:36 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Stamps.com Internet Postage
2017-07-20 10:35 - 2017-07-20 10:35 - 000001082 _____ C:\Users\Public\Desktop\Stamps.com.lnk
2017-07-20 10:35 - 2017-07-20 10:35 - 000000036 ____H C:\WINDOWS\SysWOW64\f9t.dat
2017-07-20 10:35 - 2017-07-20 10:35 - 000000000 ____D C:\Users\jeff\AppData\Local\Seven Zip
2017-07-20 10:35 - 2017-07-20 10:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
2017-07-20 10:35 - 2017-07-20 10:35 - 000000000 ____D C:\ProgramData\{91382281-3F89-4122-BFF2-72579BE400BB}
2017-07-20 10:35 - 2017-07-20 10:35 - 000000000 ____D C:\Program Files (x86)\Stamps.com Internet Postage
2017-07-20 10:12 - 2017-07-20 10:13 - 036808240 _____ (Stamps.com, Inc. ) C:\Users\jeff\Downloads\stamps.exe
2017-07-19 18:28 - 2017-07-19 18:28 - 000126732 _____ C:\Users\jeff\Downloads\Coursera Diversification.pdf
2017-07-19 17:33 - 2017-07-19 17:33 - 000039955 _____ C:\Users\jeff\Downloads\_b01664a045fe7720c1bf143fe3fef7a9_VBTLX-and-VFIAX-Monthly-Returns (1).xlsx
2017-07-18 15:54 - 2017-07-18 15:54 - 000667497 _____ C:\Users\jeff\Downloads\messages-1500411258984.csv
2017-07-18 15:44 - 2017-07-18 15:44 - 000687124 _____ C:\Users\jeff\Downloads\messages-1500410641432.csv
2017-07-18 15:36 - 2017-07-18 15:36 - 001889221 _____ C:\Users\jeff\Downloads\proving-liquid-ultrasonic-flowmeters-case-study.pdf
2017-07-18 15:36 - 2017-07-18 15:36 - 000595016 _____ C:\Users\jeff\Downloads\Proving Liquid Ultrasonic Flowmeters For Custody Transfer Measurement TPLS002.pdf
2017-07-18 12:05 - 2017-07-18 12:05 - 004625189 _____ C:\Users\jeff\Downloads\Loans_20160101to20170101_20170717T060057.zip
2017-07-18 12:05 - 2017-07-18 12:05 - 000000000 ____D C:\Users\jeff\Downloads\Loans_20160101to20170101_20170717T060057
2017-07-18 11:49 - 2017-07-18 11:49 - 000000844 _____ C:\Users\jeff\Downloads\Exco Scalar Edits - Sheet4 (1).csv
2017-07-18 11:45 - 2017-07-18 11:45 - 000000596 _____ C:\Users\jeff\Downloads\Exco Scalar Edits - Sheet4.csv
2017-07-18 10:39 - 2017-07-18 10:39 - 000001168 _____ C:\Users\jeff\Downloads\Voltaic Solar Power - Sheet1.csv
2017-07-17 17:01 - 2017-07-17 17:01 - 000039955 _____ C:\Users\jeff\Downloads\_b01664a045fe7720c1bf143fe3fef7a9_VBTLX-and-VFIAX-Monthly-Returns.xlsx
2017-07-17 15:31 - 2017-07-17 16:20 - 000181204 _____ C:\Users\jeff\Downloads\Petronac 5 Algorithm.xlsx
2017-07-17 14:34 - 2017-07-17 14:34 - 000000434 _____ C:\Users\jeff\Downloads\event.ics
2017-07-17 14:31 - 2017-07-17 14:31 - 000131696 _____ C:\Users\jeff\Documents\Houston water report.pdf
2017-07-17 12:25 - 2017-07-17 12:25 - 000050110 _____ C:\Users\jeff\Downloads\DM_Studio_Pricing.pdf
2017-07-17 11:28 - 2017-07-17 11:28 - 011810016 _____ C:\Users\jeff\Downloads\VID_20170716_015335.avi
2017-07-14 13:58 - 2017-07-14 13:58 - 000002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-07-14 13:58 - 2017-07-14 13:58 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-07-14 13:50 - 2017-07-14 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-07-14 13:50 - 2017-07-14 13:50 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-07-14 13:50 - 2017-07-14 13:50 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-07-14 13:50 - 2017-07-14 13:50 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-07-14 13:50 - 2017-07-14 13:50 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-07-14 13:50 - 2017-07-14 13:50 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-07-14 13:50 - 2017-07-14 13:50 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-07-14 13:50 - 2017-07-14 13:50 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-07-14 13:47 - 2017-07-27 19:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-14 13:47 - 2017-07-14 13:47 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-07-14 13:46 - 2017-07-14 13:46 - 004310328 _____ (Microsoft Corporation) C:\Users\jeff\Downloads\Setup.x86.en-us_O365HomePremRetail_OEMSMB_.exe
2017-07-14 13:38 - 2017-07-14 13:38 - 010277376 _____ C:\Users\jeff\Downloads\VB60SP6-KB2708437-x86-ENU.msi
2017-07-14 13:29 - 2017-07-14 13:29 - 005131978 _____ C:\Users\jeff\Downloads\OpenSolver2.8.6_LinearWin.zip
2017-07-14 13:25 - 2017-07-20 08:34 - 002132164 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_msft.xlsx
2017-07-14 13:10 - 2017-07-14 13:10 - 007058744 _____ (Microsoft Corporation) C:\Users\jeff\Downloads\Setup.X64.en-us_O365BusinessRetail_0f4ae330-f425-42fe-bf39-da2588152245_TX_PR_b_16_.exe
2017-07-14 13:10 - 2017-07-14 13:10 - 004310328 _____ (Microsoft Corporation) C:\Users\jeff\Downloads\Setup.X86.en-us_O365BusinessRetail_0f4ae330-f425-42fe-bf39-da2588152245_TX_PR_b_16_ (2).exe
2017-07-14 13:09 - 2017-07-14 13:09 - 004310328 _____ (Microsoft Corporation) C:\Users\jeff\Downloads\Setup.X86.en-us_O365BusinessRetail_0f4ae330-f425-42fe-bf39-da2588152245_TX_PR_b_16_ (1).exe
2017-07-14 13:08 - 2017-07-14 13:08 - 004310328 _____ (Microsoft Corporation) C:\Users\jeff\Downloads\Setup.X86.en-us_O365BusinessRetail_0f4ae330-f425-42fe-bf39-da2588152245_TX_PR_b_16_.exe
2017-07-14 12:21 - 2017-07-14 12:21 - 000147067 _____ C:\Users\jeff\Downloads\_441f639884b4449fdcc212a2d8ed1b7c_aapl (1).csv
2017-07-14 11:32 - 2017-07-14 11:32 - 000093601 _____ C:\Users\jeff\Downloads\_d54e93ebdf2971e11509d23595ca6209_wfc (1).csv
2017-07-14 10:07 - 2017-07-14 10:07 - 000039074 _____ C:\Users\jeff\Downloads\QSF 27-1-03 Rev 1.3 CTS US Certification and Listing Agreement.pdf
2017-07-14 09:58 - 2017-07-14 09:58 - 000123870 _____ C:\Users\jeff\Downloads\4159136HAZ-01 Letter Report BR (1).PDF
2017-07-13 18:05 - 2017-07-13 18:05 - 003479082 _____ C:\Users\jeff\Downloads\Sensor vs Pemex_Sepec.pptx
2017-07-13 12:43 - 2017-07-13 12:43 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 020504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 019335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 017364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 013839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 011870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 008331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 008318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 008238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 007904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 007336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 007325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 006759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 006554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 006287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 004730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 004447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 002938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 002679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 002298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-13 12:43 - 2017-07-13 12:43 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-13 12:43 - 2017-07-13 12:43 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 001674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 001420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-13 12:43 - 2017-07-13 12:43 - 001357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 001237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-13 12:43 - 2017-07-13 12:43 - 001057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-13 12:43 - 2017-07-13 12:43 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-13 12:43 - 2017-07-13 12:43 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-13 12:43 - 2017-07-13 12:43 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-13 12:43 - 2017-07-13 12:43 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-13 12:43 - 2017-07-13 12:43 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-13 12:43 - 2017-07-13 12:43 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-13 12:43 - 2017-07-13 12:43 - 000544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-13 12:43 - 2017-07-13 12:43 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-13 12:43 - 2017-07-13 12:43 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-13 12:43 - 2017-07-13 12:43 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-13 12:43 - 2017-07-13 12:43 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 006726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 006535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 004709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 004672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 003135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 002625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-07-13 12:40 - 2017-07-13 12:40 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-07-13 12:40 - 2017-07-13 12:40 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-07-13 12:40 - 2017-07-13 12:40 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-07-13 12:40 - 2017-07-13 12:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-07-13 12:40 - 2017-07-13 12:40 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-07-13 12:38 - 2017-07-13 12:38 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-07-13 12:38 - 2017-07-13 09:46 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-07-13 12:36 - 2017-07-13 12:36 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-07-13 12:36 - 2017-07-13 12:36 - 000000000 ____D C:\Program Files\MSBuild
2017-07-13 12:36 - 2017-07-13 12:36 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-07-13 12:36 - 2017-07-13 12:36 - 000000000 ____D C:\inetpub
2017-07-13 12:36 - 2017-07-13 09:50 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-07-13 12:36 - 2017-02-10 14:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-07-13 12:36 - 2017-02-10 14:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-07-13 12:36 - 2017-02-10 14:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-07-13 12:36 - 2017-02-10 14:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-07-13 12:36 - 2017-02-10 14:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-07-13 12:36 - 2017-02-10 14:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-07-13 12:35 - 2017-07-13 12:35 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-07-13 11:48 - 2017-07-13 11:48 - 004685083 _____ C:\Users\jeff\Downloads\performance.csv
2017-07-13 11:48 - 2017-07-13 11:48 - 000000334 _____ C:\Users\jeff\Downloads\Upstart_Investor_Portfolio_20170712_Garoon.csv
2017-07-13 10:00 - 2017-07-13 10:00 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-07-13 09:59 - 2017-07-13 09:59 - 000000000 ____D C:\ProgramData\USOShared
2017-07-13 09:58 - 2017-07-13 09:58 - 000000020 ___SH C:\Users\jeff\ntuser.ini
2017-07-13 09:56 - 2017-07-13 09:56 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-07-13 09:56 - 2017-07-13 09:56 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-07-13 09:55 - 2017-07-30 17:06 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0B6F1108-B3F3-4A8D-A0AE-0EFDC21431A1}
2017-07-13 09:55 - 2017-07-30 13:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-13 09:55 - 2017-07-30 10:48 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForjeff
2017-07-13 09:55 - 2017-07-13 09:55 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-07-13 09:55 - 2017-07-13 09:55 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000003176 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000003004 _____ C:\WINDOWS\System32\Tasks\WpsUpdateTask_Administrator
2017-07-13 09:55 - 2017-07-13 09:55 - 000003004 _____ C:\WINDOWS\System32\Tasks\WpsNotifyTask_Administrator
2017-07-13 09:55 - 2017-07-13 09:55 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000002968 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000002494 _____ C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2017-07-13 09:55 - 2017-07-13 09:55 - 000002422 _____ C:\WINDOWS\System32\Tasks\{54A390B0-EC5E-41D5-ACA9-28F7E1BCF737}
2017-07-13 09:55 - 2017-07-13 09:55 - 000002356 _____ C:\WINDOWS\System32\Tasks\{B15D828F-7C60-4FFF-A6E2-3C76F5C5FF75}
2017-07-13 09:55 - 2017-07-13 09:55 - 000002332 _____ C:\WINDOWS\System32\Tasks\{4FCD3F8C-0211-4EC0-9AE8-9A732873D8FB}
2017-07-13 09:55 - 2017-07-13 09:55 - 000002172 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2017-07-13 09:55 - 2017-07-13 09:55 - 000002170 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_WILLAMETTE
2017-07-13 09:55 - 2017-07-13 09:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-07-13 09:55 - 2017-07-13 09:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-07-13 09:53 - 2017-07-13 09:53 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-07-13 09:48 - 2017-07-30 13:12 - 000943268 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-13 09:48 - 2017-07-30 11:34 - 000000000 ____D C:\Users\jeff
2017-07-13 09:48 - 2017-07-30 11:02 - 001218836 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-07-13 09:48 - 2017-07-13 09:53 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-07-13 09:47 - 2017-07-30 13:11 - 000000000 ____D C:\ProgramData\NVIDIA
2017-07-13 09:47 - 2017-07-13 09:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-13 09:47 - 2017-07-13 09:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-07-13 09:47 - 2017-07-13 09:50 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-13 09:47 - 2017-07-13 09:50 - 000000000 ____D C:\Program Files\Common Files\logishrd
2017-07-13 09:47 - 2017-07-13 09:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-07-13 09:47 - 2017-07-13 09:47 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-07-13 09:47 - 2017-07-13 09:47 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-07-13 09:47 - 2017-07-13 09:47 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-07-13 09:47 - 2017-07-13 09:47 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2017-07-13 09:47 - 2017-07-13 09:47 - 000000000 ____D C:\Program Files\Realtek
2017-07-13 09:47 - 2017-05-18 00:55 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-07-13 09:47 - 2017-05-18 00:48 - 006437824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-07-13 09:47 - 2017-05-18 00:48 - 002479736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-07-13 09:47 - 2017-05-18 00:48 - 001762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-07-13 09:47 - 2017-05-18 00:48 - 000548984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-07-13 09:47 - 2017-05-18 00:48 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-07-13 09:47 - 2017-05-18 00:48 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-07-13 09:47 - 2017-05-18 00:48 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-07-13 09:47 - 2017-05-16 13:09 - 007993157 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-07-13 09:47 - 2017-03-18 15:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-07-13 09:46 - 2017-07-30 18:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-13 09:46 - 2017-07-30 11:29 - 000451960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-12 16:10 - 2017-07-12 16:44 - 000271360 _____ C:\Users\jeff\Downloads\Doppler Head.SLDPRT
2017-07-12 09:59 - 2017-07-12 09:59 - 000123870 _____ C:\Users\jeff\Downloads\4159136HAZ-01 Letter Report BR.PDF
2017-07-11 18:42 - 2017-07-11 18:42 - 000147067 _____ C:\Users\jeff\Downloads\_441f639884b4449fdcc212a2d8ed1b7c_aapl.csv
2017-07-11 18:33 - 2017-07-19 17:55 - 000001136 _____ C:\Users\jeff\Downloads\_58217c10deb55d59805ab8050cd390de_aapl_monthly-_2_.csv
2017-07-11 18:33 - 2017-07-14 12:04 - 000237225 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_msft.csv
2017-07-11 18:33 - 2017-07-11 18:33 - 000098787 _____ C:\Users\jeff\Downloads\_d54e93ebdf2971e11509d23595ca6209_xom.csv
2017-07-11 18:33 - 2017-07-11 18:33 - 000097383 _____ C:\Users\jeff\Downloads\_d54e93ebdf2971e11509d23595ca6209_tsla.csv
2017-07-11 18:33 - 2017-07-11 18:33 - 000093601 _____ C:\Users\jeff\Downloads\_d54e93ebdf2971e11509d23595ca6209_wfc.csv
2017-07-11 18:33 - 2017-07-11 18:33 - 000088236 _____ C:\Users\jeff\Downloads\_d54e93ebdf2971e11509d23595ca6209_ttm.csv
2017-07-11 18:32 - 2017-07-11 18:33 - 000110399 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_goog.csv
2017-07-11 18:32 - 2017-07-11 18:32 - 000120414 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_dji.csv
2017-07-11 18:32 - 2017-07-11 18:32 - 000109644 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_aapl.csv
2017-07-11 18:32 - 2017-07-11 18:32 - 000102836 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_bidu.csv
2017-07-11 18:32 - 2017-07-11 18:32 - 000099884 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_dis.csv
2017-07-11 18:32 - 2017-07-11 18:32 - 000097404 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_cop.csv
2017-07-11 17:11 - 2017-07-13 09:57 - 000000000 ___DC C:\WINDOWS\Panther
2017-07-11 17:03 - 2017-07-11 17:03 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Sun
2017-07-11 16:16 - 2017-07-11 16:16 - 000024784 _____ C:\Users\jeff\Downloads\_c18b1009f9adb18587d54dd9b97c1404_MODULE-4-NEW-PRODUCT-VENTURE---BASE-CASE.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-30 18:12 - 2016-10-08 10:25 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Skype
2017-07-30 13:08 - 2017-03-18 06:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-07-30 12:18 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-07-30 11:31 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-07-30 11:31 - 2016-11-21 13:26 - 1151974712 _____ C:\WINDOWS\MEMORY.DMP
2017-07-30 11:29 - 2016-10-15 19:11 - 000000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjeff.job
2017-07-30 11:15 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-07-30 11:12 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-07-30 11:11 - 2016-10-05 12:59 - 000000000 ____D C:\Users\jeff\AppData\Local\Packages
2017-07-30 11:10 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-07-30 11:10 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-07-27 19:28 - 2016-10-05 16:52 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-27 19:19 - 2016-10-05 18:19 - 000000000 ____D C:\Program Files (x86)\Google
2017-07-27 18:56 - 2017-04-14 07:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-27 18:56 - 2017-04-14 07:36 - 000000000 ____D C:\Program Files (x86)\Java
2017-07-27 18:55 - 2017-04-14 07:36 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-07-27 18:27 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-27 18:00 - 2016-10-05 13:02 - 000002367 _____ C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-27 18:00 - 2016-10-05 13:02 - 000000000 ___RD C:\Users\jeff\OneDrive
2017-07-27 17:42 - 2015-07-10 06:04 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_224
2017-07-27 17:36 - 2016-10-05 18:08 - 000032629 _____ C:\Users\jeff\quartus2.qreg
2017-07-26 11:15 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-26 11:15 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-07-26 11:11 - 2016-10-05 17:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-07-24 17:02 - 2016-10-05 18:11 - 000067256 _____ C:\Users\jeff\qms-bmh3.bmp
2017-07-24 17:02 - 2016-10-05 18:11 - 000067256 _____ C:\Users\jeff\qms-bmh2.bmp
2017-07-24 17:02 - 2016-10-05 18:11 - 000067256 _____ C:\Users\jeff\qms-bmh1.bmp
2017-07-24 17:02 - 2016-10-05 18:11 - 000009797 _____ C:\Users\jeff\quartus_web_rules_file.txt
2017-07-17 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-07-14 13:47 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-14 13:20 - 2017-01-05 15:05 - 000000000 ____D C:\Users\jeff\AppData\Local\atom
2017-07-14 13:20 - 2017-01-05 14:30 - 000002236 _____ C:\Users\jeff\Desktop\Atom.lnk
2017-07-14 13:20 - 2017-01-05 14:30 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-07-14 13:06 - 2016-10-08 10:22 - 000000000 ____D C:\Users\jeff\AppData\Local\ConnectedDevicesPlatform
2017-07-14 03:26 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-07-13 17:11 - 2017-05-22 10:33 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-13 12:46 - 2017-03-18 16:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-07-13 12:44 - 2017-03-18 16:06 - 000000000 ____D C:\WINDOWS\Setup
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-13 12:40 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-07-13 12:40 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-07-13 12:40 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-07-13 12:40 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-07-13 12:36 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-07-13 12:36 - 2017-03-18 15:59 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-07-13 12:36 - 2017-03-18 15:59 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-07-13 12:36 - 2017-03-18 15:59 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-07-13 09:59 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-07-13 09:58 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-13 09:58 - 2015-07-16 09:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-07-13 09:57 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-07-13 09:56 - 2017-03-18 21:31 - 000000000 ____D C:\WINDOWS\HoloShell
2017-07-13 09:56 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Registration
2017-07-13 09:56 - 2017-03-18 06:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-13 09:56 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-07-13 09:55 - 2017-03-18 16:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-07-13 09:55 - 2016-10-08 10:16 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-07-13 09:53 - 2017-06-18 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeidiSQL
2017-07-13 09:53 - 2017-06-18 11:51 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mipc
2017-07-13 09:53 - 2017-05-17 18:38 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-07-13 09:53 - 2017-05-17 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2017-07-13 09:53 - 2017-04-05 16:22 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA's Eyes
2017-07-13 09:53 - 2017-03-06 17:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2017-07-13 09:53 - 2017-01-05 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LLVM
2017-07-13 09:53 - 2017-01-05 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2017-07-13 09:53 - 2016-12-12 15:29 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flip 3.4.7
2017-07-13 09:53 - 2016-12-12 14:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atmel Studio 7.0
2017-07-13 09:53 - 2016-12-12 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2017-07-13 09:53 - 2016-12-12 14:43 - 000000000 ____D C:\WINDOWS\system32\1033
2017-07-13 09:53 - 2016-10-27 10:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-07-13 09:53 - 2016-10-19 16:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2016
2017-07-13 09:53 - 2016-10-18 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prusa3D
2017-07-13 09:53 - 2016-10-18 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-07-13 09:53 - 2016-10-17 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KiCad
2017-07-13 09:53 - 2016-10-17 15:27 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HART Analyzer
2017-07-13 09:53 - 2016-10-17 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABM Probe Gateway
2017-07-13 09:53 - 2016-10-09 20:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
2017-07-13 09:53 - 2016-10-09 13:56 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-07-13 09:53 - 2016-10-09 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-07-13 09:53 - 2016-10-06 16:51 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2017-07-13 09:53 - 2016-10-06 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cura 2.1
2017-07-13 09:53 - 2016-10-06 13:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2012
2017-07-13 09:53 - 2016-10-05 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks Installation Manager
2017-07-13 09:53 - 2016-10-05 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-07-13 09:53 - 2016-10-05 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
2017-07-13 09:53 - 2016-10-05 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altera 16.0.0.211 Lite Edition
2017-07-13 09:53 - 2015-11-24 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 25 GB
2017-07-13 09:53 - 2015-11-24 10:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-07-13 09:53 - 2015-11-24 10:24 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-07-13 09:50 - 2017-06-09 10:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texas Instruments
2017-07-13 09:50 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-07-13 09:50 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-07-13 09:50 - 2017-03-16 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-07-13 09:50 - 2016-10-17 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eltima Software
2017-07-13 09:50 - 2016-10-09 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2017-07-13 09:50 - 2016-10-08 14:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2017-07-13 09:50 - 2016-10-08 10:02 - 000000000 ____D C:\Program Files\Intel
2017-07-13 09:50 - 2016-10-06 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2017-07-13 09:50 - 2016-10-05 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIGOL
2017-07-13 09:50 - 2016-10-05 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\cvirte
2017-07-13 09:50 - 2016-10-05 18:15 - 000000000 ____D C:\WINDOWS\system32\cvirte
2017-07-13 09:48 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-07-13 09:47 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Help
2017-07-13 09:47 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-07-12 16:47 - 2017-06-06 11:45 - 000686080 _____ C:\Users\jeff\Downloads\Doppler Mount.SLDASM
2017-07-12 16:47 - 2016-10-06 13:36 - 000000000 ____D C:\Users\jeff\AppData\Local\TempSWBackupDirectory
2017-07-12 16:34 - 2017-06-06 10:55 - 000278016 _____ C:\Users\jeff\Downloads\Doppler Mount Bottom.SLDPRT
2017-07-12 15:58 - 2016-10-05 17:05 - 000000000 ____D C:\Users\jeff\AppData\Roaming\SolidWorks
2017-07-12 15:58 - 2016-10-05 17:05 - 000000000 ____D C:\Users\jeff\AppData\Local\SolidWorks
2017-07-11 17:53 - 2016-10-25 14:06 - 000000000 ____D C:\Users\jeff\AppData\Local\Arduino15
2017-07-11 17:13 - 2016-10-05 16:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-07-11 17:04 - 2017-04-14 07:36 - 000000000 ____D C:\ProgramData\Oracle
2017-07-11 17:03 - 2017-04-14 07:36 - 000268864 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2017-07-11 16:57 - 2017-03-16 21:10 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-07-11 16:57 - 2017-01-05 14:04 - 000000000 ____D C:\ProgramData\Skype
2017-07-10 16:58 - 2017-05-17 18:38 - 000000000 ____D C:\Program Files\UNP
2017-07-10 16:55 - 2017-01-28 19:07 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-07-10 16:55 - 2017-01-28 19:07 - 000001035 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-07-10 16:55 - 2016-11-16 14:43 - 000000000 ____D C:\Users\jeff\AppData\Local\CrashDumps
2017-06-30 09:47 - 2017-03-18 16:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 09:47 - 2017-03-18 16:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-10-23 19:54 - 2016-10-23 19:54 - 000003943 _____ () C:\Users\jeff\AppData\Roaming\LTspiceXVII.ini
2017-05-17 11:32 - 2017-05-17 11:32 - 000125952 _____ () C:\Users\jeff\AppData\Local\report
2016-10-13 16:22 - 2016-10-19 17:48 - 000000000 _____ () C:\Users\jeff\AppData\Local\Temptable.xml
2017-07-29 11:14 - 2017-07-29 11:14 - 000047527 _____ () C:\ProgramData\agent.1501344893.bdinstall.bin
2017-07-30 13:21 - 2017-07-30 13:21 - 000029170 _____ () C:\ProgramData\agent.1501438868.bdinstall.bin

Some files in TEMP:
====================
2017-07-30 10:43 - 2017-07-13 12:43 - 001930320 ____N (Microsoft Corporation) C:\Users\jeff\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-25 10:47

==================== End of FRST.txt ============================



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 30 July 2017 - 09:03 PM

Almost done :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
How's your system behaving now? Are there any other issues to address?

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 jgaro

jgaro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 31 July 2017 - 09:30 AM

System seems to be running well now.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-07-2017
Ran by jeff (31-07-2017 09:22:20) Run:1
Running from C:\Users\jeff\Desktop
Loaded Profiles: jeff (Available Profiles: jeff)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

DeleteKey: HKLM\SOFTWARE\Google\Chrome\Extension\nahhmpbckpgdidfnmfkfgiflpjijilce
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Google\Chrome\Extension\nahhmpbckpgdidfnmfkfgiflpjijilce
DeleteKey: HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Google\Chrome\Extension\nahhmpbckpgdidfnmfkfgiflpjijilce
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Google\Chrome\Extension\dofoafnmdocgkdphpkdooahjkhpmakjd

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

SearchScopes: HKU\S-1-5-21-651533093-3901169317-4024127600-1001 -> {FDC75619-E676-4845-AB13-8EA6B5A1959B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle

CHR DefaultSearchURL: Profile 1 -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSuggestURL: Profile 1 -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10

Task: {5623610D-4772-4161-8C95-4AF411D29373} - System32\Tasks\{4FCD3F8C-0211-4EC0-9AE8-9A732873D8FB} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\jeff\Downloads\hmusb_driver\CDM20814_Setup.exe -d C:\Users\jeff\Downloads\hmusb_driver
Task: {646CB90C-5802-484D-9AB2-39103E65DC56} - System32\Tasks\{B15D828F-7C60-4FFF-A6E2-3C76F5C5FF75} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\jeff\Downloads\hmusb_driver (2)\CDM20814_Setup.exe" -d "C:\Users\jeff\Downloads\hmusb_driver (2)"
Task: {C0973513-1711-4E91-8BA3-83956DF10FB1} - System32\Tasks\{54A390B0-EC5E-41D5-ACA9-28F7E1BCF737} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\jeff\Downloads\DRIVER-MK2-AS-6-7-W10\WindowsDriver\installer_x86.exe -d C:\Users\jeff\Downloads\DRIVER-MK2-AS-6-7-W10\WindowsDriver

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:40C12C39 [136]

HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "FZY0TH1RODH2PTC"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "b2etad00njr"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "qwloryzlg1v"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "r54ergwgkff"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "MO0OAEEHJ7EQ1NB"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "FAEF9Y41AAZF95F"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "OESGUNMQDE09M5Z"
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\StartupApproved\Run: => "1X26G4VXQBE0P5H"

C:\Program Files (x86)\Yahoo!
C:\Program Files (x86)\WeatherInspect
C:\Program Files\HSXXKV8BHI
C:\ProgramData\{91382281-3F89-4122-BFF2-72579BE400BB}
C:\ProgramData\boost_interprocess
C:\Users\jeff\AppData\Local\{64485214-40E0-3EAC-2D78-1B440910E7DC}
C:\Users\jeff\AppData\Local\aqedlyh
C:\Users\jeff\AppData\Local\gggatvei
C:\Users\jeff\AppData\Local\report
C:\Users\jeff\AppData\Roaming\c
C:\Users\jeff\AppData\Roaming\kkyjhkwnqtg
C:\Users\jeff\AppData\Roaming\li23iqhtpxt
C:\Users\jeff\AppData\Roaming\ygujmhkjsnc
C:\Users\jeff\AppData\Roaming\m5ux5gjac33
C:\Users\jeff\AppData\Roaming\Yahoo

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Google\Chrome\Extension\nahhmpbckpgdidfnmfkfgiflpjijilce => key not found.
HKLM\SOFTWARE\WOW6432Node\Google\Chrome\Extension\nahhmpbckpgdidfnmfkfgiflpjijilce => key not found.
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Google\Chrome\Extension\nahhmpbckpgdidfnmfkfgiflpjijilce => key not found.
HKLM\SOFTWARE\WOW6432Node\Google\Chrome\Extension\dofoafnmdocgkdphpkdooahjkhpmakjd => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FDC75619-E676-4845-AB13-8EA6B5A1959B} => key removed successfully
HKLM\Software\Classes\CLSID\{FDC75619-E676-4845-AB13-8EA6B5A1959B} => key not found.
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5623610D-4772-4161-8C95-4AF411D29373} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5623610D-4772-4161-8C95-4AF411D29373} => key removed successfully
C:\WINDOWS\System32\Tasks\{4FCD3F8C-0211-4EC0-9AE8-9A732873D8FB} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4FCD3F8C-0211-4EC0-9AE8-9A732873D8FB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{646CB90C-5802-484D-9AB2-39103E65DC56} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{646CB90C-5802-484D-9AB2-39103E65DC56} => key removed successfully
C:\WINDOWS\System32\Tasks\{B15D828F-7C60-4FFF-A6E2-3C76F5C5FF75} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B15D828F-7C60-4FFF-A6E2-3C76F5C5FF75} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0973513-1711-4E91-8BA3-83956DF10FB1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0973513-1711-4E91-8BA3-83956DF10FB1} => key removed successfully
C:\WINDOWS\System32\Tasks\{54A390B0-EC5E-41D5-ACA9-28F7E1BCF737} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{54A390B0-EC5E-41D5-ACA9-28F7E1BCF737} => key removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
C:\ProgramData\Temp => ":40C12C39" ADS removed successfully.
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\FZY0TH1RODH2PTC => value removed successfully
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\FZY0TH1RODH2PTC => value not found.
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\b2etad00njr => value removed successfully
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\b2etad00njr => value not found.
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\qwloryzlg1v => value removed successfully
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\qwloryzlg1v => value not found.
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\r54ergwgkff => value removed successfully
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\r54ergwgkff => value not found.
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\MO0OAEEHJ7EQ1NB => value removed successfully
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MO0OAEEHJ7EQ1NB => value not found.
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\FAEF9Y41AAZF95F => value removed successfully
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\FAEF9Y41AAZF95F => value not found.
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\OESGUNMQDE09M5Z => value removed successfully
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\OESGUNMQDE09M5Z => value not found.
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\1X26G4VXQBE0P5H => value removed successfully
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\1X26G4VXQBE0P5H => value not found.
C:\Program Files (x86)\Yahoo! => moved successfully
C:\Program Files (x86)\WeatherInspect => moved successfully
C:\Program Files\HSXXKV8BHI => moved successfully
C:\ProgramData\{91382281-3F89-4122-BFF2-72579BE400BB} => moved successfully
C:\ProgramData\boost_interprocess => moved successfully
C:\Users\jeff\AppData\Local\{64485214-40E0-3EAC-2D78-1B440910E7DC} => moved successfully
C:\Users\jeff\AppData\Local\aqedlyh => moved successfully
C:\Users\jeff\AppData\Local\gggatvei => moved successfully
C:\Users\jeff\AppData\Local\report => moved successfully
C:\Users\jeff\AppData\Roaming\c => moved successfully
C:\Users\jeff\AppData\Roaming\kkyjhkwnqtg => moved successfully
C:\Users\jeff\AppData\Roaming\li23iqhtpxt => moved successfully
C:\Users\jeff\AppData\Roaming\ygujmhkjsnc => moved successfully
C:\Users\jeff\AppData\Roaming\m5ux5gjac33 => moved successfully
C:\Users\jeff\AppData\Roaming\Yahoo => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11298490 B
Java, Flash, Steam htmlcache => 1026 B
Windows/system/drivers => 786314 B
Edge => 42795945 B
Chrome => 147754319 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 4095285 B
LocalService => 828 B
NetworkService => 1083822 B
jeff => 694054777 B

RecycleBin => 8235 B
EmptyTemp: => 867.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 09:24:45 ====



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 31 July 2017 - 10:47 AM

Good :) Run a new scan with FRST and provide me the FRST.txt log. It seems that some keys might be left behind.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 jgaro

jgaro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 31 July 2017 - 10:49 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-07-2017
Ran by jeff (administrator) on DESKTOP-EPH7TG4 (31-07-2017 10:47:50)
Running from C:\Users\jeff\Desktop
Loaded Profiles: jeff (Available Profiles: jeff)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\altera_lite\16.0\quartus\bin64\jtagserver.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Flux Software LLC) C:\Users\jeff\AppData\Local\FluxSoftware\Flux\flux.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(hxxp://www.ruby-lang.org/) C:\Users\jeff\AppData\Local\Temp\ocrFA3E.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\jeff\AppData\Local\Temp\ocr67DD.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8483032 2015-06-16] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\Run: [Akamai NetSession Interface] => C:\Users\jeff\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\Run: [f.lux] => C:\Users\jeff\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2016-10-05]
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk [2016-10-05]
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2013-05-11] (National Instruments Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{2fcf8639-e0ed-46d6-91fa-665b004bd02c}: [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{3e4e88e7-41f5-46e5-9b9c-06cd9dbd4e80}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{409c4424-2194-4b0e-9e51-739a54b6243e}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{6816739f-4eea-4b43-9354-5ce1f495499d}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-651533093-3901169317-4024127600-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> {12451705-CE77-4F13-A163-711AE83B6CA2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-651533093-3901169317-4024127600-1001 -> {B1E6523D-C428-469A-8B51-90F856DC45E6} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-21] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-27] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-27] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-651533093-3901169317-4024127600-1001: jpl.nasa.gov/NASAEyes -> C:\Users\jeff\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-03-22] (Jet Propulsion Laboratory)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR DefaultSearchKeyword: Profile 1 -> Yahoo
CHR Profile: C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default [2017-07-31]
CHR Profile: C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-07-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-27]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-651533093-3901169317-4024127600-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-10-05] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 JTAGServer; C:\altera_lite\16.0\quartus\bin64\jtagserver.exe [309760 2016-04-27] () [File not signed]
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5157\wtoolex\wpsupdatesvr.exe [133480 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 LkCitadelServer; C:\windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
R2 lkClassAds; C:\windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
R2 lkTimeSync; C:\windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [83768 2013-06-11] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)
R2 niLXIDiscovery; C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [236768 2013-11-22] (National Instruments Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [176512 2013-06-19] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-12-10] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-06-16] (Realtek Semiconductor)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2016-10-06] (SolidWorks) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AlteraUSBBlaster; C:\WINDOWS\system32\drivers\usbblstr.sys [98160 2016-04-27] (FTDI Ltd.)
R3 atmelwindrvr; C:\WINDOWS\system32\drivers\atmelwindrvr.sys [300488 2015-08-12] (Jungo Connectivity)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-07-30] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-07-30] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-07-31] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-31] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-31] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-31] (Malwarebytes)
R1 MpKsl07912a23; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88001457-52FA-4F44-9E34-B2FEF50C4E71}\MpKsl07912a23.sys [44928 2017-07-31] (Microsoft Corporation)
S3 nidimk; C:\windows\system32\drivers\nidimkl.sys [12968 2012-01-27] (National Instruments Corporation)
S3 niorbk; C:\windows\system32\drivers\niorbkl.sys [12992 2012-06-28] (National Instruments Corporation)
S3 nipalfwedl; C:\WINDOWS\System32\drivers\nipalfwedl.sys [13624 2012-12-19] (National Instruments Corporation)
R0 NIPALK; C:\WINDOWS\System32\drivers\nipalk.sys [926992 2012-12-19] (National Instruments Corporation)
S3 nipalusbedl; C:\WINDOWS\System32\drivers\nipalusbedl.sys [13624 2012-12-19] (National Instruments Corporation)
R0 nipbcfk; C:\WINDOWS\System32\drivers\nipbcfk.sys [16984 2012-12-18] (National Instruments Corporation)
S3 NiViPciK; C:\WINDOWS\System32\drivers\NiViPciKl.sys [15200 2013-12-11] (National Instruments Corporation)
R2 NiViPxiK; C:\WINDOWS\System32\drivers\NiViPxiKl.sys [15200 2013-12-11] (National Instruments Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7209bde3180ef5f7\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-06-01] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation                           )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
S3 SIVDRIVER; C:\windows\system32\Drivers\SIVX64.sys [57312 2008-06-14] (Ray Hinchliffe)
R2 SPSniff; C:\Program Files\Eltima Software\Serial Port Monitor\SPSniff.sys [36512 2015-07-16] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-07-30] ()
S3 Usbtmc; C:\WINDOWS\System32\Drivers\ausbtmc.sys [24064 2013-10-07] (IVI Foundation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [268800 2014-01-28] (Jungo Connectivity)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-31 09:22 - 2017-07-31 09:24 - 000010320 _____ C:\Users\jeff\Desktop\Fixlog.txt
2017-07-30 18:17 - 2017-07-30 18:17 - 000065754 _____ C:\Users\jeff\Desktop\Addition.txt
2017-07-30 18:16 - 2017-07-31 10:47 - 000025788 _____ C:\Users\jeff\Desktop\FRST.txt
2017-07-30 18:16 - 2017-07-31 10:47 - 000000000 ____D C:\FRST
2017-07-30 18:15 - 2017-07-30 18:15 - 002381312 _____ (Farbar) C:\Users\jeff\Desktop\FRST64.exe
2017-07-30 13:21 - 2017-07-30 13:21 - 000029170 _____ C:\ProgramData\agent.1501438868.bdinstall.bin
2017-07-30 13:10 - 2017-07-30 13:10 - 000000872 _____ C:\Users\jeff\Desktop\JRT.txt
2017-07-30 13:07 - 2017-07-30 13:07 - 001790024 _____ (Malwarebytes) C:\Users\jeff\Downloads\JRT.exe
2017-07-30 12:30 - 2017-07-31 09:25 - 000101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-30 12:30 - 2017-07-31 09:25 - 000093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-30 12:30 - 2017-07-31 09:25 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-30 12:29 - 2017-07-30 12:29 - 064025992 _____ (Malwarebytes ) C:\Users\jeff\Downloads\mb3-setup-1878.1878-3.1.2.1733-10139.exe
2017-07-30 12:00 - 2017-07-31 09:25 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-30 12:00 - 2017-07-30 12:35 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-30 12:00 - 2017-07-30 12:30 - 000188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-07-30 12:00 - 2017-07-30 12:12 - 000000000 ____D C:\Users\jeff\Desktop\mbar
2017-07-30 12:00 - 2017-07-30 12:00 - 016564750 _____ (Malwarebytes Corp.) C:\Users\jeff\Downloads\mbar-1.09.4.1001.exe
2017-07-30 11:38 - 2017-07-30 11:38 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\jeff\Downloads\rkill.exe
2017-07-30 11:36 - 2017-07-30 11:36 - 000002627 _____ C:\Users\jeff\Desktop\AdwCleaner[C0].txt
2017-07-30 11:33 - 2017-07-30 13:08 - 000000000 ____D C:\AdwCleaner
2017-07-30 11:29 - 2017-07-30 11:31 - 000000000 ____D C:\WINDOWS\Minidump
2017-07-30 11:29 - 2017-07-30 11:29 - 000451356 _____ C:\WINDOWS\Minidump\073017-9875-01.dmp
2017-07-30 11:22 - 2017-07-30 11:22 - 008162248 _____ (Malwarebytes) C:\Users\jeff\Downloads\AdwCleaner.exe
2017-07-30 11:20 - 2017-07-30 11:20 - 005198336 _____ (AVAST Software) C:\Users\jeff\Downloads\aswMBR.exe
2017-07-30 11:20 - 2017-07-30 11:20 - 000002451 _____ C:\Users\jeff\Desktop\FSS.txt
2017-07-30 11:19 - 2017-07-30 11:19 - 000899584 _____ (Farbar) C:\Users\jeff\Downloads\FSS.exe
2017-07-30 11:18 - 2017-07-30 11:19 - 004922400 _____ (AO Kaspersky Lab) C:\Users\jeff\Downloads\tdsskiller.exe
2017-07-30 11:07 - 2017-07-30 11:07 - 000003654 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-07-30 10:55 - 2017-07-30 10:55 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-EPH7TG4-Windows-10-Home-(64-bit).dat
2017-07-30 10:55 - 2017-07-30 10:55 - 000000000 ____D C:\RegBackup
2017-07-30 10:52 - 2017-07-30 10:52 - 000194500 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2017-07-30 10:52 - 2017-07-30 10:52 - 000003780 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-07-30 10:52 - 2017-07-30 10:52 - 000002239 _____ C:\Users\jeff\Desktop\Tweaking.com - Windows Repair.lnk
2017-07-30 10:52 - 2017-07-30 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-07-30 10:52 - 2017-07-30 10:52 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2017-07-30 10:48 - 2017-07-30 10:48 - 016563352 _____ (Malwarebytes Corp.) C:\Users\jeff\Downloads\mbar-1.09.3.1001.exe
2017-07-30 10:43 - 2017-07-30 10:43 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-07-30 10:43 - 2017-07-30 10:43 - 000000000 ____D C:\ProgramData\RogueKiller
2017-07-30 10:43 - 2017-07-30 10:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-30 10:43 - 2017-07-30 10:43 - 000000000 ____D C:\Program Files\RogueKiller
2017-07-30 10:41 - 2017-07-30 10:41 - 000000000 ____D C:\WINDOWS\ERDNT
2017-07-30 10:39 - 2017-07-30 11:39 - 000002814 _____ C:\Users\jeff\Desktop\Rkill.txt
2017-07-29 11:16 - 2017-07-29 11:20 - 000000000 ____D C:\Users\jeff\AppData\Local\AvgSetupLog
2017-07-29 11:16 - 2017-07-29 11:20 - 000000000 ____D C:\ProgramData\Avg
2017-07-29 11:16 - 2017-07-29 11:16 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\jeff\Downloads\AVG_Protection_Free_1606.exe
2017-07-29 11:16 - 2017-07-29 11:16 - 000000000 ____D C:\Users\jeff\AppData\Local\Avg
2017-07-29 11:14 - 2017-07-29 11:14 - 008465984 _____ C:\Users\jeff\Downloads\bitdefender_online.exe
2017-07-29 11:14 - 2017-07-29 11:14 - 000047527 _____ C:\ProgramData\agent.1501344893.bdinstall.bin
2017-07-29 11:14 - 2017-07-29 11:14 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-07-29 11:02 - 2017-07-29 11:02 - 000000000 ____D C:\WINDOWS\pss
2017-07-27 19:28 - 2017-07-27 19:28 - 044003024 _____ (Microsoft Corporation) C:\Users\jeff\Downloads\Windows-KB890830-x64-V5.50.exe
2017-07-27 19:16 - 2017-07-30 14:23 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-27 19:16 - 2017-07-30 12:30 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-27 19:16 - 2017-07-30 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-27 19:16 - 2017-07-30 12:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-07-27 19:16 - 2017-07-27 19:16 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-27 19:13 - 2017-07-27 19:16 - 000032887 _____ C:\Users\jeff\Desktop\mb-clean-results.txt
2017-07-27 18:47 - 2017-07-27 19:03 - 000000000 ____D C:\Users\jeff\AppData\Local\Deployment
2017-07-27 18:33 - 2017-07-27 18:33 - 065033984 _____ (Malwarebytes ) C:\Users\jeff\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe
2017-07-27 18:23 - 2017-07-27 18:23 - 006199800 _____ (Malwarebytes ) C:\Users\jeff\Downloads\Unconfirmed 861909.crdownload
2017-07-27 18:20 - 2017-07-27 18:22 - 006810504 _____ (Malwarebytes ) C:\Users\jeff\Downloads\Unconfirmed 103733.crdownload
2017-07-27 18:19 - 2017-07-27 18:20 - 065033984 _____ (Malwarebytes ) C:\Users\jeff\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-27 18:03 - 2017-07-27 18:24 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-07-27 18:03 - 2017-07-27 18:07 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-07-27 18:03 - 2017-07-27 18:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-07-27 18:00 - 2017-07-27 18:00 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-651533093-3901169317-4024127600-1001
2017-07-27 17:23 - 2017-07-27 19:13 - 2954291200 _____ C:\Users\jeff\Downloads\mathworks_matlab_r2013b.iso
2017-07-27 17:13 - 2017-07-27 17:13 - 000000000 ____D C:\Users\jeff\Downloads\MATLAB
2017-07-27 17:11 - 2017-07-27 19:13 - 000000000 ____D C:\Users\jeff\AppData\Roaming\uTorrent
2017-07-27 17:11 - 2017-07-27 17:11 - 000000902 _____ C:\Users\jeff\Desktop\µTorrent.lnk
2017-07-27 17:11 - 2017-07-27 17:11 - 000000882 _____ C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-07-27 17:10 - 2017-07-27 17:10 - 001733104 _____ (BitTorrent Inc.) C:\Users\jeff\Downloads\uTorrent.exe
2017-07-27 17:03 - 2017-06-15 17:02 - 005110348 _____ C:\Users\jeff\Downloads\Mathworks.Filter.Design.Hdl.Co.keygen.exe
2017-07-27 16:34 - 2017-07-27 16:34 - 000007051 _____ C:\Users\jeff\Documents\Book1.csv
2017-07-26 13:41 - 2017-07-26 13:41 - 000000900 _____ C:\Users\jeff\Documents\Footage Calculation.txt
2017-07-26 12:59 - 2017-07-26 12:59 - 006119631 _____ C:\Users\jeff\Documents\1YCF1UA.pdf
2017-07-26 12:57 - 2017-07-26 12:57 - 007649457 _____ C:\Users\jeff\Documents\838517040002.pdf
2017-07-26 12:54 - 2017-07-26 12:54 - 000076429 _____ C:\Users\jeff\Documents\jdr468p5wn.pdf
2017-07-26 12:53 - 2017-07-26 12:53 - 000278019 _____ C:\Users\jeff\Documents\2016HearingRulesProcedures.pdf
2017-07-26 12:53 - 2017-07-26 12:53 - 000198486 _____ C:\Users\jeff\Documents\Practical tips to win your property tax protest in Houston.html
2017-07-26 12:53 - 2017-07-26 12:53 - 000172667 _____ C:\Users\jeff\Documents\GTA-IAD-002_v012016.pdf
2017-07-26 12:53 - 2017-07-26 12:53 - 000125616 _____ C:\Users\jeff\Documents\GTA-IAD-001.pdf
2017-07-26 12:53 - 2017-07-26 12:53 - 000000000 ____D C:\Users\jeff\Documents\Practical tips to win your property tax protest in Houston_files
2017-07-26 12:49 - 2017-07-26 12:49 - 002114536 _____ C:\Users\jeff\Downloads\Taylor appraisal.pdf
2017-07-26 11:27 - 2017-07-26 11:27 - 002183099 _____ C:\Users\jeff\Downloads\RFIntrinsicSafety.pdf
2017-07-25 17:04 - 2017-07-25 17:04 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Subversion
2017-07-25 17:04 - 2017-07-25 17:04 - 000000000 ____D C:\Users\jeff\AppData\Local\MathWorks
2017-07-25 17:03 - 2017-07-27 16:51 - 000000000 ____D C:\Users\jeff\Documents\MATLAB
2017-07-25 17:03 - 2017-07-25 17:03 - 000000000 ____D C:\Users\jeff\AppData\Roaming\MathWorks
2017-07-25 16:29 - 2017-07-25 16:29 - 000000000 ____D C:\Program Files\MATLAB
2017-07-25 16:26 - 2017-07-25 16:27 - 092691288 _____ C:\Users\jeff\Downloads\matlab_R2017a_win64.exe
2017-07-25 16:21 - 2017-07-25 16:21 - 000219756 _____ C:\Users\jeff\Downloads\Comparison Tables UL 60079-11.pdf
2017-07-24 17:01 - 2017-07-24 17:02 - 054260969 _____ C:\Users\jeff\Downloads\stp2.stp
2017-07-24 15:52 - 2017-07-24 15:52 - 000074861 _____ C:\Users\jeff\Documents\certificate-of-earnings.pdf
2017-07-24 14:49 - 2017-07-24 14:49 - 000053492 _____ C:\Users\jeff\Downloads\Doppler Flow Meter Test Report-20170724.xlsx
2017-07-24 11:43 - 2017-07-24 11:43 - 000066702 _____ C:\Users\jeff\Downloads\Doppler PCB Troubleshooting.pdf
2017-07-22 11:42 - 2017-07-22 11:42 - 000000000 ____D C:\Users\jeff\AppData\Local\DBG
2017-07-21 14:21 - 2017-07-21 14:21 - 000076100 _____ C:\Users\jeff\Downloads\Proposal 4357 FlowCommand IP Testing.pdf
2017-07-20 10:35 - 2017-07-20 10:36 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Stamps.com Internet Postage
2017-07-20 10:35 - 2017-07-20 10:35 - 000001082 _____ C:\Users\Public\Desktop\Stamps.com.lnk
2017-07-20 10:35 - 2017-07-20 10:35 - 000000036 ____H C:\WINDOWS\SysWOW64\f9t.dat
2017-07-20 10:35 - 2017-07-20 10:35 - 000000000 ____D C:\Users\jeff\AppData\Local\Seven Zip
2017-07-20 10:35 - 2017-07-20 10:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
2017-07-20 10:35 - 2017-07-20 10:35 - 000000000 ____D C:\Program Files (x86)\Stamps.com Internet Postage
2017-07-20 10:12 - 2017-07-20 10:13 - 036808240 _____ (Stamps.com, Inc. ) C:\Users\jeff\Downloads\stamps.exe
2017-07-19 18:28 - 2017-07-19 18:28 - 000126732 _____ C:\Users\jeff\Downloads\Coursera Diversification.pdf
2017-07-19 17:33 - 2017-07-19 17:33 - 000039955 _____ C:\Users\jeff\Downloads\_b01664a045fe7720c1bf143fe3fef7a9_VBTLX-and-VFIAX-Monthly-Returns (1).xlsx
2017-07-18 15:54 - 2017-07-18 15:54 - 000667497 _____ C:\Users\jeff\Downloads\messages-1500411258984.csv
2017-07-18 15:44 - 2017-07-18 15:44 - 000687124 _____ C:\Users\jeff\Downloads\messages-1500410641432.csv
2017-07-18 15:36 - 2017-07-18 15:36 - 001889221 _____ C:\Users\jeff\Downloads\proving-liquid-ultrasonic-flowmeters-case-study.pdf
2017-07-18 15:36 - 2017-07-18 15:36 - 000595016 _____ C:\Users\jeff\Downloads\Proving Liquid Ultrasonic Flowmeters For Custody Transfer Measurement TPLS002.pdf
2017-07-18 12:05 - 2017-07-18 12:05 - 004625189 _____ C:\Users\jeff\Downloads\Loans_20160101to20170101_20170717T060057.zip
2017-07-18 12:05 - 2017-07-18 12:05 - 000000000 ____D C:\Users\jeff\Downloads\Loans_20160101to20170101_20170717T060057
2017-07-18 11:49 - 2017-07-18 11:49 - 000000844 _____ C:\Users\jeff\Downloads\Exco Scalar Edits - Sheet4 (1).csv
2017-07-18 11:45 - 2017-07-18 11:45 - 000000596 _____ C:\Users\jeff\Downloads\Exco Scalar Edits - Sheet4.csv
2017-07-18 10:39 - 2017-07-18 10:39 - 000001168 _____ C:\Users\jeff\Downloads\Voltaic Solar Power - Sheet1.csv
2017-07-17 17:01 - 2017-07-17 17:01 - 000039955 _____ C:\Users\jeff\Downloads\_b01664a045fe7720c1bf143fe3fef7a9_VBTLX-and-VFIAX-Monthly-Returns.xlsx
2017-07-17 15:31 - 2017-07-17 16:20 - 000181204 _____ C:\Users\jeff\Downloads\Petronac 5 Algorithm.xlsx
2017-07-17 14:34 - 2017-07-17 14:34 - 000000434 _____ C:\Users\jeff\Downloads\event.ics
2017-07-17 14:31 - 2017-07-17 14:31 - 000131696 _____ C:\Users\jeff\Documents\Houston water report.pdf
2017-07-17 12:25 - 2017-07-17 12:25 - 000050110 _____ C:\Users\jeff\Downloads\DM_Studio_Pricing.pdf
2017-07-17 11:28 - 2017-07-17 11:28 - 011810016 _____ C:\Users\jeff\Downloads\VID_20170716_015335.avi
2017-07-14 13:58 - 2017-07-14 13:58 - 000002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-07-14 13:58 - 2017-07-14 13:58 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-07-14 13:50 - 2017-07-14 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-07-14 13:50 - 2017-07-14 13:50 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-07-14 13:50 - 2017-07-14 13:50 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-07-14 13:50 - 2017-07-14 13:50 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-07-14 13:50 - 2017-07-14 13:50 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-07-14 13:50 - 2017-07-14 13:50 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-07-14 13:50 - 2017-07-14 13:50 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-07-14 13:50 - 2017-07-14 13:50 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-07-14 13:47 - 2017-07-27 19:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-14 13:47 - 2017-07-14 13:47 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-07-14 13:46 - 2017-07-14 13:46 - 004310328 _____ (Microsoft Corporation) C:\Users\jeff\Downloads\Setup.x86.en-us_O365HomePremRetail_OEMSMB_.exe
2017-07-14 13:38 - 2017-07-14 13:38 - 010277376 _____ C:\Users\jeff\Downloads\VB60SP6-KB2708437-x86-ENU.msi
2017-07-14 13:29 - 2017-07-14 13:29 - 005131978 _____ C:\Users\jeff\Downloads\OpenSolver2.8.6_LinearWin.zip
2017-07-14 13:25 - 2017-07-20 08:34 - 002132164 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_msft.xlsx
2017-07-14 13:10 - 2017-07-14 13:10 - 007058744 _____ (Microsoft Corporation) C:\Users\jeff\Downloads\Setup.X64.en-us_O365BusinessRetail_0f4ae330-f425-42fe-bf39-da2588152245_TX_PR_b_16_.exe
2017-07-14 13:10 - 2017-07-14 13:10 - 004310328 _____ (Microsoft Corporation) C:\Users\jeff\Downloads\Setup.X86.en-us_O365BusinessRetail_0f4ae330-f425-42fe-bf39-da2588152245_TX_PR_b_16_ (2).exe
2017-07-14 13:09 - 2017-07-14 13:09 - 004310328 _____ (Microsoft Corporation) C:\Users\jeff\Downloads\Setup.X86.en-us_O365BusinessRetail_0f4ae330-f425-42fe-bf39-da2588152245_TX_PR_b_16_ (1).exe
2017-07-14 13:08 - 2017-07-14 13:08 - 004310328 _____ (Microsoft Corporation) C:\Users\jeff\Downloads\Setup.X86.en-us_O365BusinessRetail_0f4ae330-f425-42fe-bf39-da2588152245_TX_PR_b_16_.exe
2017-07-14 12:21 - 2017-07-14 12:21 - 000147067 _____ C:\Users\jeff\Downloads\_441f639884b4449fdcc212a2d8ed1b7c_aapl (1).csv
2017-07-14 11:32 - 2017-07-14 11:32 - 000093601 _____ C:\Users\jeff\Downloads\_d54e93ebdf2971e11509d23595ca6209_wfc (1).csv
2017-07-14 10:07 - 2017-07-14 10:07 - 000039074 _____ C:\Users\jeff\Downloads\QSF 27-1-03 Rev 1.3 CTS US Certification and Listing Agreement.pdf
2017-07-14 09:58 - 2017-07-14 09:58 - 000123870 _____ C:\Users\jeff\Downloads\4159136HAZ-01 Letter Report BR (1).PDF
2017-07-13 18:05 - 2017-07-13 18:05 - 003479082 _____ C:\Users\jeff\Downloads\Sensor vs Pemex_Sepec.pptx
2017-07-13 12:43 - 2017-07-13 12:43 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 020504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 019335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 017364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 013839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 011870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 008331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 008318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 008238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 007904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 007336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 007325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 006759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 006554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 006287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 004730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 004447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 002938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 002679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 002298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-13 12:43 - 2017-07-13 12:43 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-13 12:43 - 2017-07-13 12:43 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 001674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 001420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-13 12:43 - 2017-07-13 12:43 - 001357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 001237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-13 12:43 - 2017-07-13 12:43 - 001057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 001017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-13 12:43 - 2017-07-13 12:43 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-13 12:43 - 2017-07-13 12:43 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-13 12:43 - 2017-07-13 12:43 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-13 12:43 - 2017-07-13 12:43 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-13 12:43 - 2017-07-13 12:43 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-13 12:43 - 2017-07-13 12:43 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-13 12:43 - 2017-07-13 12:43 - 000544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-13 12:43 - 2017-07-13 12:43 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-13 12:43 - 2017-07-13 12:43 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-13 12:43 - 2017-07-13 12:43 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-13 12:43 - 2017-07-13 12:43 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-13 12:43 - 2017-07-13 12:43 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-13 12:43 - 2017-07-13 12:43 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-13 12:43 - 2017-07-13 12:43 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 006726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 006535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 004709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 004672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 003135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 002625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 002085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 001003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-07-13 12:40 - 2017-07-13 12:40 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-07-13 12:40 - 2017-07-13 12:40 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-07-13 12:40 - 2017-07-13 12:40 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-07-13 12:40 - 2017-07-13 12:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-07-13 12:40 - 2017-07-13 12:40 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-07-13 12:40 - 2017-07-13 12:40 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-07-13 12:40 - 2017-07-13 12:40 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-07-13 12:40 - 2017-07-13 12:40 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-07-13 12:38 - 2017-07-13 12:38 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-07-13 12:38 - 2017-07-13 09:46 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-07-13 12:36 - 2017-07-13 12:36 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-07-13 12:36 - 2017-07-13 12:36 - 000000000 ____D C:\Program Files\MSBuild
2017-07-13 12:36 - 2017-07-13 12:36 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-07-13 12:36 - 2017-07-13 12:36 - 000000000 ____D C:\inetpub
2017-07-13 12:36 - 2017-07-13 09:50 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-07-13 12:36 - 2017-02-10 14:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-07-13 12:36 - 2017-02-10 14:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-07-13 12:36 - 2017-02-10 14:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-07-13 12:36 - 2017-02-10 14:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-07-13 12:36 - 2017-02-10 14:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-07-13 12:36 - 2017-02-10 14:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-07-13 12:35 - 2017-07-13 12:35 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-07-13 11:48 - 2017-07-13 11:48 - 004685083 _____ C:\Users\jeff\Downloads\performance.csv
2017-07-13 11:48 - 2017-07-13 11:48 - 000000334 _____ C:\Users\jeff\Downloads\Upstart_Investor_Portfolio_20170712_Garoon.csv
2017-07-13 10:00 - 2017-07-13 10:00 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-07-13 09:59 - 2017-07-13 09:59 - 000000000 ____D C:\ProgramData\USOShared
2017-07-13 09:58 - 2017-07-13 09:58 - 000000020 ___SH C:\Users\jeff\ntuser.ini
2017-07-13 09:56 - 2017-07-13 09:56 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-07-13 09:56 - 2017-07-13 09:56 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-07-13 09:55 - 2017-07-31 09:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-13 09:55 - 2017-07-31 09:22 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0B6F1108-B3F3-4A8D-A0AE-0EFDC21431A1}
2017-07-13 09:55 - 2017-07-30 10:48 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForjeff
2017-07-13 09:55 - 2017-07-13 09:55 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-07-13 09:55 - 2017-07-13 09:55 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000003176 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000003004 _____ C:\WINDOWS\System32\Tasks\WpsUpdateTask_Administrator
2017-07-13 09:55 - 2017-07-13 09:55 - 000003004 _____ C:\WINDOWS\System32\Tasks\WpsNotifyTask_Administrator
2017-07-13 09:55 - 2017-07-13 09:55 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000002968 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-13 09:55 - 2017-07-13 09:55 - 000002494 _____ C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2017-07-13 09:55 - 2017-07-13 09:55 - 000002172 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2017-07-13 09:55 - 2017-07-13 09:55 - 000002170 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_WILLAMETTE
2017-07-13 09:55 - 2017-07-13 09:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-07-13 09:55 - 2017-07-13 09:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-07-13 09:53 - 2017-07-13 09:53 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-07-13 09:48 - 2017-07-31 09:29 - 000949658 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-13 09:48 - 2017-07-30 11:34 - 000000000 ____D C:\Users\jeff
2017-07-13 09:48 - 2017-07-30 11:02 - 001218836 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-07-13 09:48 - 2017-07-13 09:53 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-07-13 09:47 - 2017-07-31 09:28 - 000000000 ____D C:\ProgramData\NVIDIA
2017-07-13 09:47 - 2017-07-13 09:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-13 09:47 - 2017-07-13 09:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-07-13 09:47 - 2017-07-13 09:50 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-13 09:47 - 2017-07-13 09:50 - 000000000 ____D C:\Program Files\Common Files\logishrd
2017-07-13 09:47 - 2017-07-13 09:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-07-13 09:47 - 2017-07-13 09:47 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-07-13 09:47 - 2017-07-13 09:47 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-07-13 09:47 - 2017-07-13 09:47 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-07-13 09:47 - 2017-07-13 09:47 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2017-07-13 09:47 - 2017-07-13 09:47 - 000000000 ____D C:\Program Files\Realtek
2017-07-13 09:47 - 2017-05-18 00:55 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-07-13 09:47 - 2017-05-18 00:48 - 006437824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-07-13 09:47 - 2017-05-18 00:48 - 002479736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-07-13 09:47 - 2017-05-18 00:48 - 001762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-07-13 09:47 - 2017-05-18 00:48 - 000548984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-07-13 09:47 - 2017-05-18 00:48 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-07-13 09:47 - 2017-05-18 00:48 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-07-13 09:47 - 2017-05-18 00:48 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-07-13 09:47 - 2017-05-16 13:09 - 007993157 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-07-13 09:47 - 2017-03-18 15:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-07-13 09:46 - 2017-07-31 10:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-13 09:46 - 2017-07-30 11:29 - 000451960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-12 16:10 - 2017-07-12 16:44 - 000271360 _____ C:\Users\jeff\Downloads\Doppler Head.SLDPRT
2017-07-12 09:59 - 2017-07-12 09:59 - 000123870 _____ C:\Users\jeff\Downloads\4159136HAZ-01 Letter Report BR.PDF
2017-07-11 18:42 - 2017-07-11 18:42 - 000147067 _____ C:\Users\jeff\Downloads\_441f639884b4449fdcc212a2d8ed1b7c_aapl.csv
2017-07-11 18:33 - 2017-07-19 17:55 - 000001136 _____ C:\Users\jeff\Downloads\_58217c10deb55d59805ab8050cd390de_aapl_monthly-_2_.csv
2017-07-11 18:33 - 2017-07-14 12:04 - 000237225 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_msft.csv
2017-07-11 18:33 - 2017-07-11 18:33 - 000098787 _____ C:\Users\jeff\Downloads\_d54e93ebdf2971e11509d23595ca6209_xom.csv
2017-07-11 18:33 - 2017-07-11 18:33 - 000097383 _____ C:\Users\jeff\Downloads\_d54e93ebdf2971e11509d23595ca6209_tsla.csv
2017-07-11 18:33 - 2017-07-11 18:33 - 000093601 _____ C:\Users\jeff\Downloads\_d54e93ebdf2971e11509d23595ca6209_wfc.csv
2017-07-11 18:33 - 2017-07-11 18:33 - 000088236 _____ C:\Users\jeff\Downloads\_d54e93ebdf2971e11509d23595ca6209_ttm.csv
2017-07-11 18:32 - 2017-07-11 18:33 - 000110399 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_goog.csv
2017-07-11 18:32 - 2017-07-11 18:32 - 000120414 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_dji.csv
2017-07-11 18:32 - 2017-07-11 18:32 - 000109644 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_aapl.csv
2017-07-11 18:32 - 2017-07-11 18:32 - 000102836 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_bidu.csv
2017-07-11 18:32 - 2017-07-11 18:32 - 000099884 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_dis.csv
2017-07-11 18:32 - 2017-07-11 18:32 - 000097404 _____ C:\Users\jeff\Downloads\_c6159646c4566d0145fba7a91f251330_cop.csv
2017-07-11 17:11 - 2017-07-13 09:57 - 000000000 ___DC C:\WINDOWS\Panther
2017-07-11 17:03 - 2017-07-11 17:03 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Sun
2017-07-11 16:16 - 2017-07-11 16:16 - 000024784 _____ C:\Users\jeff\Downloads\_c18b1009f9adb18587d54dd9b97c1404_MODULE-4-NEW-PRODUCT-VENTURE---BASE-CASE.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-31 10:44 - 2016-10-08 10:25 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Skype
2017-07-31 09:26 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-07-31 09:26 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-07-31 09:25 - 2017-03-18 06:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-07-31 09:22 - 2017-05-22 10:28 - 000000000 ____D C:\Users\jeff\AppData\LocalLow\Temp
2017-07-30 12:18 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-07-30 11:31 - 2016-11-21 13:26 - 1151974712 _____ C:\WINDOWS\MEMORY.DMP
2017-07-30 11:29 - 2016-10-15 19:11 - 000000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjeff.job
2017-07-30 11:15 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-07-30 11:11 - 2016-10-05 12:59 - 000000000 ____D C:\Users\jeff\AppData\Local\Packages
2017-07-30 11:10 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-07-30 11:10 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-07-27 19:28 - 2016-10-05 16:52 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-27 19:19 - 2016-10-05 18:19 - 000000000 ____D C:\Program Files (x86)\Google
2017-07-27 18:56 - 2017-04-14 07:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-27 18:56 - 2017-04-14 07:36 - 000000000 ____D C:\Program Files (x86)\Java
2017-07-27 18:55 - 2017-04-14 07:36 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-07-27 18:27 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-27 18:00 - 2016-10-05 13:02 - 000002367 _____ C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-27 18:00 - 2016-10-05 13:02 - 000000000 ___RD C:\Users\jeff\OneDrive
2017-07-27 17:42 - 2015-07-10 06:04 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_224
2017-07-27 17:36 - 2016-10-05 18:08 - 000032629 _____ C:\Users\jeff\quartus2.qreg
2017-07-26 11:15 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-26 11:15 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-07-26 11:11 - 2016-10-05 17:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-07-24 17:02 - 2016-10-05 18:11 - 000067256 _____ C:\Users\jeff\qms-bmh3.bmp
2017-07-24 17:02 - 2016-10-05 18:11 - 000067256 _____ C:\Users\jeff\qms-bmh2.bmp
2017-07-24 17:02 - 2016-10-05 18:11 - 000067256 _____ C:\Users\jeff\qms-bmh1.bmp
2017-07-24 17:02 - 2016-10-05 18:11 - 000009797 _____ C:\Users\jeff\quartus_web_rules_file.txt
2017-07-17 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-07-14 13:47 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-14 13:20 - 2017-01-05 15:05 - 000000000 ____D C:\Users\jeff\AppData\Local\atom
2017-07-14 13:20 - 2017-01-05 14:30 - 000002236 _____ C:\Users\jeff\Desktop\Atom.lnk
2017-07-14 13:20 - 2017-01-05 14:30 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-07-14 13:06 - 2016-10-08 10:22 - 000000000 ____D C:\Users\jeff\AppData\Local\ConnectedDevicesPlatform
2017-07-14 03:26 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-07-13 17:11 - 2017-05-22 10:33 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-13 12:46 - 2017-03-18 16:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-07-13 12:44 - 2017-03-18 16:06 - 000000000 ____D C:\WINDOWS\Setup
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-13 12:44 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-13 12:40 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-07-13 12:40 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-07-13 12:40 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-07-13 12:40 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-07-13 12:36 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-07-13 12:36 - 2017-03-18 15:59 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-07-13 12:36 - 2017-03-18 15:59 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-07-13 12:36 - 2017-03-18 15:59 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-07-13 12:36 - 2017-03-18 15:59 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-07-13 09:59 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-07-13 09:58 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-13 09:58 - 2015-07-16 09:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-07-13 09:57 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-07-13 09:56 - 2017-03-18 21:31 - 000000000 ____D C:\WINDOWS\HoloShell
2017-07-13 09:56 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Registration
2017-07-13 09:56 - 2017-03-18 06:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-13 09:56 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-07-13 09:55 - 2017-03-18 16:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-07-13 09:55 - 2016-10-08 10:16 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-07-13 09:53 - 2017-06-18 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeidiSQL
2017-07-13 09:53 - 2017-06-18 11:51 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mipc
2017-07-13 09:53 - 2017-05-17 18:38 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-07-13 09:53 - 2017-05-17 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2017-07-13 09:53 - 2017-04-05 16:22 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA's Eyes
2017-07-13 09:53 - 2017-03-06 17:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2017-07-13 09:53 - 2017-01-05 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LLVM
2017-07-13 09:53 - 2017-01-05 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2017-07-13 09:53 - 2016-12-12 15:29 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flip 3.4.7
2017-07-13 09:53 - 2016-12-12 14:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atmel Studio 7.0
2017-07-13 09:53 - 2016-12-12 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2017-07-13 09:53 - 2016-12-12 14:43 - 000000000 ____D C:\WINDOWS\system32\1033
2017-07-13 09:53 - 2016-10-27 10:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-07-13 09:53 - 2016-10-19 16:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2016
2017-07-13 09:53 - 2016-10-18 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prusa3D
2017-07-13 09:53 - 2016-10-18 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-07-13 09:53 - 2016-10-17 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KiCad
2017-07-13 09:53 - 2016-10-17 15:27 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HART Analyzer
2017-07-13 09:53 - 2016-10-17 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABM Probe Gateway
2017-07-13 09:53 - 2016-10-09 20:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
2017-07-13 09:53 - 2016-10-09 13:56 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-07-13 09:53 - 2016-10-09 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-07-13 09:53 - 2016-10-06 16:51 - 000000000 ____D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2017-07-13 09:53 - 2016-10-06 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cura 2.1
2017-07-13 09:53 - 2016-10-06 13:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2012
2017-07-13 09:53 - 2016-10-05 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks Installation Manager
2017-07-13 09:53 - 2016-10-05 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-07-13 09:53 - 2016-10-05 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
2017-07-13 09:53 - 2016-10-05 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altera 16.0.0.211 Lite Edition
2017-07-13 09:53 - 2015-11-24 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 25 GB
2017-07-13 09:53 - 2015-11-24 10:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-07-13 09:53 - 2015-11-24 10:24 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-07-13 09:50 - 2017-06-09 10:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texas Instruments
2017-07-13 09:50 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-07-13 09:50 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-07-13 09:50 - 2017-03-16 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-07-13 09:50 - 2016-10-17 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eltima Software
2017-07-13 09:50 - 2016-10-09 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2017-07-13 09:50 - 2016-10-08 14:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2017-07-13 09:50 - 2016-10-08 10:02 - 000000000 ____D C:\Program Files\Intel
2017-07-13 09:50 - 2016-10-06 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2017-07-13 09:50 - 2016-10-05 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIGOL
2017-07-13 09:50 - 2016-10-05 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\cvirte
2017-07-13 09:50 - 2016-10-05 18:15 - 000000000 ____D C:\WINDOWS\system32\cvirte
2017-07-13 09:48 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-07-13 09:47 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Help
2017-07-13 09:47 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-07-12 16:47 - 2017-06-06 11:45 - 000686080 _____ C:\Users\jeff\Downloads\Doppler Mount.SLDASM
2017-07-12 16:47 - 2016-10-06 13:36 - 000000000 ____D C:\Users\jeff\AppData\Local\TempSWBackupDirectory
2017-07-12 16:34 - 2017-06-06 10:55 - 000278016 _____ C:\Users\jeff\Downloads\Doppler Mount Bottom.SLDPRT
2017-07-12 15:58 - 2016-10-05 17:05 - 000000000 ____D C:\Users\jeff\AppData\Roaming\SolidWorks
2017-07-12 15:58 - 2016-10-05 17:05 - 000000000 ____D C:\Users\jeff\AppData\Local\SolidWorks
2017-07-11 17:53 - 2016-10-25 14:06 - 000000000 ____D C:\Users\jeff\AppData\Local\Arduino15
2017-07-11 17:13 - 2016-10-05 16:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-07-11 17:04 - 2017-04-14 07:36 - 000000000 ____D C:\ProgramData\Oracle
2017-07-11 17:03 - 2017-04-14 07:36 - 000268864 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2017-07-11 16:57 - 2017-03-16 21:10 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-07-11 16:57 - 2017-01-05 14:04 - 000000000 ____D C:\ProgramData\Skype
2017-07-10 16:58 - 2017-05-17 18:38 - 000000000 ____D C:\Program Files\UNP
2017-07-10 16:55 - 2017-01-28 19:07 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-07-10 16:55 - 2017-01-28 19:07 - 000001035 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-07-10 16:55 - 2016-11-16 14:43 - 000000000 ____D C:\Users\jeff\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2016-10-23 19:54 - 2016-10-23 19:54 - 000003943 _____ () C:\Users\jeff\AppData\Roaming\LTspiceXVII.ini
2016-10-13 16:22 - 2016-10-19 17:48 - 000000000 _____ () C:\Users\jeff\AppData\Local\Temptable.xml
2017-07-29 11:14 - 2017-07-29 11:14 - 000047527 _____ () C:\ProgramData\agent.1501344893.bdinstall.bin
2017-07-30 13:21 - 2017-07-30 13:21 - 000029170 _____ () C:\ProgramData\agent.1501438868.bdinstall.bin

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-25 10:47

==================== End of FRST.txt ============================



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 31 July 2017 - 10:54 AM

I see what happened. Run this FRST fix.

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users