Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden Rootkit / Bootkit in BIOS or Boot - HELP!


  • This topic is locked This topic is locked
25 replies to this topic

#1 SquidBoy02

SquidBoy02

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bay Area - San Francisco, CA
  • Local time:10:43 AM

Posted 15 August 2017 - 04:35 PM

Dear All,
 
 
First off...thank you for being the great resource that you are, BleepingComputer.com...I'd be lost without you. 
 
I'm unable to boot normally and am writing this from Safe Mode with Networking.  I have to power off, power on - 3x to produce the screen which allows me to get into Safe Mode...and it's a real P.I.T.A.
 
This is my second post, having been unable to find a solution with a previous posting.  The person helping me was great, and had me run several programs which sped up my system...but, alas, didn't find the offending source of the problem.
 
https://www.bleepingcomputer.com/forums/t/653293/i-think-ive-picked-up-a-rootkit-virus-or-worse-help/
 
I've contracted what I believe to be a Rootkit / Bootkit or Other, that "crashes" the system whenever I use a tool to detect and remove it (GMER, aswMBR, etc.) and it coincides with a Windows 10 Home Update to the latest Creator's Update v.1703.  Unsure if the update to Creator's had anything to do with it or if it was coincidental.
 
I've spent hours with Microsoft Level 2 techs, allowed them into the computer, and made attempts to: Reset Win 10 Home, Repair Win 10 Home, Reinstall Windows 10 Home from an ISO on a fresh USB during Boot-Up, as well as install LINUX MINT 18.2 from a DVD ISO and also USB ISO after making changes in the Boot Order in BIOS.  They've conferred while I waited, and their analysis is that the Hard Drive is at fault...or the Rootkit / Bootkit is holding up the Re-Install...and they want to wipe it.

I'm okay with that, but just in case it wasn't necessary, I decided to install a fresh HD and eliminate the connections of the other HD, and see if the Win 10 Home ISO would install?  No Joy.  I tried LINUX MINT 18.2, with 2 versions of ISO - DVD and Flash Drive - and the installer failed after initiating at about 15%...no reason.
 
*     *     *

Currently, I've enabled "Show Hidden Files & Folders" in Win 10 Home running in Safe Mode...am running Sophos Virus Removal Tool...and a few suspicious files have been found which I'll report after before handling them.

 
Request - If there's a Rootkit / Bootkit / Other Expert in this forum, I could really use your help.  I've considered flashing the BIOS...removing the Motherboard Battery...unplugging the computer and removing Battery & All RAM, etc., etc.
 
Thank you, sincerely, for your time and help with this issue.  If it stumped the MS Level 2 Techs, I knew the BleepingComputer Gurus would be the source to tap.
 
Sincerely,
--S.B.


Edited by hamluis, 17 August 2017 - 09:33 AM.
Moved from MRL to Am I Infected - Hamluis. Moved back to log forum and merged topics. ~ OB


BC AdBot (Login to Remove)

 


#2 SquidBoy02

SquidBoy02
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bay Area - San Francisco, CA
  • Local time:10:43 AM

Posted 16 August 2017 - 03:10 PM

This a Re-Post in a more proper form, hopefully.  Description of Issue(s) is first, System Description next, FRST Logs next.
 
Issues:
 
My Win 10 Home system required an update and took over the computer on "shutdown" for 1.5 days to download and install...ultimately failing to update to Creator's Update v. 1703...causing Normal Boot to stall with the "spinning dots" for hours on end.  I can only boot into Safe Mode with Networking.  All Recoveries have failed with help from Microsoft Level 2 Techs (Win 10 Reset, ISO Install, etc., etc.) and they have suggested an HD problem.
 
I tried to install Win 10 Home Iso w/ MS Level 2 Techs from a DVD - Fail, and also Linux Mint 18.2 from a fresh USB - Fail, and then let them into the system to try and effect changes remotely - Fail.  They suspect a HD problem and wanted to wipe and re-install, but I had another new HD and opened the case and installed it w/ attempt to install Win 10 Home or Linux Mint 18.2 - Both Fail.
 
I suspect a Rootkit / Bootkit is hidden and thwarting any attempt to find it, or reinstall the system...but I'm not the expert, you all are.
 
*     *     *
 
System - New (6 Months):
 
ASUS G11CD Desktop
 
i7 Skylake CPU
ASUS MoBo
1 TB HD, Toshiba
16 GB Ram DDR4
nVidia GTX960 Video
Wireless Logitech Keyboard and Mouse M510
DVD Drive - All
USB 3.1 x 3
 
NO Modifications *except* New HD install when system failed to accept Win 10 Reset in an effort to install fresh to New HD.
 
*     *     *
 
FRST Log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-08-2017
Ran by Chris (administrator) on DESKTOP-TT96U0C (16-08-2017 11:48:12)
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available Profiles: Chris & Test)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Chris\Desktop\FRSTx64.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-06-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-08-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2110584 2017-07-11] (Logitech, Inc.)
HKLM\...\RunOnce: [Unattend0000000001{BDBA2598-FFDF-44BB-ACA0-C485734F561D}] => %windir%\System32\OEM\EnableModelName.cmd
HKLM\...\RunOnce: [Unattend0000000002{E18EF1E3-7619-4564-B52F-D76AF73B4D1E}] => %windir%\System32\OEM\Setup1.cmd
HKLM\...\RunOnce: [Unattend0000000004{BEA27276-D940-42E3-AA15-62F8904CB600}] => %windir%\System32\OEM\Setup3.cmd
HKLM\...\RunOnce: [Unattend0000000006{BA003FA0-C81A-4D8D-A16D-457AC405A355}] => %windir%\Panther\CleanIcon_Tool.cmd
HKLM\...\RunOnce: [GrpConv] => grpconv -o
HKLM\...\RunOnce: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => C:\ProgramData\cis681E.exe [4784320 2017-07-11] (COMODO)
HKLM\...\RunOnce: [811_13479801549542] => C:\Program Files (x86)\LMIR0002.tmp_r.bat [514 2017-08-11] ()
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-152517617-1602392019-748697119-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-152517617-1602392019-748697119-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].tx
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76
Tcpip\..\Interfaces\{fa7e5147-c4e7-49f4-8d5a-3f4bd9c613b0}: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-152517617-1602392019-748697119-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-152517617-1602392019-748697119-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF DefaultProfile: dvvqihha.default
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dvvqihha.default [2017-08-16]
FF Homepage: Mozilla\Firefox\Profiles\dvvqihha.default -> hxxps://www.google.com/
FF Extension: (Disable Ads) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dvvqihha.default\Extensions\@com.virtualjame.disableads.xpi [2017-08-03]
FF Extension: (SafeSearch Incognito) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dvvqihha.default\Extensions\@sduixcjksd.xpi [2017-07-28]
FF Extension: (Firefox Search Test) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dvvqihha.default\Extensions\firefoxsearchtest@mozilla.com.xpi [2017-07-13]
FF Extension: (FireShot) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dvvqihha.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2017-08-02]
FF Extension: (WOT) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dvvqihha.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2017-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-07-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-08-03] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-08-03] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default [2017-08-16]
CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-13]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-13]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-13]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-13]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-07-26]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-13]
CHR Extension: (Google Docs Offline) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-13]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-13]
CHR Extension: (Chrome Media Router) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()
S4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-19] (ASUS Cloud Corporation) [File not signed]
S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-20] ()
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-08-15] (NVIDIA Corporation)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S4 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-08-15] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-08-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-08-15] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 402E7A16; C:\WINDOWS\System32\drivers\402E7A16.sys [478392 2017-07-26] (Kaspersky Lab ZAO)
S3 AiChargerDT; C:\Windows\SysWow64\drivers\AiChargerDT.sys [14880 2012-10-18] (ASUSTek Computer Inc.)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
R0 assdv2; C:\WINDOWS\System32\DRIVERS\assdv2.sys [30040 2015-09-07] (ASUS)
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2017-08-05] ()
S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvak.inf_amd64_791beb67a268df58\nvlddmkm.sys [14145584 2016-11-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-08-15] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-08-15] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-28] (Realtek )
S3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [607488 2016-02-25] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-16 11:48 - 2017-08-16 11:48 - 000013306 _____ C:\Users\Chris\Desktop\FRST.txt
2017-08-16 11:43 - 2017-08-16 11:43 - 000000000 ____D C:\Users\Chris\Desktop\FRST-OlderVersion
2017-08-16 11:14 - 2017-08-16 11:39 - 000150308 _____ C:\TDSSKiller.3.1.0.15_16.08.2017_11.14.11_log.txt
2017-08-15 14:12 - 2017-08-15 14:13 - 000000000 ____D C:\Users\Chris\Desktop\CisReport_x64_v10.0.1.6258_20170805-163314
2017-08-15 14:10 - 2017-08-15 14:12 - 000000000 ____D C:\Users\Chris\Desktop\tweaking.com_registry_backup_portable
2017-08-15 13:45 - 2017-08-15 13:45 - 000000000 ____D C:\Users\Chris\AppData\Local\ESET
2017-08-15 13:44 - 2017-08-15 13:44 - 000781312 _____ C:\Users\Chris\Desktop\delfix_1.010.exe
2017-08-15 13:41 - 2017-08-15 13:41 - 035688304 _____ (Adlice Software ) C:\Users\Chris\Desktop\RogueKiller_setup.exe
2017-08-15 13:07 - 2017-08-15 13:07 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Chris\Desktop\esetonlinescanner_enu.exe
2017-08-15 12:23 - 2017-08-15 12:49 - 000287692 _____ C:\TDSSKiller.3.1.0.15_15.08.2017_12.23.33_log.txt
2017-08-15 09:29 - 2017-08-15 09:32 - 000002200 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2017-08-15 09:29 - 2017-08-15 09:29 - 000002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2017-08-15 09:29 - 2017-08-15 09:29 - 000000000 ____D C:\Program Files (x86)\Belarc
2017-08-14 09:59 - 2017-08-14 09:59 - 000000000 _____ C:\Users\Chris\Desktop\Results of GMER Scan - 08_14_2017.txt
2017-08-14 09:45 - 2017-08-14 09:45 - 338425856 _____ C:\Users\Chris\Desktop\Grover.iso
2017-08-13 12:25 - 2017-08-13 12:26 - 000035565 _____ C:\Users\Chris\Desktop\Addition.txt
2017-08-13 12:20 - 2017-08-16 11:48 - 000000000 ____D C:\FRST
2017-08-13 12:20 - 2017-08-16 11:43 - 002395648 _____ (Farbar) C:\Users\Chris\Desktop\FRSTx64.exe
2017-08-13 11:17 - 2017-07-31 18:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-13 11:17 - 2017-07-27 20:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-13 11:16 - 2017-07-31 18:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-13 11:16 - 2017-07-31 18:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-13 11:16 - 2017-07-31 18:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-13 11:16 - 2017-07-31 18:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-13 11:16 - 2017-07-31 18:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-13 11:16 - 2017-07-31 18:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-13 11:16 - 2017-07-31 18:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-13 11:16 - 2017-07-31 18:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-13 11:16 - 2017-07-31 18:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-13 11:16 - 2017-07-31 18:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-13 11:16 - 2017-07-31 18:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-13 11:16 - 2017-07-31 18:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-13 11:16 - 2017-07-31 18:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-13 11:16 - 2017-07-31 18:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-13 11:16 - 2017-07-31 18:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-13 11:16 - 2017-07-31 18:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-13 11:16 - 2017-07-31 18:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-13 11:16 - 2017-07-31 18:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-13 11:16 - 2017-07-31 18:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-13 11:16 - 2017-07-31 18:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-13 11:16 - 2017-07-31 18:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-13 11:16 - 2017-07-31 18:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-13 11:16 - 2017-07-31 18:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-13 11:16 - 2017-07-31 18:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-13 11:16 - 2017-07-31 18:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-13 11:16 - 2017-07-31 17:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-13 11:16 - 2017-07-27 21:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-13 11:16 - 2017-07-27 21:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-13 11:16 - 2017-07-27 21:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-13 11:16 - 2017-07-27 21:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-13 11:16 - 2017-07-27 20:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-13 11:16 - 2017-07-27 20:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-13 11:16 - 2017-07-27 20:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-13 11:16 - 2017-07-27 20:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-13 11:16 - 2017-07-27 20:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-13 11:16 - 2017-07-27 20:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-13 11:16 - 2017-07-27 20:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-13 11:16 - 2017-07-27 20:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-13 11:16 - 2017-07-27 20:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-13 11:16 - 2017-07-27 20:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-13 11:16 - 2017-07-27 20:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-13 11:16 - 2017-07-27 20:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-13 11:16 - 2017-07-27 20:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-13 11:16 - 2017-07-27 20:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-13 11:16 - 2017-07-27 20:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-13 11:16 - 2017-07-27 20:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-13 11:16 - 2017-07-27 20:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-13 11:16 - 2017-07-27 20:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-13 11:16 - 2017-07-27 20:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-13 11:16 - 2017-07-27 20:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-13 11:16 - 2017-07-27 20:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-13 11:16 - 2017-07-27 20:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-13 11:16 - 2017-07-27 20:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-13 11:16 - 2017-07-27 20:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-13 11:16 - 2017-07-27 20:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-13 11:16 - 2017-07-27 20:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-13 11:16 - 2017-07-27 20:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-13 11:16 - 2017-07-27 20:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-13 11:16 - 2017-07-27 20:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-13 11:16 - 2017-07-27 20:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-13 11:16 - 2017-07-27 20:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-13 11:16 - 2017-07-27 20:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-13 11:16 - 2017-07-27 20:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-13 11:16 - 2017-07-27 20:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-13 11:16 - 2017-07-27 20:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-13 11:16 - 2017-07-27 20:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-13 11:16 - 2017-07-27 20:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-13 11:16 - 2017-07-27 20:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-13 11:16 - 2017-07-27 20:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-13 11:16 - 2017-07-27 20:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-13 11:16 - 2017-07-27 20:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-13 11:16 - 2017-07-27 20:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-13 11:16 - 2017-07-27 20:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-13 11:16 - 2017-07-27 20:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-13 11:16 - 2017-07-27 20:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-13 11:16 - 2017-07-27 20:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-13 11:16 - 2017-07-27 20:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-13 11:16 - 2017-07-27 20:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-13 11:16 - 2017-07-27 20:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-13 11:15 - 2017-07-31 18:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-13 11:15 - 2017-07-31 18:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-13 11:15 - 2017-07-31 18:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-13 11:15 - 2017-07-31 18:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-13 11:15 - 2017-07-31 18:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-13 11:15 - 2017-07-31 18:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-13 11:15 - 2017-07-31 18:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-13 11:15 - 2017-07-31 18:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-13 11:15 - 2017-07-31 18:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-13 11:15 - 2017-07-31 18:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-13 11:15 - 2017-07-31 18:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-13 11:15 - 2017-07-31 18:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-13 11:15 - 2017-07-31 18:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-13 11:15 - 2017-07-31 18:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-13 11:15 - 2017-07-31 18:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-13 11:15 - 2017-07-31 18:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-13 11:15 - 2017-07-31 18:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-13 11:15 - 2017-07-31 18:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-13 11:15 - 2017-07-31 18:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-13 11:15 - 2017-07-31 18:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-13 11:15 - 2017-07-31 18:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-13 11:15 - 2017-07-31 18:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-13 11:15 - 2017-07-31 18:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-13 11:15 - 2017-07-31 18:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-13 11:15 - 2017-07-31 18:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-13 11:15 - 2017-07-31 17:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-13 11:15 - 2017-07-31 17:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-13 11:15 - 2017-07-31 17:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-13 11:15 - 2017-07-31 17:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-13 11:15 - 2017-07-31 17:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-13 11:15 - 2017-07-31 17:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-13 11:15 - 2017-07-31 17:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-13 11:15 - 2017-07-31 17:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-13 11:15 - 2017-07-31 17:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-13 11:15 - 2017-07-31 17:41 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2017-08-13 11:15 - 2017-07-31 17:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-13 11:15 - 2017-07-31 17:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-13 11:15 - 2017-07-31 17:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-13 11:15 - 2017-07-31 17:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-13 11:15 - 2017-07-31 17:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-13 11:15 - 2017-07-31 17:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-13 11:15 - 2017-07-31 17:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-13 11:15 - 2017-07-31 17:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-13 11:15 - 2017-07-31 17:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-13 11:15 - 2017-07-31 17:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-13 11:15 - 2017-07-31 17:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-13 11:15 - 2017-07-31 17:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-13 11:15 - 2017-07-31 17:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-13 11:15 - 2017-07-31 17:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-13 11:15 - 2017-07-31 17:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-13 11:15 - 2017-07-31 17:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-13 11:15 - 2017-07-31 17:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-13 11:15 - 2017-07-31 17:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-13 11:15 - 2017-07-31 17:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-13 11:15 - 2017-07-31 17:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-13 11:15 - 2017-07-31 17:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-13 11:15 - 2017-07-31 17:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-13 11:15 - 2017-07-31 17:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-13 11:15 - 2017-07-31 17:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-13 11:15 - 2017-07-31 17:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-13 11:15 - 2017-07-31 17:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-13 11:15 - 2017-07-31 17:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-13 11:15 - 2017-07-31 17:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-13 11:15 - 2017-07-31 17:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-13 11:15 - 2017-07-31 17:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-13 11:15 - 2017-07-31 17:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-13 11:15 - 2017-07-31 17:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-13 11:15 - 2017-07-31 17:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-13 11:15 - 2017-07-31 17:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-13 11:15 - 2017-07-27 21:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-13 11:15 - 2017-07-27 21:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-13 11:15 - 2017-07-27 21:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-13 11:15 - 2017-07-27 21:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-13 11:15 - 2017-07-27 21:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-13 11:15 - 2017-07-27 21:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-13 11:15 - 2017-07-27 21:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-13 11:15 - 2017-07-27 21:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-13 11:15 - 2017-07-27 21:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-13 11:15 - 2017-07-27 21:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-13 11:15 - 2017-07-27 21:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-13 11:15 - 2017-07-27 21:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-13 11:15 - 2017-07-27 21:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-13 11:15 - 2017-07-27 21:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-13 11:15 - 2017-07-27 21:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-13 11:15 - 2017-07-27 21:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-13 11:15 - 2017-07-27 21:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-13 11:15 - 2017-07-27 21:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-13 11:15 - 2017-07-27 21:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-13 11:15 - 2017-07-27 21:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-13 11:15 - 2017-07-27 21:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-13 11:15 - 2017-07-27 21:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-13 11:15 - 2017-07-27 21:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-13 11:15 - 2017-07-27 21:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-13 11:15 - 2017-07-27 21:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-13 11:15 - 2017-07-27 21:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-13 11:15 - 2017-07-27 21:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-13 11:15 - 2017-07-27 21:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-13 11:15 - 2017-07-27 21:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-13 11:15 - 2017-07-27 21:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-13 11:15 - 2017-07-27 21:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-13 11:15 - 2017-07-27 21:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-13 11:15 - 2017-07-27 20:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-13 11:15 - 2017-07-27 20:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-13 11:15 - 2017-07-27 20:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-13 11:15 - 2017-07-27 20:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-13 11:15 - 2017-07-27 20:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-13 11:15 - 2017-07-27 20:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-13 11:15 - 2017-07-27 20:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-13 11:15 - 2017-07-27 20:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-13 11:15 - 2017-07-27 20:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-13 11:15 - 2017-07-27 20:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-13 11:15 - 2017-07-27 20:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-13 11:15 - 2017-07-27 20:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-13 11:15 - 2017-07-27 20:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-13 11:15 - 2017-07-27 20:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2017-08-13 11:15 - 2017-07-27 20:25 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2017-08-13 11:15 - 2017-07-27 20:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-13 11:15 - 2017-07-27 20:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-13 11:15 - 2017-07-27 20:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-13 11:15 - 2017-07-27 20:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-13 11:15 - 2017-07-27 20:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-13 11:15 - 2017-07-27 20:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-13 11:15 - 2017-07-27 20:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-13 11:15 - 2017-07-27 20:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-13 11:15 - 2017-07-27 20:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-13 11:15 - 2017-07-27 20:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-13 11:15 - 2017-07-27 20:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-13 11:15 - 2017-07-27 20:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-13 11:15 - 2017-07-27 20:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-13 11:15 - 2017-07-27 20:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-13 11:15 - 2017-07-27 20:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-13 11:15 - 2017-07-27 20:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-13 11:15 - 2017-07-27 20:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-13 11:15 - 2017-07-27 20:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-13 11:15 - 2017-07-27 20:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-13 11:15 - 2017-07-27 20:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-13 11:15 - 2017-07-27 20:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-13 11:15 - 2017-07-27 20:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-13 11:15 - 2017-07-27 20:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-13 11:15 - 2017-07-27 20:20 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-08-13 11:15 - 2017-07-27 20:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-13 11:15 - 2017-07-27 20:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-13 11:15 - 2017-07-27 20:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-13 11:15 - 2017-07-27 20:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-13 11:15 - 2017-07-27 20:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-13 11:15 - 2017-07-27 20:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-13 11:15 - 2017-07-27 20:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-13 11:15 - 2017-07-27 20:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-13 11:15 - 2017-07-27 20:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-13 11:15 - 2017-07-27 20:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-13 11:15 - 2017-07-27 20:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-13 11:15 - 2017-07-27 20:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-13 11:15 - 2017-07-27 20:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-13 11:15 - 2017-07-27 20:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-13 11:15 - 2017-07-27 20:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-13 11:15 - 2017-07-27 20:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-13 11:15 - 2017-07-27 20:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-13 11:15 - 2017-07-27 20:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-13 11:15 - 2017-07-27 20:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-13 11:15 - 2017-07-27 20:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-13 11:15 - 2017-07-27 20:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-13 11:15 - 2017-07-27 20:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-13 11:15 - 2017-07-27 20:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-13 11:15 - 2017-07-27 20:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-13 11:15 - 2017-07-27 20:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-13 11:15 - 2017-07-27 20:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-13 11:15 - 2017-07-27 20:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-13 11:15 - 2017-07-27 20:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-13 11:15 - 2017-07-27 20:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-13 11:15 - 2017-07-27 20:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-13 11:15 - 2017-07-27 20:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-13 11:15 - 2017-07-27 20:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-13 11:15 - 2017-07-27 20:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-13 11:15 - 2017-07-27 20:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-13 11:15 - 2017-07-27 20:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-13 11:15 - 2017-07-27 20:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-13 11:15 - 2017-07-27 20:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-13 11:15 - 2017-07-27 20:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-13 11:15 - 2017-07-27 20:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-13 11:15 - 2017-07-27 20:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-13 11:15 - 2017-07-27 20:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-13 11:15 - 2017-07-27 20:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-13 11:15 - 2017-07-27 20:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-13 11:15 - 2017-07-27 20:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-13 11:15 - 2017-07-27 20:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-13 11:15 - 2017-07-27 20:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-13 11:15 - 2017-07-27 20:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-13 11:15 - 2017-07-27 20:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-13 11:15 - 2017-07-27 20:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-13 11:15 - 2017-07-27 20:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-13 11:15 - 2017-07-27 20:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-13 11:15 - 2017-07-27 20:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-13 11:15 - 2017-07-27 20:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-13 09:22 - 2017-08-14 07:55 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-13 09:21 - 2017-08-14 07:55 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-08-13 09:20 - 2017-08-15 16:56 - 000000000 ____D C:\Users\Chris\Desktop\SmitfraudFix
2017-08-13 09:20 - 2017-08-14 06:59 - 000002523 _____ C:\rapport.txt
2017-08-13 09:20 - 2017-08-14 06:59 - 000000214 _____ C:\WINDOWS\SysWOW64\tmp.reg
2017-08-13 09:20 - 2017-08-14 06:59 - 000000000 _____ C:\WINDOWS\SysWOW64\tmp.txt
2017-08-13 09:20 - 2009-06-02 11:17 - 000075776 _____ C:\WINDOWS\SysWOW64\WS2Fix.exe
2017-08-13 09:20 - 2008-12-12 01:57 - 000078336 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\Agent.OMZ.Fix.exe
2017-08-13 09:20 - 2008-11-29 18:58 - 000082944 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\IEDFix.C.exe
2017-08-13 09:20 - 2008-10-01 15:51 - 000087552 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\VACFix.exe
2017-08-13 09:20 - 2008-09-20 12:45 - 000080384 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\o4Patch.exe
2017-08-13 09:20 - 2008-08-18 12:19 - 000082432 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\404Fix.exe
2017-08-13 09:20 - 2008-05-18 21:40 - 000082944 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\IEDFix.exe
2017-08-13 09:20 - 2007-09-06 00:22 - 000289144 _____ (S!Ri) C:\WINDOWS\SysWOW64\VCCLSID.exe
2017-08-13 09:20 - 2006-12-01 06:20 - 000079360 _____ (SteelWerX) C:\WINDOWS\SysWOW64\swxcacls.exe
2017-08-13 09:20 - 2006-08-29 19:43 - 000135168 _____ (SteelWerX) C:\WINDOWS\SysWOW64\swreg.exe
2017-08-13 09:20 - 2006-04-27 17:49 - 000288417 _____ (S!Ri) C:\WINDOWS\SysWOW64\SrchSTS.exe
2017-08-13 09:20 - 2006-01-09 10:36 - 000040960 _____ C:\WINDOWS\SysWOW64\swsc.exe
2017-08-13 09:20 - 2004-07-31 18:50 - 000051200 _____ C:\WINDOWS\SysWOW64\dumphive.exe
2017-08-13 09:00 - 2017-08-13 09:08 - 1587609600 _____ C:\Users\Chris\Desktop\ubuntu-16.04.3-desktop-amd64.iso
2017-08-13 06:16 - 2017-08-13 06:16 - 000006339 _____ C:\Users\Chris\Desktop\hijackthis_logfile_08_13_2017
2017-08-13 06:10 - 2017-08-13 06:11 - 000156774 _____ C:\TDSSKiller.3.1.0.15_13.08.2017_06.10.12_log.txt
2017-08-13 05:55 - 2017-08-13 06:11 - 000000872 _____ C:\Users\Chris\Desktop\Install Kaspersky Anti-Virus version .lnk
2017-08-13 05:52 - 2017-08-13 05:52 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Chris\Desktop\tdsskiller.exe
2017-08-11 14:17 - 2017-08-11 14:18 - 000156048 _____ C:\TDSSKiller.3.1.0.15_11.08.2017_14.17.46_log.txt
2017-08-11 14:13 - 2017-08-11 14:13 - 000388608 _____ (Trend Micro Inc.) C:\Users\Chris\Desktop\HijackThis.exe
2017-08-11 13:59 - 2017-08-11 13:59 - 000000706 _____ C:\Program Files (x86)\LMIR0002.tmp.bat
2017-08-11 13:59 - 2017-08-11 13:59 - 000000514 _____ C:\Program Files (x86)\LMIR0002.tmp_r.bat
2017-08-11 10:49 - 2017-08-11 10:49 - 000000000 ____D C:\$WINDOWS.~LS
2017-08-11 10:26 - 2017-08-11 10:26 - 3638820864 _____ C:\Users\Test\Desktop\Windows.iso
2017-08-11 10:26 - 2017-08-11 10:26 - 000961144 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Test\Downloads\rufus-2.16 (1).exe
2017-08-11 10:20 - 2017-08-11 10:20 - 018357776 _____ (Microsoft Corporation) C:\Users\Test\Downloads\MediaCreationTool.exe
2017-08-11 10:20 - 2017-08-11 10:20 - 000000000 ___HD C:\$Windows.~WS
2017-08-11 10:02 - 2017-08-11 10:02 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-08-11 10:01 - 2017-08-11 10:35 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-08-11 09:53 - 2017-08-11 09:53 - 000961144 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Test\Downloads\rufus-2.16.exe
2017-08-11 09:53 - 2017-08-11 09:53 - 000000000 ____D C:\Users\Test\AppData\Roaming\WebStorage
2017-08-11 09:52 - 2017-08-11 10:26 - 000000000 ____D C:\Users\Test\AppData\Local\Google
2017-08-11 09:19 - 2017-08-16 05:15 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-08-11 08:58 - 2017-08-11 08:58 - 000000000 ____D C:\Users\Test\AppData\Roaming\Macromedia
2017-08-11 08:57 - 2017-08-11 08:57 - 000000000 ____D C:\Users\Test\AppData\Roaming\Adobe
2017-08-11 08:44 - 2017-08-11 09:19 - 000000000 ____D C:\Users\Test\AppData\Local\packages
2017-08-11 08:42 - 2017-08-12 10:26 - 000000000 ____D C:\Users\Test\AppData\Local\CrashDumps
2017-08-11 08:42 - 2017-08-11 08:42 - 000001321 _____ C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AEGIS_II_AsToastHelper.lnk
2017-08-11 08:42 - 2017-08-11 08:42 - 000000020 ___SH C:\Users\Test\ntuser.ini
2017-08-11 08:42 - 2017-08-11 08:42 - 000000000 ____D C:\Users\Test\Documents\AEGIS II
2017-08-11 08:42 - 2017-08-11 08:42 - 000000000 ____D C:\Users\Test\AppData\Local\TileDataLayer
2017-08-11 08:42 - 2017-08-11 08:42 - 000000000 ____D C:\Users\Test\AppData\Local\DBG
2017-08-11 08:42 - 2017-08-11 08:42 - 000000000 ____D C:\Users\Test\AppData\Local\ConnectedDevicesPlatform
2017-08-11 08:42 - 2017-08-11 08:42 - 000000000 ____D C:\Users\Test\AppData\Local\ASUS
2017-08-11 08:42 - 2017-08-11 08:42 - 000000000 ____D C:\Users\Test
2017-08-11 08:40 - 2017-08-11 09:16 - 000003654 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-08-11 08:34 - 2017-08-13 07:45 - 000000000 ____D C:\WINDOWS\pss
2017-08-11 08:33 - 2017-08-11 15:54 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue Applet
2017-08-11 08:33 - 2017-08-11 13:59 - 000000000 ____D C:\Users\Chris\AppData\Local\LogMeIn Rescue Applet
2017-08-11 08:33 - 2017-08-11 08:33 - 000002297 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support.lnk
2017-08-11 06:47 - 2017-08-11 06:52 - 000000216 _____ C:\Users\Chris\Desktop\Windows 10 Home - ProduKey.txt
2017-08-11 06:45 - 2017-08-11 06:52 - 000000000 ____D C:\Users\Chris\Desktop\produkey-x64
2017-08-10 07:29 - 2017-08-10 07:29 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Sync App Settings
2017-08-09 10:51 - 2017-08-09 10:51 - 000000488 _____ C:\WINDOWS\Tasks\DriverMax Notification.job
2017-08-09 10:51 - 2017-08-09 10:51 - 000000000 ____D C:\Users\Chris\My Drivers
2017-08-09 10:50 - 2017-08-09 10:50 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Innovative Solutions
2017-08-09 10:50 - 2017-08-09 10:50 - 000000000 ____D C:\Users\Chris\AppData\Local\Innovative Solutions
2017-08-09 10:50 - 2017-08-09 10:50 - 000000000 ____D C:\My Drivers
2017-08-09 10:42 - 2017-08-09 10:42 - 000000000 ____D C:\Users\Public\Thunder Network
2017-08-09 10:42 - 2017-08-09 10:42 - 000000000 ____D C:\ProgramData\Thunder Network
2017-08-09 10:41 - 2017-08-09 10:50 - 000000000 ____D C:\Program Files (x86)\OSTotoSoft
2017-08-09 10:41 - 2017-08-09 10:41 - 012175000 _____ (OSToto Co., Ltd.) C:\Users\Chris\Desktop\DriverTalent_setup.exe
2017-08-09 10:41 - 2017-08-09 10:41 - 000000000 ____D C:\Users\Chris\AppData\Roaming\DriverTalent
2017-08-09 10:41 - 2017-08-09 10:41 - 000000000 ____D C:\ProgramData\DriverTalent
2017-08-09 10:41 - 2017-08-09 10:41 - 000000000 ____D C:\OSTotoFolder
2017-08-08 20:58 - 2017-08-08 20:59 - 000000000 ____D C:\Users\Chris\AppData\Roaming\EAC
2017-08-08 20:58 - 2017-08-08 20:58 - 000001146 _____ C:\Users\Public\Desktop\Exact Audio Copy.lnk
2017-08-08 20:58 - 2017-08-08 20:58 - 000000000 ____D C:\Users\Chris\AppData\Roaming\AccurateRip
2017-08-08 20:58 - 2017-08-08 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2017-08-08 20:58 - 2017-08-08 20:58 - 000000000 ____D C:\Program Files (x86)\Exact Audio Copy
2017-08-08 16:05 - 2017-08-08 17:00 - 000028973 _____ C:\Users\Chris\Desktop\MTB.txt
2017-08-08 16:03 - 2017-08-08 16:03 - 000000555 _____ C:\Users\Chris\Desktop\JRT.txt
2017-08-07 13:02 - 2017-08-07 13:08 - 334098432 _____ C:\Users\Chris\Desktop\kav_rescue_10.iso
2017-08-07 12:59 - 2017-08-07 12:59 - 005200384 _____ (AVAST Software) C:\Users\Chris\Desktop\aswmbr.exe
2017-08-07 12:58 - 2017-08-07 12:58 - 000380928 _____ C:\Users\Chris\Desktop\iexplore.exe.exe
2017-08-07 11:46 - 2017-08-07 11:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2017-08-07 11:27 - 2017-08-07 11:27 - 019733696 _____ (Microsoft Corporation) C:\Users\Chris\Desktop\MediaCreationToolx64.exe
2017-08-07 10:03 - 2017-08-07 10:16 - 000000000 ___HD C:\$SysReset
2017-08-07 09:34 - 2017-08-07 09:34 - 044003024 _____ (Microsoft Corporation) C:\Users\Chris\Desktop\Windows-KB890830-x64-V5.50.exe
2017-08-06 06:12 - 2017-08-06 06:12 - 000000416 _____ C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2017-08-06 06:12 - 2017-07-11 12:41 - 000365248 _____ (COMODO) C:\ProgramData\cmdres.dll
2017-08-06 06:12 - 2017-07-11 12:36 - 004784320 _____ (COMODO) C:\ProgramData\cis681E.exe
2017-08-06 06:07 - 2017-08-06 06:07 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2017-08-06 06:07 - 2017-08-06 06:07 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2017-08-06 05:58 - 2017-08-15 09:57 - 000000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2017-08-05 16:38 - 2017-08-05 16:38 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IM-Magic Partition Resizer Free
2017-08-05 16:09 - 2017-08-05 16:09 - 000000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2017-08-05 15:45 - 2017-08-06 06:14 - 000000000 ____D C:\Program Files (x86)\Comodo
2017-08-05 15:45 - 2017-08-06 06:08 - 000000000 ____D C:\Users\Chris\AppData\Local\Comodo
2017-08-05 15:43 - 2017-08-06 06:14 - 000000000 ____D C:\ProgramData\Comodo
2017-08-05 15:43 - 2017-08-05 15:43 - 000000000 ____D C:\ProgramData\Shared Space
2017-08-05 15:43 - 2017-08-05 15:43 - 000000000 ____D C:\ProgramData\Comodo Downloader
2017-08-04 18:55 - 2017-08-04 18:55 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2017-08-04 18:55 - 2017-08-04 18:55 - 000000000 ____D C:\Program Files\Unlocker
2017-08-04 12:22 - 2017-08-04 12:22 - 243020056 _____ (Sophos Limited) C:\Users\Chris\Desktop\SophosInstall.exe
2017-08-04 11:19 - 2017-08-14 09:50 - 000000000 ____D C:\Users\Chris\Desktop\gmer
2017-08-04 11:14 - 2017-08-04 20:49 - 000000000 ____D C:\ProgramData\Sophos
2017-08-04 11:13 - 2017-08-04 20:48 - 000000000 ____D C:\Program Files (x86)\Sophos
2017-08-04 11:13 - 2017-08-04 11:13 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-08-04 11:13 - 2017-08-04 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-08-04 07:27 - 2017-08-04 07:28 - 000003543 _____ C:\Users\Chris\Desktop\Bleeping Computer - Broni Help.txt
2017-08-04 07:26 - 2017-08-04 07:26 - 173494704 _____ (Sophos Limited) C:\Users\Chris\Desktop\Sophos Virus Removal Tool.exe
2017-08-04 07:26 - 2017-08-04 07:26 - 001790024 _____ (Malwarebytes) C:\Users\Chris\Desktop\Junkware Removal Tool.exe
2017-08-04 07:25 - 2017-08-04 07:25 - 008185288 _____ (Malwarebytes) C:\Users\Chris\Desktop\AdwCleaner.exe
2017-08-04 07:25 - 2017-08-04 07:25 - 000448512 _____ (OldTimer Tools) C:\Users\Chris\Desktop\Temp File Cleaner.exe
2017-08-03 14:08 - 2015-06-30 21:33 - 004506840 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-08-03 14:08 - 2015-06-30 20:17 - 002897741 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-08-03 14:08 - 2015-06-30 19:36 - 001748696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-08-03 14:08 - 2015-06-30 16:04 - 000184688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-08-03 14:08 - 2015-06-30 15:10 - 002931416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-08-03 14:08 - 2015-06-30 15:10 - 002585816 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2017-08-03 14:08 - 2015-06-26 20:10 - 001310936 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-08-03 14:08 - 2015-06-25 17:43 - 002461528 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2017-08-03 14:08 - 2015-06-25 17:43 - 002393432 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2017-08-03 14:08 - 2015-06-24 23:41 - 000944984 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2017-08-03 14:08 - 2015-06-24 23:41 - 000349528 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2017-08-03 14:08 - 2015-06-22 14:43 - 002702552 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-08-03 14:08 - 2015-06-17 14:45 - 003234520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-08-03 14:08 - 2015-06-11 19:40 - 003157796 _____ C:\WINDOWS\system32\Drivers\rtkSSTsetting.dat
2017-08-03 14:08 - 2015-06-10 13:20 - 003129672 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2017-08-03 14:08 - 2015-06-10 13:20 - 000728392 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2017-08-03 14:08 - 2015-06-09 11:17 - 005708736 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2017-08-03 14:08 - 2015-06-02 19:25 - 001576976 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-08-03 14:08 - 2015-05-25 15:18 - 003195416 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2017-08-03 14:08 - 2015-05-15 19:27 - 002918104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-08-03 14:08 - 2015-05-11 18:53 - 012996528 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2017-08-03 14:08 - 2015-05-11 13:08 - 001374640 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2017-08-03 14:08 - 2015-05-11 13:08 - 001192368 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2017-08-03 14:08 - 2015-05-11 13:08 - 001145264 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2017-08-03 14:08 - 2015-05-11 13:08 - 000980400 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2017-08-03 14:08 - 2015-04-27 16:09 - 000328816 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2017-08-03 14:08 - 2015-04-24 05:42 - 000858256 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-08-03 14:08 - 2015-04-24 05:42 - 000684176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-08-03 14:08 - 2015-04-24 05:42 - 000435856 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-08-03 14:08 - 2015-04-24 05:41 - 000555664 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.DLL
2017-08-03 14:08 - 2015-04-13 16:25 - 003262184 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2017-08-03 14:08 - 2015-02-05 17:48 - 012834736 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2017-08-03 14:08 - 2015-02-05 17:48 - 002789808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2017-08-03 14:08 - 2015-02-04 00:38 - 001413776 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-08-03 14:08 - 2015-02-04 00:38 - 000454288 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-08-03 14:08 - 2015-02-04 00:38 - 000369296 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-08-03 14:08 - 2015-02-04 00:38 - 000329360 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-08-03 14:08 - 2015-02-04 00:38 - 000329360 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-08-03 14:08 - 2015-01-23 18:16 - 000213432 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaemaxapo64.dll
2017-08-03 14:08 - 2015-01-19 18:10 - 072113152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-08-03 14:08 - 2014-12-11 08:10 - 001104040 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-08-03 14:08 - 2014-12-11 08:10 - 000943784 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-08-03 14:08 - 2014-12-11 08:10 - 000734376 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-08-03 14:08 - 2014-12-11 08:10 - 000250536 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-08-03 14:08 - 2014-12-09 07:42 - 006255888 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2017-08-03 14:08 - 2014-12-09 07:42 - 001933584 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2017-08-03 14:08 - 2014-12-09 07:42 - 000349968 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2017-08-03 14:08 - 2014-12-09 07:42 - 000298768 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2017-08-03 14:08 - 2014-11-11 13:44 - 000631000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-08-03 14:08 - 2014-10-24 10:12 - 005234952 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2017-08-03 14:08 - 2014-10-24 10:12 - 000995120 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2017-08-03 14:08 - 2014-09-24 11:31 - 007087448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-08-03 14:08 - 2014-09-24 11:31 - 001939800 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-08-03 14:08 - 2014-09-24 11:31 - 000315736 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-08-03 14:08 - 2014-09-24 11:31 - 000261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-08-03 14:08 - 2014-06-17 19:17 - 000856992 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2017-08-03 14:08 - 2014-06-09 10:59 - 000560328 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2017-08-03 14:08 - 2014-05-22 16:24 - 000096568 _____ C:\WINDOWS\system32\audioLibVc.dll
2017-08-03 14:08 - 2014-04-10 12:19 - 002101848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2017-08-03 14:08 - 2014-04-10 12:19 - 002041432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2017-08-03 14:08 - 2014-02-27 20:02 - 002162992 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2017-08-03 14:08 - 2014-01-31 17:27 - 001313904 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2017-08-03 14:08 - 2013-10-11 12:47 - 000113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-08-03 14:08 - 2013-10-11 11:31 - 000947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2017-08-03 14:08 - 2013-10-07 00:26 - 000501184 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2017-08-03 14:08 - 2013-10-07 00:26 - 000487360 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2017-08-03 14:08 - 2013-10-07 00:26 - 000415680 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2017-08-03 14:08 - 2013-08-14 15:36 - 000662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2017-08-03 14:08 - 2013-08-14 15:35 - 000663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2017-08-03 14:08 - 2013-07-23 15:39 - 014048512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2017-08-03 14:08 - 2013-07-23 15:39 - 000922880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2017-08-03 14:08 - 2013-06-25 12:47 - 000871856 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
2017-08-03 14:08 - 2013-06-25 12:47 - 000162224 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
2017-08-03 14:08 - 2013-06-25 12:46 - 000582056 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
2017-08-03 14:08 - 2013-06-21 11:01 - 000109848 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2017-08-03 14:08 - 2013-04-03 14:13 - 000906800 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2017-08-03 14:08 - 2012-08-31 19:18 - 007164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-08-03 14:08 - 2012-08-31 19:17 - 000434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-08-03 14:08 - 2012-08-31 19:17 - 000141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-08-03 14:08 - 2012-08-31 19:17 - 000124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-08-03 14:08 - 2012-08-31 19:17 - 000075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-08-03 14:08 - 2012-03-08 11:47 - 000108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2017-08-03 14:08 - 2012-01-10 10:20 - 000065944 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2017-08-03 14:08 - 2011-12-20 15:32 - 000331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-08-03 14:08 - 2011-09-02 14:21 - 000221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2017-08-03 14:08 - 2011-09-02 14:21 - 000081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2017-08-03 14:08 - 2011-09-02 14:21 - 000078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2017-08-03 14:08 - 2011-08-23 17:00 - 000603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 001756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 001568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 001486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-08-03 14:08 - 2011-03-17 12:17 - 001361336 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2017-08-03 14:08 - 2011-03-07 17:11 - 000148416 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2017-08-03 14:08 - 2010-11-08 07:31 - 000375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-08-03 14:08 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-08-03 14:08 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-08-03 14:08 - 2010-11-08 07:31 - 000204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-08-03 14:08 - 2010-11-08 07:31 - 000101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-08-03 14:08 - 2010-11-08 07:31 - 000078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-08-03 14:08 - 2010-09-27 09:34 - 000318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2017-08-03 14:08 - 2010-07-22 16:48 - 000074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2017-08-03 14:08 - 2009-11-24 09:55 - 000518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-08-03 14:08 - 2009-11-24 09:55 - 000211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2017-08-03 14:08 - 2009-11-24 09:55 - 000198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2017-08-03 14:08 - 2009-11-24 09:55 - 000155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-08-03 14:04 - 2017-08-03 14:04 - 000000000 ____D C:\Users\Chris\AppData\Roaming\ASUS
2017-08-03 13:14 - 2017-08-03 13:14 - 000000000 ____D C:\Program Files\Common Files\Nikon
2017-08-03 13:14 - 2017-08-03 13:14 - 000000000 ____D C:\Program Files (x86)\Nikon
2017-08-03 13:13 - 2017-08-06 06:16 - 000000000 ____D C:\Program Files\Nikon
2017-08-03 13:13 - 2017-08-03 13:13 - 000002163 _____ C:\Users\Public\Desktop\Capture NX-D.lnk
2017-08-03 13:13 - 2017-08-03 13:13 - 000000000 ____D C:\WINDOWS\Downloaded Installations
2017-08-03 13:13 - 2017-08-03 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capture NX-D
2017-08-03 13:08 - 2017-08-03 13:08 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-08-03 13:03 - 2017-08-03 14:02 - 000000000 ____D C:\Nikon Coolpix S6800
2017-08-03 08:37 - 2017-08-03 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-08-03 08:37 - 2017-08-03 08:37 - 000000000 ____D C:\Program Files\7-Zip
2017-08-03 07:46 - 2017-08-03 13:14 - 000000000 ____D C:\Users\Chris\AppData\Local\Downloaded Installations
2017-08-03 07:32 - 2017-08-03 07:32 - 000000000 ____D C:\Users\Chris\AppData\Roaming\FireShot
2017-08-02 22:52 - 2017-08-14 08:38 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-02 22:51 - 2017-08-14 08:38 - 000000000 ____D C:\Users\Chris\Desktop\mbar
2017-08-02 21:58 - 2017-08-02 23:25 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Chris\Desktop\rkill.exe
2017-08-02 21:57 - 2017-08-02 21:57 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Chris\Desktop\mbar-1.09.3.1001.exe
2017-08-02 21:56 - 2017-08-02 21:56 - 000892416 _____ (Farbar) C:\Users\Chris\Desktop\MiniToolBox.exe
2017-08-02 21:55 - 2017-08-02 21:55 - 000852798 _____ C:\Users\Chris\Desktop\SecurityCheck.exe
2017-08-02 18:46 - 2017-07-06 22:31 - 001518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-08-02 18:46 - 2017-07-06 22:00 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-08-02 18:46 - 2017-07-06 21:59 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-08-02 18:46 - 2017-07-06 21:58 - 002298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-08-02 18:46 - 2017-07-06 21:58 - 001237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-08-02 18:46 - 2017-06-19 21:15 - 000455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-08-02 18:46 - 2017-06-19 21:08 - 004469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-08-02 18:46 - 2017-06-19 21:04 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-08-02 18:46 - 2017-06-19 21:02 - 001121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-08-02 18:46 - 2017-06-19 21:00 - 002597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-08-02 18:46 - 2017-06-19 20:39 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-08-02 18:46 - 2017-06-19 20:35 - 002679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-08-02 18:46 - 2017-06-19 20:35 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-02 18:46 - 2017-06-19 20:34 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-08-02 18:46 - 2017-06-19 20:34 - 001492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-08-02 18:45 - 2017-07-07 06:00 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-08-02 18:45 - 2017-07-06 23:26 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-08-02 18:45 - 2017-07-06 23:25 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-08-02 18:45 - 2017-07-06 23:24 - 000117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-08-02 18:45 - 2017-07-06 23:22 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-08-02 18:45 - 2017-07-06 23:21 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-08-02 18:45 - 2017-07-06 23:20 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-08-02 18:45 - 2017-07-06 23:20 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-08-02 18:45 - 2017-07-06 23:14 - 001760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-08-02 18:45 - 2017-07-06 23:13 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-08-02 18:45 - 2017-07-06 23:11 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-08-02 18:45 - 2017-07-06 23:10 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-08-02 18:45 - 2017-07-06 23:10 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-08-02 18:45 - 2017-07-06 23:09 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-08-02 18:45 - 2017-07-06 23:07 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-08-02 18:45 - 2017-07-06 23:07 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-08-02 18:45 - 2017-07-06 22:57 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-08-02 18:45 - 2017-07-06 22:57 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-08-02 18:45 - 2017-07-06 22:37 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-08-02 18:45 - 2017-07-06 22:37 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-08-02 18:45 - 2017-07-06 22:31 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-08-02 18:45 - 2017-07-06 22:30 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-08-02 18:45 - 2017-07-06 22:29 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-08-02 18:45 - 2017-07-06 22:27 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-08-02 18:45 - 2017-07-06 22:27 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-08-02 18:45 - 2017-07-06 22:26 - 001529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-08-02 18:45 - 2017-07-06 22:25 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-08-02 18:45 - 2017-07-06 22:22 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-08-02 18:45 - 2017-07-06 22:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-08-02 18:45 - 2017-07-06 22:19 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-08-02 18:45 - 2017-07-06 22:18 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-08-02 18:45 - 2017-07-06 22:18 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-08-02 18:45 - 2017-07-06 22:18 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-08-02 18:45 - 2017-07-06 22:17 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-08-02 18:45 - 2017-07-06 22:17 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-08-02 18:45 - 2017-07-06 22:16 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-08-02 18:45 - 2017-07-06 22:15 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-08-02 18:45 - 2017-07-06 22:14 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-08-02 18:45 - 2017-07-06 22:14 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-08-02 18:45 - 2017-07-06 22:14 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-08-02 18:45 - 2017-07-06 22:14 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-08-02 18:45 - 2017-07-06 22:13 - 005892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-08-02 18:45 - 2017-07-06 22:12 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-08-02 18:45 - 2017-07-06 22:12 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-08-02 18:45 - 2017-07-06 22:12 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-08-02 18:45 - 2017-07-06 22:11 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-08-02 18:45 - 2017-07-06 22:11 - 001888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-08-02 18:45 - 2017-07-06 22:11 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-08-02 18:45 - 2017-07-06 22:10 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-08-02 18:45 - 2017-07-06 22:09 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-08-02 18:45 - 2017-07-06 22:08 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-08-02 18:45 - 2017-07-06 22:07 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-08-02 18:45 - 2017-07-06 22:07 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-08-02 18:45 - 2017-07-06 22:06 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-08-02 18:45 - 2017-07-06 22:06 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-08-02 18:45 - 2017-07-06 22:06 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-08-02 18:45 - 2017-07-06 22:05 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-08-02 18:45 - 2017-07-06 22:05 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-08-02 18:45 - 2017-07-06 22:04 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-08-02 18:45 - 2017-07-06 22:04 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-08-02 18:45 - 2017-07-06 22:04 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-08-02 18:45 - 2017-07-06 22:03 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-08-02 18:45 - 2017-07-06 22:02 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-08-02 18:45 - 2017-07-06 22:01 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-02 18:45 - 2017-07-06 22:00 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-08-02 18:45 - 2017-07-06 22:00 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-08-02 18:45 - 2017-07-06 21:59 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-08-02 18:45 - 2017-07-06 21:58 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-08-02 18:45 - 2017-07-06 21:55 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-08-02 18:45 - 2017-07-06 21:55 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-08-02 18:45 - 2017-07-06 21:53 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-08-02 18:45 - 2017-07-06 21:53 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-08-02 18:45 - 2017-07-01 14:52 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-08-02 18:45 - 2017-06-19 22:17 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-08-02 18:45 - 2017-06-19 22:16 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-08-02 18:45 - 2017-06-19 22:15 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-08-02 18:45 - 2017-06-19 22:11 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-08-02 18:45 - 2017-06-19 22:11 - 000411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-08-02 18:45 - 2017-06-19 22:10 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-08-02 18:45 - 2017-06-19 22:08 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-08-02 18:45 - 2017-06-19 22:05 - 001057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-08-02 18:45 - 2017-06-19 22:04 - 004847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-08-02 18:45 - 2017-06-19 22:03 - 000102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-08-02 18:45 - 2017-06-19 22:02 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-08-02 18:45 - 2017-06-19 22:00 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-08-02 18:45 - 2017-06-19 21:59 - 001220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-08-02 18:45 - 2017-06-19 21:59 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-08-02 18:45 - 2017-06-19 21:58 - 000833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-08-02 18:45 - 2017-06-19 21:34 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-08-02 18:45 - 2017-06-19 21:15 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-08-02 18:45 - 2017-06-19 21:14 - 001150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-08-02 18:45 - 2017-06-19 21:13 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-08-02 18:45 - 2017-06-19 21:13 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-08-02 18:45 - 2017-06-19 21:12 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-08-02 18:45 - 2017-06-19 21:12 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-08-02 18:45 - 2017-06-19 21:11 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-08-02 18:45 - 2017-06-19 21:11 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-08-02 18:45 - 2017-06-19 21:10 - 000722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-08-02 18:45 - 2017-06-19 21:10 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-08-02 18:45 - 2017-06-19 21:10 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-08-02 18:45 - 2017-06-19 21:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-08-02 18:45 - 2017-06-19 21:09 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-08-02 18:45 - 2017-06-19 21:09 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-08-02 18:45 - 2017-06-19 21:09 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-08-02 18:45 - 2017-06-19 21:09 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-08-02 18:45 - 2017-06-19 21:09 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-08-02 18:45 - 2017-06-19 21:08 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-08-02 18:45 - 2017-06-19 21:08 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-08-02 18:45 - 2017-06-19 21:08 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-08-02 18:45 - 2017-06-19 21:08 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-08-02 18:45 - 2017-06-19 21:08 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-08-02 18:45 - 2017-06-19 21:07 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-08-02 18:45 - 2017-06-19 21:07 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-08-02 18:45 - 2017-06-19 21:07 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-08-02 18:45 - 2017-06-19 21:07 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-08-02 18:45 - 2017-06-19 21:07 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-08-02 18:45 - 2017-06-19 21:07 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-08-02 18:45 - 2017-06-19 21:07 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-08-02 18:45 - 2017-06-19 21:06 - 000754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-08-02 18:45 - 2017-06-19 21:06 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-08-02 18:45 - 2017-06-19 21:06 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-08-02 18:45 - 2017-06-19 21:05 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-08-02 18:45 - 2017-06-19 21:05 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-08-02 18:45 - 2017-06-19 21:04 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-08-02 18:45 - 2017-06-19 21:04 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-08-02 18:45 - 2017-06-19 21:04 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-08-02 18:45 - 2017-06-19 21:04 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-08-02 18:45 - 2017-06-19 21:04 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-08-02 18:45 - 2017-06-19 21:04 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-08-02 18:45 - 2017-06-19 21:04 - 000181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-08-02 18:45 - 2017-06-19 21:04 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-08-02 18:45 - 2017-06-19 21:04 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-08-02 18:45 - 2017-06-19 21:03 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-08-02 18:45 - 2017-06-19 21:03 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-08-02 18:45 - 2017-06-19 21:02 - 000354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-08-02 18:45 - 2017-06-19 21:01 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-08-02 18:45 - 2017-06-19 21:00 - 002171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-08-02 18:45 - 2017-06-19 20:59 - 001674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-08-02 18:45 - 2017-06-19 20:56 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-08-02 18:45 - 2017-06-19 20:49 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-08-02 18:45 - 2017-06-19 20:49 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-08-02 18:45 - 2017-06-19 20:46 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-08-02 18:45 - 2017-06-19 20:45 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-08-02 18:45 - 2017-06-19 20:45 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-08-02 18:45 - 2017-06-19 20:43 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-08-02 18:45 - 2017-06-19 20:43 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-08-02 18:45 - 2017-06-19 20:43 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-08-02 18:45 - 2017-06-19 20:43 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-08-02 18:45 - 2017-06-19 20:43 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-08-02 18:45 - 2017-06-19 20:43 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-08-02 18:45 - 2017-06-19 20:42 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-08-02 18:45 - 2017-06-19 20:42 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-08-02 18:45 - 2017-06-19 20:42 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-08-02 18:45 - 2017-06-19 20:42 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-08-02 18:45 - 2017-06-19 20:42 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-08-02 18:45 - 2017-06-19 20:41 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-08-02 18:45 - 2017-06-19 20:41 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-08-02 18:45 - 2017-06-19 20:41 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-08-02 18:45 - 2017-06-19 20:41 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-08-02 18:45 - 2017-06-19 20:41 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-08-02 18:45 - 2017-06-19 20:40 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-08-02 18:45 - 2017-06-19 20:40 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-08-02 18:45 - 2017-06-19 20:40 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-08-02 18:45 - 2017-06-19 20:40 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-08-02 18:45 - 2017-06-19 20:39 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-08-02 18:45 - 2017-06-19 20:39 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-08-02 18:45 - 2017-06-19 20:39 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-08-02 18:45 - 2017-06-19 20:39 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-08-02 18:45 - 2017-06-19 20:38 - 001451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-08-02 18:45 - 2017-06-19 20:38 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-08-02 18:45 - 2017-06-19 20:38 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-08-02 18:45 - 2017-06-19 20:38 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-08-02 18:45 - 2017-06-19 20:38 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-08-02 18:45 - 2017-06-19 20:37 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-08-02 18:45 - 2017-06-19 20:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-08-02 18:45 - 2017-06-19 20:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-08-02 18:45 - 2017-06-19 20:30 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-08-02 18:45 - 2017-06-19 20:30 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-08-02 18:45 - 2017-06-19 20:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-08-02 18:45 - 2017-06-19 20:28 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-08-02 18:44 - 2017-07-06 23:27 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-08-02 18:44 - 2017-07-06 23:27 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-08-02 18:44 - 2017-07-06 23:27 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-08-02 18:44 - 2017-07-06 23:27 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-08-02 18:44 - 2017-07-06 23:27 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-08-02 18:44 - 2017-07-06 23:17 - 001017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-08-02 18:44 - 2017-07-06 23:14 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-08-02 18:44 - 2017-07-06 23:13 - 000147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-08-02 18:44 - 2017-07-06 23:12 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-08-02 18:44 - 2017-07-06 23:10 - 000372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-08-02 18:44 - 2017-07-06 22:27 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-08-02 18:44 - 2017-07-06 22:27 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-08-02 18:44 - 2017-07-06 22:27 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-08-02 18:44 - 2017-07-06 22:27 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-08-02 18:44 - 2017-07-06 22:23 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-08-02 18:44 - 2017-07-06 22:22 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-08-02 18:44 - 2017-07-06 22:21 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-08-02 18:44 - 2017-07-06 22:19 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-08-02 18:44 - 2017-07-06 22:19 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-08-02 18:44 - 2017-07-06 22:18 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-08-02 18:44 - 2017-07-06 22:13 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-08-02 18:44 - 2017-07-06 22:12 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-02 18:44 - 2017-07-06 22:12 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-08-02 18:44 - 2017-07-06 22:12 - 001420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-08-02 18:44 - 2017-07-06 22:11 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-08-02 18:44 - 2017-07-06 22:11 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-08-02 18:44 - 2017-07-06 22:11 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-08-02 18:44 - 2017-07-06 22:07 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-08-02 18:44 - 2017-07-06 22:07 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-08-02 18:44 - 2017-07-06 22:05 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-08-02 18:44 - 2017-07-06 22:04 - 001703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-08-02 18:44 - 2017-07-06 22:04 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-08-02 18:44 - 2017-06-19 22:18 - 001564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-08-02 18:44 - 2017-06-19 22:18 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-08-02 18:44 - 2017-06-19 22:17 - 000629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-08-02 18:44 - 2017-06-19 22:17 - 000544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-08-02 18:44 - 2017-06-19 22:17 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-08-02 18:44 - 2017-06-19 22:17 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-08-02 18:44 - 2017-06-19 22:16 - 001214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-08-02 18:44 - 2017-06-19 22:03 - 000179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-08-02 18:44 - 2017-06-19 22:02 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-08-02 18:44 - 2017-06-19 22:00 - 000558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-08-02 18:44 - 2017-06-19 22:00 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-08-02 18:44 - 2017-06-19 21:59 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-08-02 18:44 - 2017-06-19 21:58 - 000406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-08-02 18:44 - 2017-06-19 21:58 - 000203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-08-02 18:44 - 2017-06-19 21:16 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-08-02 18:44 - 2017-06-19 21:16 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-08-02 18:44 - 2017-06-19 21:14 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-08-02 18:44 - 2017-06-19 21:13 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-08-02 18:44 - 2017-06-19 21:13 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-08-02 18:44 - 2017-06-19 21:13 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-08-02 18:44 - 2017-06-19 21:12 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-08-02 18:44 - 2017-06-19 21:09 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-08-02 18:44 - 2017-06-19 21:09 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-08-02 18:44 - 2017-06-19 21:09 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-08-02 18:44 - 2017-06-19 21:09 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-08-02 18:44 - 2017-06-19 21:09 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-08-02 18:44 - 2017-06-19 21:08 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-08-02 18:44 - 2017-06-19 21:07 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-08-02 18:44 - 2017-06-19 21:07 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-08-02 18:44 - 2017-06-19 21:07 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-08-02 18:44 - 2017-06-19 21:07 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-08-02 18:44 - 2017-06-19 21:06 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-08-02 18:44 - 2017-06-19 21:06 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-08-02 18:44 - 2017-06-19 21:06 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-08-02 18:44 - 2017-06-19 21:06 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-08-02 18:44 - 2017-06-19 21:06 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-08-02 18:44 - 2017-06-19 21:05 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-08-02 18:44 - 2017-06-19 21:05 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-08-02 18:44 - 2017-06-19 21:05 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-08-02 18:44 - 2017-06-19 21:05 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-08-02 18:44 - 2017-06-19 21:05 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-08-02 18:44 - 2017-06-19 21:04 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-08-02 18:44 - 2017-06-19 21:04 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-08-02 18:44 - 2017-06-19 21:02 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-08-02 18:44 - 2017-06-19 21:02 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-08-02 18:44 - 2017-06-19 21:01 - 003332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-08-02 18:44 - 2017-06-19 21:01 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-08-02 18:44 - 2017-06-19 21:01 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-08-02 18:44 - 2017-06-19 21:01 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-08-02 18:44 - 2017-06-19 21:00 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-08-02 18:44 - 2017-06-19 20:57 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-08-02 18:44 - 2017-06-19 20:57 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-08-02 18:44 - 2017-06-19 20:56 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-08-02 18:02 - 2017-08-11 09:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-02 17:02 - 2017-08-02 21:56 - 000899584 _____ (Farbar) C:\Users\Chris\Desktop\FSS.exe
2017-08-02 12:56 - 2017-08-15 09:57 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-02 12:29 - 2017-08-04 12:30 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-08-01 09:01 - 2017-08-01 09:01 - 000565416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-01 07:44 - 2017-08-01 07:44 - 000000000 ____D C:\Users\Chris\AppData\Local\Publishers
2017-08-01 07:23 - 2017-08-01 07:23 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-TT96U0C-Windows-10-Home-(64-bit).dat
2017-08-01 07:23 - 2017-08-01 07:23 - 000000000 ____D C:\RegBackup
2017-08-01 06:12 - 2017-08-15 17:00 - 000002239 _____ C:\Users\Chris\Desktop\Tweaking.com - Windows Repair.lnk
2017-08-01 06:11 - 2017-08-01 06:11 - 000000574 _____ C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2017-08-01 06:11 - 2017-08-01 06:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-08-01 06:11 - 2017-08-01 06:11 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2017-07-31 20:35 - 2017-08-13 05:54 - 000001591 _____ C:\Users\Chris\Desktop\Install Kaspersky Anti-Virus version 17.0.0.611.lnk
2017-07-31 20:29 - 2017-07-31 20:29 - 000000000 ____D C:\Program Files (x86)\Panda Security
2017-07-31 20:28 - 2017-07-31 20:29 - 000000000 ____D C:\ProgramData\Panda Security
2017-07-31 20:26 - 2017-08-13 12:53 - 000001249 _____ C:\Users\Chris\Desktop\IM-Magic Partition Resizer Free.lnk
2017-07-31 20:26 - 2017-07-31 20:26 - 000000000 ____D C:\Program Files\IM-Magic
2017-07-31 20:21 - 2017-07-31 20:21 - 000000000 ____D C:\Users\Chris\AppData\Local\Zemana
2017-07-31 09:45 - 2017-08-15 09:58 - 000000000 ____D C:\AdwCleaner
2017-07-31 09:45 - 2017-07-31 09:45 - 000000000 ____D C:\Users\Chris\AppData\Roaming\AVAST Software
2017-07-31 09:43 - 2017-08-02 12:29 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150170579535903
2017-07-31 09:42 - 2017-07-31 09:44 - 000126352 _____ C:\TDSSKiller.3.1.0.15_31.07.2017_09.42.40_log.txt
2017-07-31 09:40 - 2017-08-04 15:07 - 000000000 ____D C:\ProgramData\AVAST Software
2017-07-30 21:08 - 2017-07-30 21:08 - 000000000 ____D C:\Users\Chris\Desktop\OpenOffice 4.1.3 (en-US) Installation Files
2017-07-29 18:32 - 2017-08-15 17:00 - 000001953 _____ C:\Users\Public\Desktop\Defraggler.lnk
2017-07-29 18:32 - 2017-07-29 18:32 - 000000000 ____D C:\Program Files\Defraggler
2017-07-29 06:02 - 2017-07-31 20:33 - 000000000 ____D C:\Users\TEMP.DESKTOP-TT96U0C.003
2017-07-29 06:02 - 2017-07-29 06:02 - 000000020 ___SH C:\Users\TEMP.DESKTOP-TT96U0C.003\ntuser.ini
2017-07-28 16:58 - 2017-07-31 20:33 - 000000000 ____D C:\Users\TEMP.DESKTOP-TT96U0C.002
2017-07-28 16:58 - 2017-07-28 16:58 - 000000020 ___SH C:\Users\TEMP.DESKTOP-TT96U0C.002\ntuser.ini
2017-07-28 15:55 - 2017-07-28 15:56 - 000126352 _____ C:\TDSSKiller.3.1.0.15_28.07.2017_15.55.30_log.txt
2017-07-27 10:39 - 2017-07-27 10:40 - 295249968 _____ (Acronis) C:\Users\Chris\Downloads\atih_installer_hd_4061_en-US.exe
2017-07-27 10:38 - 2017-07-27 10:39 - 000000900 _____ C:\Users\Chris\Desktop\Allway_Sync.lnk
2017-07-27 10:17 - 2017-07-27 10:17 - 000001150 _____ C:\Users\Chris\Desktop\Brain Workshop.lnk
2017-07-27 10:17 - 2017-07-27 10:17 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Brain Workshop
2017-07-27 10:17 - 2017-07-27 10:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brain Workshop
2017-07-27 10:17 - 2017-07-27 10:17 - 000000000 ____D C:\Program Files (x86)\Brain Workshop
2017-07-27 09:54 - 2017-07-31 20:33 - 000000000 ____D C:\Users\TEMP.DESKTOP-TT96U0C.001
2017-07-27 09:54 - 2017-07-27 09:54 - 000000020 ___SH C:\Users\TEMP.DESKTOP-TT96U0C.001\ntuser.ini
2017-07-27 09:51 - 2017-07-27 09:51 - 000024576 _____ C:\WINDOWS\system32\UserMgrLog.etl
2017-07-27 09:51 - 2017-07-27 09:51 - 000006144 _____ C:\WINDOWS\system32\umstartup.etl
2017-07-27 09:46 - 2017-08-01 06:31 - 000000000 ____D C:\Users\TEMP.DESKTOP-TT96U0C.000
2017-07-27 09:14 - 2017-07-31 20:33 - 000000000 ____D C:\Users\TEMP.DESKTOP-TT96U0C
2017-07-27 09:14 - 2017-07-27 09:14 - 000000020 ___SH C:\Users\TEMP.DESKTOP-TT96U0C\ntuser.ini
2017-07-27 09:12 - 2017-07-27 09:12 - 000006064 _____ C:\TDSSKiller.3.1.0.15_27.07.2017_09.12.32_log.txt
2017-07-27 09:11 - 2017-07-27 09:11 - 000000562 _____ C:\TDSSKiller.3.1.0.15_27.07.2017_09.11.05_log.txt
2017-07-27 09:09 - 2017-07-27 09:09 - 000000000 ____D C:\TDSSKiller_Quarantine
2017-07-27 09:06 - 2017-07-27 09:10 - 000406738 _____ C:\TDSSKiller.3.1.0.15_27.07.2017_09.06.20_log.txt
2017-07-27 08:57 - 2017-07-27 08:58 - 000026604 _____ C:\TDSSKiller.3.1.0.15_27.07.2017_08.57.46_log.txt
2017-07-27 07:52 - 2017-07-27 07:52 - 000000000 ____D C:\Users\Chris\AppData\Local\Macromedia
2017-07-27 07:47 - 2017-08-03 09:13 - 000000000 ____D C:\Users\Chris\AppData\Local\Adobe
2017-07-27 05:11 - 2017-07-27 05:11 - 000000000 ____D C:\Users\TEMP\Documents\AEGIS II
2017-07-27 05:11 - 2017-07-27 05:11 - 000000000 ____D C:\Users\TEMP\AppData\Local\ASUS
2017-07-27 05:09 - 2017-07-31 20:33 - 000000000 ____D C:\Users\TEMP
2017-07-27 05:09 - 2017-07-27 05:09 - 000000020 ___SH C:\Users\TEMP\ntuser.ini
2017-07-26 13:13 - 2017-08-09 10:32 - 000000738 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-07-26 13:13 - 2017-08-09 10:32 - 000000726 _____ C:\Users\Chris\Desktop\Windows 10 Update Assistant.lnk
2017-07-26 10:50 - 2017-07-26 10:50 - 000057724 _____ C:\Users\Chris\Documents\cc_20170726_105000.reg
2017-07-26 10:18 - 2017-08-13 11:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-07-26 10:17 - 2017-08-13 11:18 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-26 09:31 - 2017-07-26 09:55 - 000000000 ____D C:\Users\Chris\AppData\Roaming\ImgBurn
2017-07-26 09:20 - 2017-08-08 19:47 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2017-07-26 09:18 - 2017-07-26 09:18 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Logitech
2017-07-26 09:16 - 2017-07-26 09:23 - 000000000 ____D C:\Program Files\Logitech
2017-07-26 09:16 - 2017-07-26 09:18 - 000000000 ____D C:\Users\Chris\AppData\Roaming\LogiShrd
2017-07-26 09:16 - 2017-07-26 09:16 - 000000000 ____D C:\Users\Chris\AppData\Local\CEF
2017-07-26 09:15 - 2017-07-26 09:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-07-26 09:15 - 2017-07-26 09:19 - 000000000 ____D C:\ProgramData\LogiShrd
2017-07-26 09:14 - 2017-08-14 09:52 - 000001941 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2017-07-26 09:14 - 2017-08-07 11:46 - 000001953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2017-07-26 09:14 - 2017-07-26 09:20 - 000000000 ____D C:\Program Files\Common Files\LogiShrd
2017-07-26 09:14 - 2017-07-26 09:14 - 000000000 ____D C:\Program Files (x86)\ImgBurn
2017-07-26 06:35 - 2017-07-26 06:35 - 000478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\402E7A16.sys
2017-07-26 06:35 - 2017-07-26 06:35 - 000000000 ____D C:\KVRT_Data
2017-07-26 05:45 - 2017-07-26 05:45 - 000000544 _____ C:\WINDOWS\system32\.crusader
2017-07-26 04:43 - 2017-08-11 10:26 - 000000000 ____D C:\ESD
2017-07-26 02:30 - 2017-08-11 10:44 - 000000000 _____ C:\Recovery.txt
2017-07-25 19:15 - 2017-08-01 04:48 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-07-25 19:15 - 2017-07-26 10:02 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-07-25 19:15 - 2017-07-25 19:15 - 000000000 ____D C:\Program Files\McAfee.com
2017-07-25 19:15 - 2017-07-25 19:15 - 000000000 ____D C:\Program Files\Common Files\AV
2017-07-25 16:56 - 2017-07-25 16:56 - 000000000 ____D C:\Users\Chris\Computer
2017-07-25 16:55 - 2017-08-05 12:14 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-07-25 16:55 - 2017-08-05 12:14 - 000001969 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-07-25 16:55 - 2017-07-25 16:55 - 000000000 ____D C:\Users\Chris\AppData\Local\DBG
2017-07-25 16:55 - 2017-07-25 16:55 - 000000000 ____D C:\Program Files\HitmanPro
2017-07-25 16:54 - 2017-07-26 05:45 - 000000000 ____D C:\ProgramData\HitmanPro
2017-07-25 16:22 - 2017-07-31 20:34 - 000000000 ____D C:\Program Files (x86)\ClamWin
2017-07-25 14:14 - 2017-08-11 10:38 - 000000000 ____D C:\$Windows.~BT
2017-07-25 13:53 - 2017-07-25 13:53 - 000000000 ____D C:\Users\Chris\AppData\Local\VirtualStore

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-16 11:30 - 2017-01-31 16:50 - 000000000 ____D C:\Users\Chris\AppData\LocalLow\Mozilla
2017-08-16 11:19 - 2017-07-13 10:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-16 11:11 - 2017-07-13 12:19 - 000001051 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-16 05:26 - 2017-07-13 12:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-16 05:21 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-16 05:19 - 2016-06-01 05:39 - 000338824 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-16 05:15 - 2017-07-13 10:35 - 000217864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-16 05:11 - 2017-07-13 11:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-15 17:35 - 2017-07-13 10:10 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2017-08-15 17:06 - 2016-09-29 21:07 - 000349910 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-08-15 15:46 - 2017-07-13 12:29 - 000001025 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-08-15 09:57 - 2017-07-13 10:23 - 000000000 ____D C:\WINDOWS\INF
2017-08-14 16:22 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_118
2017-08-13 21:29 - 2017-07-13 12:25 - 000000000 ____D C:\Users\Chris\AppData\Local\ElevatedDiagnostics
2017-08-13 20:49 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_422
2017-08-13 12:55 - 2017-07-13 12:43 - 000001223 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-08-13 11:32 - 2017-07-13 10:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-13 11:32 - 2017-07-13 10:24 - 000000000 ___RD C:\Program Files\Windows Defender
2017-08-13 11:32 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-13 11:32 - 2017-07-13 10:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-13 11:32 - 2017-07-13 10:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-13 11:32 - 2017-07-13 10:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-08-13 11:22 - 2017-07-13 10:24 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-13 11:22 - 2017-07-13 10:15 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-13 10:45 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_294
2017-08-13 06:33 - 2017-07-13 12:58 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-08-11 10:26 - 2017-07-13 10:09 - 000000000 ____D C:\WINDOWS\Panther
2017-08-11 09:53 - 2017-07-13 10:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-08-11 09:53 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-08-11 09:15 - 2016-09-29 21:26 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-08-11 09:15 - 2016-09-29 21:26 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-08-11 09:10 - 2016-09-29 21:09 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-11 09:09 - 2017-07-13 10:41 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-11 09:01 - 2017-07-13 13:51 - 000000000 ____D C:\ProgramData\APRP
2017-08-10 13:55 - 2017-02-02 12:40 - 000000000 ____D C:\Users\Chris\Desktop\Chris Files
2017-08-09 10:51 - 2017-07-13 10:57 - 000000000 ____D C:\Users\Chris
2017-08-09 10:32 - 2017-07-13 12:23 - 000000000 ____D C:\Windows10Upgrade
2017-08-07 12:24 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_987
2017-08-05 17:20 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_616
2017-08-05 10:01 - 2017-03-06 07:44 - 000000000 ____D C:\Computer
2017-08-04 16:31 - 2008-02-19 17:10 - 000081920 _____ (Soeperman Enterprises Ltd.) C:\Users\Chris\Desktop\BFU.exe
2017-08-03 14:09 - 2017-07-13 10:40 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-08-03 14:09 - 2017-07-13 10:40 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-08-03 14:09 - 2016-09-29 21:03 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-08-03 13:15 - 2016-06-01 05:41 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-03 11:48 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_658
2017-08-03 09:13 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-03 09:13 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-02 18:52 - 2017-07-13 11:10 - 000000000 ____D C:\Users\Chris\AppData\Local\packages
2017-08-01 12:32 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_846
2017-08-01 10:39 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_455
2017-08-01 07:38 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_496
2017-08-01 07:28 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_60
2017-07-31 20:34 - 2017-07-13 13:08 - 000000270 _____ C:\WINDOWS\Tasks\McAfeeLogon.job
2017-07-31 20:34 - 2017-07-13 10:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-07-31 20:34 - 2017-07-13 10:10 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-31 20:34 - 2016-06-01 05:51 - 000000000 ____D C:\ProgramData\McAfee
2017-07-31 07:15 - 2017-07-13 10:26 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-31 07:15 - 2017-07-13 10:26 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-26 17:34 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-07-26 17:33 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-07-26 17:32 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\Provisioning
2017-07-26 10:03 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\appcompat
2017-07-25 19:17 - 2016-06-01 05:51 - 000000000 ____D C:\Program Files\mcafee
2017-07-25 19:17 - 2015-10-29 23:24 - 000000124 _____ C:\WINDOWS\win.ini
2017-07-25 19:13 - 2017-07-13 13:07 - 000000000 _____ C:\Users\Chris\AppData\Roaming\MCVi2UserDetail.ini

==================== Files in the root of some directories =======

2017-08-11 13:59 - 2017-08-11 13:59 - 000000706 _____ () C:\Program Files (x86)\LMIR0002.tmp.bat
2017-08-11 13:59 - 2017-08-11 13:59 - 000000514 _____ () C:\Program Files (x86)\LMIR0002.tmp_r.bat
2017-07-13 13:07 - 2017-07-25 19:13 - 000000000 _____ () C:\Users\Chris\AppData\Roaming\MCVi2UserDetail.ini
2017-08-06 06:12 - 2017-07-11 12:36 - 004784320 _____ (COMODO) C:\ProgramData\cis681E.exe
2017-08-06 06:12 - 2017-07-11 12:41 - 000365248 _____ (COMODO) C:\ProgramData\cmdres.dll
2017-07-13 10:40 - 2017-07-13 10:40 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\ProgramData\cis681E.exe
C:\ProgramData\cmdres.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-13 21:28

==================== End of FRST.txt ============================
 
FRST Addition:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017
Ran by Chris (16-08-2017 11:49:37)
Running from C:\Users\Chris\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-13 19:07:26)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-152517617-1602392019-748697119-500 - Administrator - Disabled)
Chris (S-1-5-21-152517617-1602392019-748697119-1001 - Administrator - Enabled) => C:\Users\Chris
DefaultAccount (S-1-5-21-152517617-1602392019-748697119-503 - Limited - Disabled)
Guest (S-1-5-21-152517617-1602392019-748697119-501 - Limited - Disabled)
Test (S-1-5-21-152517617-1602392019-748697119-1006 - Administrator - Enabled) => C:\Users\Test

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AEGIS II - Boost Launcher (HKLM-x32\...\{4829AFF2-F50E-44F6-8BC5-C985F2C24CE1}) (Version: 3.00.06 - ASUSTeK Computer Inc.)
AEGIS II - GameALive (HKLM-x32\...\{9A689EB4-C4FA-49C1-80A5-EC49A7F43046}) (Version: 3.00.21 - ASUSTeK Computer Inc.)
AEGIS II - Lighting (HKLM-x32\...\{E7691292-4F73-4EC6-A3F8-126BFDC987F5}) (Version: 3.00.19 - ASUSTeK Computer Inc.)
AEGIS II - System Usage (HKLM-x32\...\{E8D6582C-D43C-452A-9F75-1D8C6BC0AA12}) (Version: 3.00.06 - ASUSTeK Computer Inc.)
AEGIS II - Threshold Setting (HKLM-x32\...\{6C5979A6-97A8-4D0C-8A3F-4F49D2A13055}) (Version: 3.00.07 - ASUSTeK Computer Inc.)
AEGIS II (HKLM-x32\...\{A9FDB6CC-F2D6-4903-87BC-1537931F11B0}) (Version: 2.01.04 - ASUSTeK Computer Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.26.1 - Asmedia Technology)
ASUS App Box (HKLM-x32\...\{F0CE6060-50B1-401E-8357-B6E24DB98D21}) (Version: 1.01.09 - ASUSTeK Computer Inc.)
ASUS Command - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.17 - ASUSTeK Computer Inc.)
ASUS Command - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.01.13 - ASUSTeK Computer Inc.)
ASUS Command - Backup & Recovery (HKLM-x32\...\{34D67DE5-2ECF-4E6B-A243-2C16E2792787}) (Version: 2.01.17 - ASUSTeK Computer Inc.)
ASUS Command - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.01.18 - ASUSTeK Computer Inc.)
ASUS Command - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.02.09 - ASUSTeK Computer Inc.)
ASUS Command - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.05.05 - ASUSTeK Computer Inc.)
ASUS Command (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.11.01 - ASUSTeK Computer Inc.)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Brain Workshop 4.8.4 (HKLM-x32\...\Brain Workshop_is1) (Version: 4.8.4 - Paul Hoskinson & Jonathan Toomim)
Capture NX-D (HKLM\...\{2D088846-B670-47AF-91C3-76E0B3E887C3}) (Version: 1.4.5 - Nikon Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.1 - ASUSTek Computer Inc.)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Exact Audio Copy 1.3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.3 - Andre Wiethoff)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IM-Magic Partition Resizer Free 2017 (HKLM-x32\...\IM_Magic_PR) (Version: 2017 - IM-Magic Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.879.110515 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0282 - REALTEK Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.1 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.11.399 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} =>  -> No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-10-21] (NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B628FA1-549D-4AB8-9BD8-F978449E7B8B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {0CAAD5B0-D99B-45EB-87E4-73549342B363} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe [2013-04-02] (ASUSTek Computer Inc.)
Task: {10560CE2-E384-4320-97E8-19B31B4DBB1C} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {16CC14BF-CC6F-48C0-99F5-21374547D563} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {191706EB-30DC-4CAF-9893-F99418BBC7E7} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-25] (ASUSTek Computer Inc.)
Task: {2B92089D-CED5-4F82-AFED-E256DD0520B5} - System32\Tasks\ASUS\ASUS OCULUS WIZARD HELPER => C:\PROGRAM FILES (X86)\ASUS\ASUS OCULUS WIZARD\ASOCULUSCHECK.EXE [2016-03-01] (ASUSTeK COMPUTER INC.)
Task: {3460E8CD-20E9-43A4-A7C6-CCD63FA30440} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {44246604-2AB2-4C62-A479-F4378B68C683} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [2015-11-30] ()
Task: {54BE101E-6C08-4D15-9F42-581CE7CF6E61} - System32\Tasks\ASUS\AEGIS_II Lighting CD_Rom Execute => C:\Program Files (x86)\ASUS\AEGIS II\Lighting\CheckCD_RomLighting.exe [2015-09-24] ()
Task: {6B08E212-2D20-4F63-9D62-D12877E02A82} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2014-03-19] (ASUSTeK Computer Inc.)
Task: {6CAB5548-69C1-4334-8A23-803A1234FE6F} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2016-07-15] ()
Task: {743D16EB-F3A0-4AC3-BE93-1D9FC1705DA6} - System32\Tasks\ASUS\AEGIS II Matrix => C:\Program Files (x86)\ASUS\AEGIS II\LaunchAtStartupHelper.exe [2015-03-13] ()
Task: {7D2DD800-8017-440A-A0C0-B2B100A2921B} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2016-07-15] ()
Task: {886FF21B-CC5A-4C8D-A0D0-9DDC74846B56} - System32\Tasks\ASUS\AEGIS_II Lighting AudioDetect Execute => C:\Program Files (x86)\ASUS\AEGIS II\Lighting\AudioDetect.exe [2015-08-11] ()
Task: {8B9AF170-7ECC-4CAC-9C5A-CB24A9BBE8FF} - System32\Tasks\ASUS\AEGIS II SysInfo Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_SysMode.exe [2015-04-22] (ASUSTeK Computer Inc.)
Task: {9CEE68ED-04C8-4A8B-BA29-6CD6A66B4893} - System32\Tasks\ASUS\AEGIS II - Boost Launcher => C:\Program Files (x86)\ASUS\AEGIS II\Boost Launcher\BLMonitor.exe [2015-04-20] ()
Task: {A55F1505-34B4-4F2C-BE01-4DD24CA7DEFC} - System32\Tasks\ASUS\AEGIS II Alert Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AlertService.exe [2015-02-12] (ASUSTeK Computer Inc.)
Task: {BA7CA5FE-D2D8-4E7F-9BF9-0232A5F9B4A0} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2015-02-02] ()
Task: {C4FF6099-B11B-44C3-AA26-505D6EB896BF} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: {D8D6D13E-77BE-4CD6-847D-4702B46FBCA3} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {D9381437-6969-4980-A387-7577DF0B9E42} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {ECE215FD-6E46-40E1-A30E-7115D976CA28} - System32\Tasks\ASUS\AEGIS II System Level Up Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AsSysLevelUpSrc.exe [2015-02-12] (ASUSTeK Computer Inc.)
Task: {F7D34C1C-01D9-4926-B6A9-00745D9FD45D} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {F9FFEA1C-F81F-4201-8459-243C4178F9D8} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe [2015-07-07] (ASUSTeK)
Task: {FAD02530-D87F-4153-B436-147D74696532} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {FF3D5825-9974-4855-B0BA-D16E610357BE} - System32\Tasks\ASUS\AEGIS II Toast Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AsToastHelper.exe [2015-02-12] (ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\ProgramData\cis681E.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DriverMax Notification.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\McAfeeLogon.job => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2010-07-14 20:44 - 2010-07-14 20:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-09-29 21:16 - 2014-08-27 14:48 - 000907776 _____ () C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandler.dll
2016-06-01 05:41 - 2015-04-20 17:06 - 000860160 _____ () C:\Windows\BoostLauncherMenu\x64\ContextMenuHandler.dll
2017-03-18 12:58 - 2017-03-18 12:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 12:59 - 2017-03-18 18:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
river"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\402E7A16.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21560227.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\402E7A16.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-29 23:24 - 2017-08-15 17:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-152517617-1602392019-748697119-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\Pictures\Wallpapers & Images\Large Photos & Wallpaper\Makena Cove_Maui, HI.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: USODiskOptimizer => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "LogiOptions"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "StereoLinksInstall"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKU\S-1-5-21-152517617-1602392019-748697119-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-152517617-1602392019-748697119-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6C58AD39-6523-43CE-BC83-FC45743E9497}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7F93AC36-F4C0-40C7-A661-90DE1C235E18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B066A2A0-D80D-44D5-8940-701F4F39071B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D689FB5E-4CB8-428E-886B-929853229E93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{71539D78-CBB0-41B7-80FA-FF77B66B3E40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{49F82B16-E081-4952-B1A5-3006409BC5AE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{87D0D4EB-2201-4AD1-9F0D-A80E2C736282}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AA203F70-3DCC-4115-9D87-F29EB8838AA3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4A64472A-1823-4083-856E-B050325CE72D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{19DF0BB3-5279-424A-AD7C-E4C18715CD7C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3586D135-8F0E-4530-BF1A-D42BAC1BEE03}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2017 05:35:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: DESKTOP-TT96U0C)
Description: Installing the performance counter strings for service BITS () failed. The first DWORD in the Data section contains the error code.

Error: (08/15/2017 05:23:06 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupStorageModificationEvent" whose target class "WSP_ReplicationGroupStorageModificationEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Error: (08/15/2017 05:23:06 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupStorageDepartureEvent" whose target class "WSP_ReplicationGroupStorageDepartureEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Error: (08/15/2017 05:23:06 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupStorageArrivalEvent" whose target class "WSP_ReplicationGroupStorageArrivalEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Error: (08/15/2017 05:23:06 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from WSP_ReplicationGroupStorageModificationEvent" whose target class "WSP_ReplicationGroupStorageModificationEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Error: (08/15/2017 05:23:06 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from WSP_ReplicationGroupStorageDepartureEvent" whose target class "WSP_ReplicationGroupStorageDepartureEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Error: (08/15/2017 05:23:06 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from WSP_ReplicationGroupStorageArrivalEvent" whose target class "WSP_ReplicationGroupStorageArrivalEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Error: (08/15/2017 05:23:06 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider wsp_health attempted to register query "select * from WSP_StorageHealthStatusChangeEvent" whose target class "WSP_StorageHealthStatusChangeEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Error: (08/15/2017 05:23:06 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider wsp_health attempted to register query "select * from WSP_StorageFaultEvent" whose target class "WSP_StorageFaultEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Error: (08/15/2017 05:23:06 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider wsp_health attempted to register query "select * from WSP_HealthActionEvent" whose target class "WSP_HealthActionEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.


System errors:
=============
Error: (08/16/2017 11:50:08 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/16/2017 11:50:02 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/16/2017 11:49:38 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/16/2017 11:49:38 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/16/2017 11:49:34 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/16/2017 11:49:34 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/16/2017 11:49:34 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/16/2017 11:48:13 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/16/2017 11:48:13 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/16/2017 11:48:13 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}


CodeIntegrity:
===================================
  Date: 2017-08-06 05:57:33.896
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-06 05:57:29.697
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-06 05:57:27.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-06 05:55:30.973
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-06 05:55:30.962
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-06 05:55:30.956
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-06 05:54:24.049
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 9%
Total physical RAM: 16313.24 MB
Available physical RAM: 14715.38 MB
Total Virtual: 18745.24 MB
Available Virtual: 17345.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.91 GB) (Free:536.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 27B0BCE0)

Partition: GPT.

==================== End of Addition.txt ============================
 
*     *     *
 
Hopefully this meets the expected Posting Criteria...and I appreciate your help!
 
-- S.B.

Edited by Orange Blossom, 16 August 2017 - 03:37 PM.
Move to Log forum and merged topics. ~ OB


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 20 August 2017 - 09:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I would like you to run the Farbar program in Normal Mode.
If possiblyi please run it and post Fresh FRST.txt and Addition.txt logs for my review.

p.s.
To create a new Addition.txt make sure the the Box to create it is marked.

===

If not successful please run this tool in Safe mode and post the log for my review.

#4 SquidBoy02

SquidBoy02
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bay Area - San Francisco, CA
  • Local time:10:43 AM

Posted 20 August 2017 - 09:56 AM

Hi, nasdaq...

 

 

I'm unable to enter Normal Mode after the MS Windows Home Update to Creator's Update v.1703 - Failed...hence the need for this forum's help.

 

 

As noted in your response, I'll run the Farbar program in Safe Mode and post Fresh FRST.txt and Addition.txt logs for your review...attached...this post.

 

 

*Also*...

 

 

#1 - Any attempt to analyze the Master Boot Record by using Avast - (aswmbr) - or GMER...crashes the system when run in Safe Mode.

 

 

#2 - There are two accounts, and the Test Account was created by a Level 2 Microsoft Service Tech using Remote Control of the System after the Update Failed and I contacted them.

 

 

*     *     *

 

Please see Log Files, below...

 

 

Thanks,

 

 

--S.B.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Chris (administrator) on DESKTOP-TT96U0C (20-08-2017 06:39:06)
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available Profiles: Chris & Test)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\Chris\Desktop\FRSTx64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-06-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-08-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2110584 2017-07-11] (Logitech, Inc.)
HKLM\...\RunOnce: [Unattend0000000001{BDBA2598-FFDF-44BB-ACA0-C485734F561D}] => %windir%\System32\OEM\EnableModelName.cmd
HKLM\...\RunOnce: [Unattend0000000002{E18EF1E3-7619-4564-B52F-D76AF73B4D1E}] => %windir%\System32\OEM\Setup1.cmd
HKLM\...\RunOnce: [Unattend0000000004{BEA27276-D940-42E3-AA15-62F8904CB600}] => %windir%\System32\OEM\Setup3.cmd
HKLM\...\RunOnce: [Unattend0000000006{BA003FA0-C81A-4D8D-A16D-457AC405A355}] => %windir%\Panther\CleanIcon_Tool.cmd
HKLM\...\RunOnce: [GrpConv] => grpconv -o
HKLM\...\RunOnce: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => C:\ProgramData\cis681E.exe [4784320 2017-07-11] (COMODO)
HKLM\...\RunOnce: [811_13479801549542] => C:\Program Files (x86)\LMIR0002.tmp_r.bat [514 2017-08-11] ()
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-152517617-1602392019-748697119-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-152517617-1602392019-748697119-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].tx
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76
Tcpip\..\Interfaces\{fa7e5147-c4e7-49f4-8d5a-3f4bd9c613b0}: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-152517617-1602392019-748697119-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-152517617-1602392019-748697119-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF DefaultProfile: dvvqihha.default
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dvvqihha.default [2017-08-20]
FF Homepage: Mozilla\Firefox\Profiles\dvvqihha.default -> hxxps://www.google.com/
FF Extension: (Disable Ads) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dvvqihha.default\Extensions\@com.virtualjame.disableads.xpi [2017-08-03]
FF Extension: (SafeSearch Incognito) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dvvqihha.default\Extensions\@sduixcjksd.xpi [2017-07-28]
FF Extension: (Firefox Search Test) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dvvqihha.default\Extensions\firefoxsearchtest@mozilla.com.xpi [2017-07-13]
FF Extension: (FireShot) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dvvqihha.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2017-08-02]
FF Extension: (WOT) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dvvqihha.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2017-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-07-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-08-03] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-08-03] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default [2017-08-19]
CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-13]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-13]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-13]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-13]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-07-26]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-13]
CHR Extension: (Google Docs Offline) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-13]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-13]
CHR Extension: (Chrome Media Router) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()
S4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-19] (ASUS Cloud Corporation) [File not signed]
S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-20] ()
S2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-06-29] (Foxit Software Inc.)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-08-15] (NVIDIA Corporation)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S4 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-08-15] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-08-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-08-15] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 402E7A16; C:\WINDOWS\System32\drivers\402E7A16.sys [478392 2017-07-26] (Kaspersky Lab ZAO)
S3 AiChargerDT; C:\Windows\SysWow64\drivers\AiChargerDT.sys [14880 2012-10-18] (ASUSTek Computer Inc.)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
R0 assdv2; C:\WINDOWS\System32\DRIVERS\assdv2.sys [30040 2015-09-07] (ASUS)
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2017-08-05] ()
S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvak.inf_amd64_791beb67a268df58\nvlddmkm.sys [14145584 2016-11-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-08-15] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-08-15] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-28] (Realtek )
S3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [607488 2016-02-25] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-20 06:15 - 2017-08-20 06:16 - 000029192 _____ C:\WINDOWS\ntbtlog.txt
2017-08-19 16:22 - 2017-08-19 16:22 - 000245816 _____ (Mozilla) C:\Users\Chris\Downloads\Firefox Installer.exe
2017-08-19 16:22 - 2017-08-19 16:22 - 000245816 _____ (Mozilla) C:\Users\Chris\Downloads\Firefox Installer (1).exe
2017-08-19 16:22 - 2017-08-19 16:22 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-19 16:22 - 2017-08-19 16:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-19 16:22 - 2017-08-19 16:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-18 09:59 - 2017-08-18 10:00 - 000000093 _____ C:\Users\Chris\Desktop\Driver Key - Realtek Audio.txt
2017-08-18 07:39 - 2017-08-18 07:40 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Foxit Software
2017-08-18 07:39 - 2017-08-18 07:39 - 000001431 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-08-18 07:39 - 2017-08-18 07:39 - 000000000 ____D C:\Users\Public\Foxit Software
2017-08-18 07:39 - 2017-08-18 07:39 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Foxit AgentInformation
2017-08-18 07:39 - 2017-08-18 07:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-08-18 07:39 - 2017-08-18 07:39 - 000000000 ____D C:\ProgramData\Foxit Software
2017-08-18 07:39 - 2017-08-18 07:39 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2017-08-18 07:39 - 2017-08-18 07:39 - 000000000 ____D C:\Program Files (x86)\Foxit Software
2017-08-18 05:10 - 2017-08-18 05:11 - 000003087 _____ C:\Users\Chris\Desktop\FSS.txt
2017-08-17 06:46 - 2017-08-17 06:46 - 007801424 _____ (Tweaking.com) C:\Users\Chris\Desktop\tweaking.com_hardware_identify_setup.exe
2017-08-16 12:21 - 2017-08-16 12:21 - 000161586 _____ C:\Users\Chris\Desktop\Bleeping Post #2.txt
2017-08-16 11:48 - 2017-08-20 06:39 - 000014329 _____ C:\Users\Chris\Desktop\FRST.txt
2017-08-16 11:43 - 2017-08-20 06:35 - 000000000 ____D C:\Users\Chris\Desktop\FRST-OlderVersion
2017-08-16 11:14 - 2017-08-16 11:39 - 000150308 _____ C:\TDSSKiller.3.1.0.15_16.08.2017_11.14.11_log.txt
2017-08-15 14:12 - 2017-08-15 14:13 - 000000000 ____D C:\Users\Chris\Desktop\CisReport_x64_v10.0.1.6258_20170805-163314
2017-08-15 14:10 - 2017-08-15 14:12 - 000000000 ____D C:\Users\Chris\Desktop\tweaking.com_registry_backup_portable
2017-08-15 13:45 - 2017-08-15 13:45 - 000000000 ____D C:\Users\Chris\AppData\Local\ESET
2017-08-15 13:44 - 2017-08-15 13:44 - 000781312 _____ C:\Users\Chris\Desktop\delfix_1.010.exe
2017-08-15 13:41 - 2017-08-15 13:41 - 035688304 _____ (Adlice Software ) C:\Users\Chris\Desktop\RogueKiller_setup.exe
2017-08-15 13:07 - 2017-08-15 13:07 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Chris\Desktop\esetonlinescanner_enu.exe
2017-08-15 12:23 - 2017-08-15 12:49 - 000287692 _____ C:\TDSSKiller.3.1.0.15_15.08.2017_12.23.33_log.txt
2017-08-15 09:29 - 2017-08-15 09:32 - 000002200 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2017-08-15 09:29 - 2017-08-15 09:29 - 000002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2017-08-15 09:29 - 2017-08-15 09:29 - 000000000 ____D C:\Program Files (x86)\Belarc
2017-08-14 09:59 - 2017-08-14 09:59 - 000000000 _____ C:\Users\Chris\Desktop\Results of GMER Scan - 08_14_2017.txt
2017-08-14 09:45 - 2017-08-14 09:45 - 338425856 _____ C:\Users\Chris\Desktop\Grover.iso
2017-08-13 12:25 - 2017-08-16 11:50 - 000035470 _____ C:\Users\Chris\Desktop\Addition.txt
2017-08-13 12:20 - 2017-08-20 06:39 - 000000000 ____D C:\FRST
2017-08-13 12:20 - 2017-08-20 06:35 - 002395648 _____ (Farbar) C:\Users\Chris\Desktop\FRSTx64.exe
2017-08-13 11:17 - 2017-07-31 18:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-13 11:17 - 2017-07-27 20:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-13 11:16 - 2017-07-31 18:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-13 11:16 - 2017-07-31 18:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-13 11:16 - 2017-07-31 18:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-13 11:16 - 2017-07-31 18:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-13 11:16 - 2017-07-31 18:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-13 11:16 - 2017-07-31 18:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-13 11:16 - 2017-07-31 18:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-13 11:16 - 2017-07-31 18:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-13 11:16 - 2017-07-31 18:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-13 11:16 - 2017-07-31 18:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-13 11:16 - 2017-07-31 18:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-13 11:16 - 2017-07-31 18:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-13 11:16 - 2017-07-31 18:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-13 11:16 - 2017-07-31 18:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-13 11:16 - 2017-07-31 18:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-13 11:16 - 2017-07-31 18:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-13 11:16 - 2017-07-31 18:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-13 11:16 - 2017-07-31 18:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-13 11:16 - 2017-07-31 18:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-13 11:16 - 2017-07-31 18:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-13 11:16 - 2017-07-31 18:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-13 11:16 - 2017-07-31 18:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-13 11:16 - 2017-07-31 18:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-13 11:16 - 2017-07-31 18:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-13 11:16 - 2017-07-31 18:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-13 11:16 - 2017-07-31 17:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-13 11:16 - 2017-07-31 14:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-13 11:16 - 2017-07-27 21:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-13 11:16 - 2017-07-27 21:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-13 11:16 - 2017-07-27 21:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-13 11:16 - 2017-07-27 21:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-13 11:16 - 2017-07-27 20:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-13 11:16 - 2017-07-27 20:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-13 11:16 - 2017-07-27 20:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-13 11:16 - 2017-07-27 20:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-13 11:16 - 2017-07-27 20:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-13 11:16 - 2017-07-27 20:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-13 11:16 - 2017-07-27 20:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-13 11:16 - 2017-07-27 20:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-13 11:16 - 2017-07-27 20:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-13 11:16 - 2017-07-27 20:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-13 11:16 - 2017-07-27 20:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-13 11:16 - 2017-07-27 20:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-13 11:16 - 2017-07-27 20:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-13 11:16 - 2017-07-27 20:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-13 11:16 - 2017-07-27 20:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-13 11:16 - 2017-07-27 20:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-13 11:16 - 2017-07-27 20:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-13 11:16 - 2017-07-27 20:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-13 11:16 - 2017-07-27 20:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-13 11:16 - 2017-07-27 20:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-13 11:16 - 2017-07-27 20:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-13 11:16 - 2017-07-27 20:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-13 11:16 - 2017-07-27 20:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-13 11:16 - 2017-07-27 20:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-13 11:16 - 2017-07-27 20:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-13 11:16 - 2017-07-27 20:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-13 11:16 - 2017-07-27 20:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-13 11:16 - 2017-07-27 20:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-13 11:16 - 2017-07-27 20:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-13 11:16 - 2017-07-27 20:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-13 11:16 - 2017-07-27 20:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-13 11:16 - 2017-07-27 20:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-13 11:16 - 2017-07-27 20:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-13 11:16 - 2017-07-27 20:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-13 11:16 - 2017-07-27 20:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-13 11:16 - 2017-07-27 20:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-13 11:16 - 2017-07-27 20:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-13 11:16 - 2017-07-27 20:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-13 11:16 - 2017-07-27 20:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-13 11:16 - 2017-07-27 20:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-13 11:16 - 2017-07-27 20:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-13 11:16 - 2017-07-27 20:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-13 11:16 - 2017-07-27 20:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-13 11:16 - 2017-07-27 20:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-13 11:16 - 2017-07-27 20:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-13 11:16 - 2017-07-27 20:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-13 11:16 - 2017-07-27 20:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-13 11:16 - 2017-07-27 20:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-13 11:16 - 2017-07-27 20:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-13 11:16 - 2017-07-27 20:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-13 11:15 - 2017-07-31 18:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-13 11:15 - 2017-07-31 18:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-13 11:15 - 2017-07-31 18:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-13 11:15 - 2017-07-31 18:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-13 11:15 - 2017-07-31 18:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-13 11:15 - 2017-07-31 18:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-13 11:15 - 2017-07-31 18:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-13 11:15 - 2017-07-31 18:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-13 11:15 - 2017-07-31 18:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-13 11:15 - 2017-07-31 18:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-13 11:15 - 2017-07-31 18:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-13 11:15 - 2017-07-31 18:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-13 11:15 - 2017-07-31 18:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-13 11:15 - 2017-07-31 18:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-13 11:15 - 2017-07-31 18:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-13 11:15 - 2017-07-31 18:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-13 11:15 - 2017-07-31 18:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-13 11:15 - 2017-07-31 18:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-13 11:15 - 2017-07-31 18:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-13 11:15 - 2017-07-31 18:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-13 11:15 - 2017-07-31 18:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-13 11:15 - 2017-07-31 18:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-13 11:15 - 2017-07-31 18:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-13 11:15 - 2017-07-31 18:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-13 11:15 - 2017-07-31 18:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-13 11:15 - 2017-07-31 17:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-13 11:15 - 2017-07-31 17:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-13 11:15 - 2017-07-31 17:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-13 11:15 - 2017-07-31 17:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-13 11:15 - 2017-07-31 17:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-13 11:15 - 2017-07-31 17:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-13 11:15 - 2017-07-31 17:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-13 11:15 - 2017-07-31 17:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-13 11:15 - 2017-07-31 17:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-13 11:15 - 2017-07-31 17:41 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2017-08-13 11:15 - 2017-07-31 17:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-13 11:15 - 2017-07-31 17:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-13 11:15 - 2017-07-31 17:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-13 11:15 - 2017-07-31 17:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-13 11:15 - 2017-07-31 17:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-13 11:15 - 2017-07-31 17:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-13 11:15 - 2017-07-31 17:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-13 11:15 - 2017-07-31 17:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-13 11:15 - 2017-07-31 17:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-13 11:15 - 2017-07-31 17:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-13 11:15 - 2017-07-31 17:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-13 11:15 - 2017-07-31 17:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-13 11:15 - 2017-07-31 17:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-13 11:15 - 2017-07-31 17:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-13 11:15 - 2017-07-31 17:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-13 11:15 - 2017-07-31 17:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-13 11:15 - 2017-07-31 17:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-13 11:15 - 2017-07-31 17:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-13 11:15 - 2017-07-31 17:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-13 11:15 - 2017-07-31 17:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-13 11:15 - 2017-07-31 17:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-13 11:15 - 2017-07-31 17:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-13 11:15 - 2017-07-31 17:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-13 11:15 - 2017-07-31 17:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-13 11:15 - 2017-07-31 17:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-13 11:15 - 2017-07-31 17:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-13 11:15 - 2017-07-31 17:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-13 11:15 - 2017-07-31 17:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-13 11:15 - 2017-07-31 17:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-13 11:15 - 2017-07-31 17:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-13 11:15 - 2017-07-31 17:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-13 11:15 - 2017-07-31 17:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-13 11:15 - 2017-07-31 17:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-13 11:15 - 2017-07-31 17:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-13 11:15 - 2017-07-27 21:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-13 11:15 - 2017-07-27 21:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-13 11:15 - 2017-07-27 21:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-13 11:15 - 2017-07-27 21:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-13 11:15 - 2017-07-27 21:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-13 11:15 - 2017-07-27 21:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-13 11:15 - 2017-07-27 21:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-13 11:15 - 2017-07-27 21:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-13 11:15 - 2017-07-27 21:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-13 11:15 - 2017-07-27 21:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-13 11:15 - 2017-07-27 21:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-13 11:15 - 2017-07-27 21:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-13 11:15 - 2017-07-27 21:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-13 11:15 - 2017-07-27 21:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-13 11:15 - 2017-07-27 21:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-13 11:15 - 2017-07-27 21:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-13 11:15 - 2017-07-27 21:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-13 11:15 - 2017-07-27 21:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-13 11:15 - 2017-07-27 21:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-13 11:15 - 2017-07-27 21:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-13 11:15 - 2017-07-27 21:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-13 11:15 - 2017-07-27 21:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-13 11:15 - 2017-07-27 21:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-13 11:15 - 2017-07-27 21:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-13 11:15 - 2017-07-27 21:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-13 11:15 - 2017-07-27 21:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-13 11:15 - 2017-07-27 21:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-13 11:15 - 2017-07-27 21:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-13 11:15 - 2017-07-27 21:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-13 11:15 - 2017-07-27 21:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-13 11:15 - 2017-07-27 21:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-13 11:15 - 2017-07-27 21:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-13 11:15 - 2017-07-27 20:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-13 11:15 - 2017-07-27 20:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-13 11:15 - 2017-07-27 20:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-13 11:15 - 2017-07-27 20:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-13 11:15 - 2017-07-27 20:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-13 11:15 - 2017-07-27 20:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-13 11:15 - 2017-07-27 20:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-13 11:15 - 2017-07-27 20:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-13 11:15 - 2017-07-27 20:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-13 11:15 - 2017-07-27 20:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-13 11:15 - 2017-07-27 20:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-13 11:15 - 2017-07-27 20:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-13 11:15 - 2017-07-27 20:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-13 11:15 - 2017-07-27 20:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2017-08-13 11:15 - 2017-07-27 20:25 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2017-08-13 11:15 - 2017-07-27 20:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-13 11:15 - 2017-07-27 20:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-13 11:15 - 2017-07-27 20:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-13 11:15 - 2017-07-27 20:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-13 11:15 - 2017-07-27 20:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-13 11:15 - 2017-07-27 20:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-13 11:15 - 2017-07-27 20:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-13 11:15 - 2017-07-27 20:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-13 11:15 - 2017-07-27 20:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-13 11:15 - 2017-07-27 20:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-13 11:15 - 2017-07-27 20:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-13 11:15 - 2017-07-27 20:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-13 11:15 - 2017-07-27 20:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-13 11:15 - 2017-07-27 20:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-13 11:15 - 2017-07-27 20:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-13 11:15 - 2017-07-27 20:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-13 11:15 - 2017-07-27 20:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-13 11:15 - 2017-07-27 20:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-13 11:15 - 2017-07-27 20:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-13 11:15 - 2017-07-27 20:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-13 11:15 - 2017-07-27 20:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-13 11:15 - 2017-07-27 20:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-13 11:15 - 2017-07-27 20:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-13 11:15 - 2017-07-27 20:20 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-08-13 11:15 - 2017-07-27 20:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-13 11:15 - 2017-07-27 20:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-13 11:15 - 2017-07-27 20:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-13 11:15 - 2017-07-27 20:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-13 11:15 - 2017-07-27 20:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-13 11:15 - 2017-07-27 20:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-13 11:15 - 2017-07-27 20:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-13 11:15 - 2017-07-27 20:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-13 11:15 - 2017-07-27 20:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-13 11:15 - 2017-07-27 20:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-13 11:15 - 2017-07-27 20:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-13 11:15 - 2017-07-27 20:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-13 11:15 - 2017-07-27 20:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-13 11:15 - 2017-07-27 20:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-13 11:15 - 2017-07-27 20:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-13 11:15 - 2017-07-27 20:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-13 11:15 - 2017-07-27 20:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-13 11:15 - 2017-07-27 20:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-13 11:15 - 2017-07-27 20:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-13 11:15 - 2017-07-27 20:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-13 11:15 - 2017-07-27 20:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-13 11:15 - 2017-07-27 20:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-13 11:15 - 2017-07-27 20:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-13 11:15 - 2017-07-27 20:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-13 11:15 - 2017-07-27 20:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-13 11:15 - 2017-07-27 20:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-13 11:15 - 2017-07-27 20:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-13 11:15 - 2017-07-27 20:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-13 11:15 - 2017-07-27 20:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-13 11:15 - 2017-07-27 20:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-13 11:15 - 2017-07-27 20:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-13 11:15 - 2017-07-27 20:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-13 11:15 - 2017-07-27 20:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-13 11:15 - 2017-07-27 20:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-13 11:15 - 2017-07-27 20:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-13 11:15 - 2017-07-27 20:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-13 11:15 - 2017-07-27 20:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-13 11:15 - 2017-07-27 20:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-13 11:15 - 2017-07-27 20:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-13 11:15 - 2017-07-27 20:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-13 11:15 - 2017-07-27 20:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-13 11:15 - 2017-07-27 20:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-13 11:15 - 2017-07-27 20:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-13 11:15 - 2017-07-27 20:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-13 11:15 - 2017-07-27 20:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-13 11:15 - 2017-07-27 20:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-13 11:15 - 2017-07-27 20:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-13 11:15 - 2017-07-27 20:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-13 11:15 - 2017-07-27 20:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-13 11:15 - 2017-07-27 20:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-13 11:15 - 2017-07-27 20:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-13 11:15 - 2017-07-27 20:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-13 11:15 - 2017-07-27 20:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-13 11:15 - 2017-07-27 20:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-13 09:22 - 2017-08-14 07:55 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-13 09:21 - 2017-08-14 07:55 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-08-13 09:20 - 2017-08-15 16:56 - 000000000 ____D C:\Users\Chris\Desktop\SmitfraudFix
2017-08-13 09:20 - 2017-08-14 06:59 - 000002523 _____ C:\rapport.txt
2017-08-13 09:20 - 2017-08-14 06:59 - 000000214 _____ C:\WINDOWS\SysWOW64\tmp.reg
2017-08-13 09:20 - 2017-08-14 06:59 - 000000000 _____ C:\WINDOWS\SysWOW64\tmp.txt
2017-08-13 09:20 - 2009-06-02 11:17 - 000075776 _____ C:\WINDOWS\SysWOW64\WS2Fix.exe
2017-08-13 09:20 - 2008-12-12 01:57 - 000078336 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\Agent.OMZ.Fix.exe
2017-08-13 09:20 - 2008-11-29 18:58 - 000082944 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\IEDFix.C.exe
2017-08-13 09:20 - 2008-10-01 15:51 - 000087552 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\VACFix.exe
2017-08-13 09:20 - 2008-09-20 12:45 - 000080384 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\o4Patch.exe
2017-08-13 09:20 - 2008-08-18 12:19 - 000082432 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\404Fix.exe
2017-08-13 09:20 - 2008-05-18 21:40 - 000082944 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\IEDFix.exe
2017-08-13 09:20 - 2007-09-06 00:22 - 000289144 _____ (S!Ri) C:\WINDOWS\SysWOW64\VCCLSID.exe
2017-08-13 09:20 - 2006-12-01 06:20 - 000079360 _____ (SteelWerX) C:\WINDOWS\SysWOW64\swxcacls.exe
2017-08-13 09:20 - 2006-08-29 19:43 - 000135168 _____ (SteelWerX) C:\WINDOWS\SysWOW64\swreg.exe
2017-08-13 09:20 - 2006-04-27 17:49 - 000288417 _____ (S!Ri) C:\WINDOWS\SysWOW64\SrchSTS.exe
2017-08-13 09:20 - 2006-01-09 10:36 - 000040960 _____ C:\WINDOWS\SysWOW64\swsc.exe
2017-08-13 09:20 - 2004-07-31 18:50 - 000051200 _____ C:\WINDOWS\SysWOW64\dumphive.exe
2017-08-13 09:00 - 2017-08-13 09:08 - 1587609600 _____ C:\Users\Chris\Desktop\ubuntu-16.04.3-desktop-amd64.iso
2017-08-13 06:16 - 2017-08-13 06:16 - 000006339 _____ C:\Users\Chris\Desktop\hijackthis_logfile_08_13_2017
2017-08-13 06:10 - 2017-08-13 06:11 - 000156774 _____ C:\TDSSKiller.3.1.0.15_13.08.2017_06.10.12_log.txt
2017-08-13 05:55 - 2017-08-13 06:11 - 000000872 _____ C:\Users\Chris\Desktop\Install Kaspersky Anti-Virus version .lnk
2017-08-13 05:52 - 2017-08-13 05:52 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Chris\Desktop\tdsskiller.exe
2017-08-11 14:17 - 2017-08-11 14:18 - 000156048 _____ C:\TDSSKiller.3.1.0.15_11.08.2017_14.17.46_log.txt
2017-08-11 14:13 - 2017-08-11 14:13 - 000388608 _____ (Trend Micro Inc.) C:\Users\Chris\Desktop\HijackThis.exe
2017-08-11 13:59 - 2017-08-11 13:59 - 000000706 _____ C:\Program Files (x86)\LMIR0002.tmp.bat
2017-08-11 13:59 - 2017-08-11 13:59 - 000000514 _____ C:\Program Files (x86)\LMIR0002.tmp_r.bat
2017-08-11 10:49 - 2017-08-11 10:49 - 000000000 ____D C:\$WINDOWS.~LS
2017-08-11 10:26 - 2017-08-11 10:26 - 3638820864 _____ C:\Users\Test\Desktop\Windows.iso
2017-08-11 10:26 - 2017-08-11 10:26 - 000961144 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Test\Downloads\rufus-2.16 (1).exe
2017-08-11 10:20 - 2017-08-11 10:20 - 018357776 _____ (Microsoft Corporation) C:\Users\Test\Downloads\MediaCreationTool.exe
2017-08-11 10:20 - 2017-08-11 10:20 - 000000000 ___HD C:\$Windows.~WS
2017-08-11 10:02 - 2017-08-11 10:02 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-08-11 10:01 - 2017-08-11 10:35 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-08-11 09:53 - 2017-08-11 09:53 - 000961144 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Test\Downloads\rufus-2.16.exe
2017-08-11 09:53 - 2017-08-11 09:53 - 000000000 ____D C:\Users\Test\AppData\Roaming\WebStorage
2017-08-11 09:52 - 2017-08-11 10:26 - 000000000 ____D C:\Users\Test\AppData\Local\Google
2017-08-11 09:19 - 2017-08-20 06:18 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-08-11 08:58 - 2017-08-11 08:58 - 000000000 ____D C:\Users\Test\AppData\Roaming\Macromedia
2017-08-11 08:57 - 2017-08-11 08:57 - 000000000 ____D C:\Users\Test\AppData\Roaming\Adobe
2017-08-11 08:44 - 2017-08-11 09:19 - 000000000 ____D C:\Users\Test\AppData\Local\packages
2017-08-11 08:42 - 2017-08-12 10:26 - 000000000 ____D C:\Users\Test\AppData\Local\CrashDumps
2017-08-11 08:42 - 2017-08-11 08:42 - 000001321 _____ C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AEGIS_II_AsToastHelper.lnk
2017-08-11 08:42 - 2017-08-11 08:42 - 000000020 ___SH C:\Users\Test\ntuser.ini
2017-08-11 08:42 - 2017-08-11 08:42 - 000000000 ____D C:\Users\Test\Documents\AEGIS II
2017-08-11 08:42 - 2017-08-11 08:42 - 000000000 ____D C:\Users\Test\AppData\Local\TileDataLayer
2017-08-11 08:42 - 2017-08-11 08:42 - 000000000 ____D C:\Users\Test\AppData\Local\DBG
2017-08-11 08:42 - 2017-08-11 08:42 - 000000000 ____D C:\Users\Test\AppData\Local\ConnectedDevicesPlatform
2017-08-11 08:42 - 2017-08-11 08:42 - 000000000 ____D C:\Users\Test\AppData\Local\ASUS
2017-08-11 08:42 - 2017-08-11 08:42 - 000000000 ____D C:\Users\Test
2017-08-11 08:40 - 2017-08-11 09:16 - 000003654 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-08-11 08:34 - 2017-08-13 07:45 - 000000000 ____D C:\WINDOWS\pss
2017-08-11 08:33 - 2017-08-11 15:54 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue Applet
2017-08-11 08:33 - 2017-08-11 13:59 - 000000000 ____D C:\Users\Chris\AppData\Local\LogMeIn Rescue Applet
2017-08-11 08:33 - 2017-08-11 08:33 - 000002297 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support.lnk
2017-08-11 06:47 - 2017-08-11 06:52 - 000000216 _____ C:\Users\Chris\Desktop\Windows 10 Home - ProduKey.txt
2017-08-11 06:45 - 2017-08-11 06:52 - 000000000 ____D C:\Users\Chris\Desktop\produkey-x64
2017-08-10 07:29 - 2017-08-10 07:29 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Sync App Settings
2017-08-09 10:51 - 2017-08-09 10:51 - 000000488 _____ C:\WINDOWS\Tasks\DriverMax Notification.job
2017-08-09 10:51 - 2017-08-09 10:51 - 000000000 ____D C:\Users\Chris\My Drivers
2017-08-09 10:50 - 2017-08-09 10:50 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Innovative Solutions
2017-08-09 10:50 - 2017-08-09 10:50 - 000000000 ____D C:\Users\Chris\AppData\Local\Innovative Solutions
2017-08-09 10:50 - 2017-08-09 10:50 - 000000000 ____D C:\My Drivers
2017-08-09 10:42 - 2017-08-09 10:42 - 000000000 ____D C:\Users\Public\Thunder Network
2017-08-09 10:42 - 2017-08-09 10:42 - 000000000 ____D C:\ProgramData\Thunder Network
2017-08-09 10:41 - 2017-08-09 10:50 - 000000000 ____D C:\Program Files (x86)\OSTotoSoft
2017-08-09 10:41 - 2017-08-09 10:41 - 012175000 _____ (OSToto Co., Ltd.) C:\Users\Chris\Desktop\DriverTalent_setup.exe
2017-08-09 10:41 - 2017-08-09 10:41 - 000000000 ____D C:\Users\Chris\AppData\Roaming\DriverTalent
2017-08-09 10:41 - 2017-08-09 10:41 - 000000000 ____D C:\ProgramData\DriverTalent
2017-08-09 10:41 - 2017-08-09 10:41 - 000000000 ____D C:\OSTotoFolder
2017-08-08 20:58 - 2017-08-08 20:59 - 000000000 ____D C:\Users\Chris\AppData\Roaming\EAC
2017-08-08 20:58 - 2017-08-08 20:58 - 000001146 _____ C:\Users\Public\Desktop\Exact Audio Copy.lnk
2017-08-08 20:58 - 2017-08-08 20:58 - 000000000 ____D C:\Users\Chris\AppData\Roaming\AccurateRip
2017-08-08 20:58 - 2017-08-08 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2017-08-08 20:58 - 2017-08-08 20:58 - 000000000 ____D C:\Program Files (x86)\Exact Audio Copy
2017-08-08 16:05 - 2017-08-08 17:00 - 000028973 _____ C:\Users\Chris\Desktop\MTB.txt
2017-08-08 16:03 - 2017-08-08 16:03 - 000000555 _____ C:\Users\Chris\Desktop\JRT.txt
2017-08-07 13:02 - 2017-08-07 13:08 - 334098432 _____ C:\Users\Chris\Desktop\kav_rescue_10.iso
2017-08-07 12:59 - 2017-08-07 12:59 - 005200384 _____ (AVAST Software) C:\Users\Chris\Desktop\aswmbr.exe
2017-08-07 12:58 - 2017-08-07 12:58 - 000380928 _____ C:\Users\Chris\Desktop\iexplore.exe.exe
2017-08-07 11:46 - 2017-08-07 11:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2017-08-07 11:27 - 2017-08-07 11:27 - 019733696 _____ (Microsoft Corporation) C:\Users\Chris\Desktop\MediaCreationToolx64.exe
2017-08-07 10:03 - 2017-08-07 10:16 - 000000000 ___HD C:\$SysReset
2017-08-07 09:34 - 2017-08-07 09:34 - 044003024 _____ (Microsoft Corporation) C:\Users\Chris\Desktop\Windows-KB890830-x64-V5.50.exe
2017-08-06 06:12 - 2017-08-06 06:12 - 000000416 _____ C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
2017-08-06 06:12 - 2017-07-11 12:41 - 000365248 _____ (COMODO) C:\ProgramData\cmdres.dll
2017-08-06 06:12 - 2017-07-11 12:36 - 004784320 _____ (COMODO) C:\ProgramData\cis681E.exe
2017-08-06 06:07 - 2017-08-06 06:07 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2017-08-06 06:07 - 2017-08-06 06:07 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2017-08-06 05:58 - 2017-08-18 15:19 - 000000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2017-08-05 16:38 - 2017-08-05 16:38 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IM-Magic Partition Resizer Free
2017-08-05 16:09 - 2017-08-05 16:09 - 000000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2017-08-05 15:45 - 2017-08-06 06:14 - 000000000 ____D C:\Program Files (x86)\Comodo
2017-08-05 15:45 - 2017-08-06 06:08 - 000000000 ____D C:\Users\Chris\AppData\Local\Comodo
2017-08-05 15:43 - 2017-08-06 06:14 - 000000000 ____D C:\ProgramData\Comodo
2017-08-05 15:43 - 2017-08-05 15:43 - 000000000 ____D C:\ProgramData\Shared Space
2017-08-05 15:43 - 2017-08-05 15:43 - 000000000 ____D C:\ProgramData\Comodo Downloader
2017-08-04 18:55 - 2017-08-04 18:55 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2017-08-04 18:55 - 2017-08-04 18:55 - 000000000 ____D C:\Program Files\Unlocker
2017-08-04 12:22 - 2017-08-04 12:22 - 243020056 _____ (Sophos Limited) C:\Users\Chris\Desktop\SophosInstall.exe
2017-08-04 11:19 - 2017-08-14 09:50 - 000000000 ____D C:\Users\Chris\Desktop\gmer
2017-08-04 11:14 - 2017-08-04 20:49 - 000000000 ____D C:\ProgramData\Sophos
2017-08-04 11:13 - 2017-08-04 20:48 - 000000000 ____D C:\Program Files (x86)\Sophos
2017-08-04 11:13 - 2017-08-04 11:13 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-08-04 11:13 - 2017-08-04 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-08-04 07:27 - 2017-08-04 07:28 - 000003543 _____ C:\Users\Chris\Desktop\Bleeping Computer - Broni Help.txt
2017-08-04 07:26 - 2017-08-04 07:26 - 173494704 _____ (Sophos Limited) C:\Users\Chris\Desktop\Sophos Virus Removal Tool.exe
2017-08-04 07:26 - 2017-08-04 07:26 - 001790024 _____ (Malwarebytes) C:\Users\Chris\Desktop\Junkware Removal Tool.exe
2017-08-04 07:25 - 2017-08-04 07:25 - 008185288 _____ (Malwarebytes) C:\Users\Chris\Desktop\AdwCleaner.exe
2017-08-04 07:25 - 2017-08-04 07:25 - 000448512 _____ (OldTimer Tools) C:\Users\Chris\Desktop\Temp File Cleaner.exe
2017-08-03 14:08 - 2015-06-30 21:33 - 004506840 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-08-03 14:08 - 2015-06-30 20:17 - 002897741 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-08-03 14:08 - 2015-06-30 19:36 - 001748696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-08-03 14:08 - 2015-06-30 16:04 - 000184688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-08-03 14:08 - 2015-06-30 15:10 - 002931416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-08-03 14:08 - 2015-06-30 15:10 - 002585816 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2017-08-03 14:08 - 2015-06-26 20:10 - 001310936 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-08-03 14:08 - 2015-06-25 17:43 - 002461528 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2017-08-03 14:08 - 2015-06-25 17:43 - 002393432 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2017-08-03 14:08 - 2015-06-24 23:41 - 000944984 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2017-08-03 14:08 - 2015-06-24 23:41 - 000349528 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2017-08-03 14:08 - 2015-06-22 14:43 - 002702552 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-08-03 14:08 - 2015-06-17 14:45 - 003234520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-08-03 14:08 - 2015-06-11 19:40 - 003157796 _____ C:\WINDOWS\system32\Drivers\rtkSSTsetting.dat
2017-08-03 14:08 - 2015-06-10 13:20 - 003129672 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2017-08-03 14:08 - 2015-06-10 13:20 - 000728392 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2017-08-03 14:08 - 2015-06-09 11:17 - 005708736 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2017-08-03 14:08 - 2015-06-02 19:25 - 001576976 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-08-03 14:08 - 2015-05-25 15:18 - 003195416 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2017-08-03 14:08 - 2015-05-15 19:27 - 002918104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-08-03 14:08 - 2015-05-11 18:53 - 012996528 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2017-08-03 14:08 - 2015-05-11 13:08 - 001374640 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2017-08-03 14:08 - 2015-05-11 13:08 - 001192368 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2017-08-03 14:08 - 2015-05-11 13:08 - 001145264 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2017-08-03 14:08 - 2015-05-11 13:08 - 000980400 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2017-08-03 14:08 - 2015-04-27 16:09 - 000328816 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2017-08-03 14:08 - 2015-04-24 05:42 - 000858256 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-08-03 14:08 - 2015-04-24 05:42 - 000684176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-08-03 14:08 - 2015-04-24 05:42 - 000435856 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-08-03 14:08 - 2015-04-24 05:41 - 000555664 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.DLL
2017-08-03 14:08 - 2015-04-13 16:25 - 003262184 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2017-08-03 14:08 - 2015-02-05 17:48 - 012834736 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2017-08-03 14:08 - 2015-02-05 17:48 - 002789808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2017-08-03 14:08 - 2015-02-04 00:38 - 001413776 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-08-03 14:08 - 2015-02-04 00:38 - 000454288 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-08-03 14:08 - 2015-02-04 00:38 - 000369296 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-08-03 14:08 - 2015-02-04 00:38 - 000329360 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-08-03 14:08 - 2015-02-04 00:38 - 000329360 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-08-03 14:08 - 2015-01-23 18:16 - 000213432 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaemaxapo64.dll
2017-08-03 14:08 - 2015-01-19 18:10 - 072113152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-08-03 14:08 - 2014-12-11 08:10 - 001104040 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-08-03 14:08 - 2014-12-11 08:10 - 000943784 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-08-03 14:08 - 2014-12-11 08:10 - 000734376 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-08-03 14:08 - 2014-12-11 08:10 - 000250536 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-08-03 14:08 - 2014-12-09 07:42 - 006255888 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2017-08-03 14:08 - 2014-12-09 07:42 - 001933584 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2017-08-03 14:08 - 2014-12-09 07:42 - 000349968 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2017-08-03 14:08 - 2014-12-09 07:42 - 000298768 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2017-08-03 14:08 - 2014-11-11 13:44 - 000631000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-08-03 14:08 - 2014-10-24 10:12 - 005234952 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2017-08-03 14:08 - 2014-10-24 10:12 - 000995120 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2017-08-03 14:08 - 2014-09-24 11:31 - 007087448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-08-03 14:08 - 2014-09-24 11:31 - 001939800 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-08-03 14:08 - 2014-09-24 11:31 - 000315736 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-08-03 14:08 - 2014-09-24 11:31 - 000261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-08-03 14:08 - 2014-06-17 19:17 - 000856992 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2017-08-03 14:08 - 2014-06-09 10:59 - 000560328 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2017-08-03 14:08 - 2014-05-22 16:24 - 000096568 _____ C:\WINDOWS\system32\audioLibVc.dll
2017-08-03 14:08 - 2014-04-10 12:19 - 002101848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2017-08-03 14:08 - 2014-04-10 12:19 - 002041432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2017-08-03 14:08 - 2014-02-27 20:02 - 002162992 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2017-08-03 14:08 - 2014-01-31 17:27 - 001313904 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2017-08-03 14:08 - 2013-10-11 12:47 - 000113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-08-03 14:08 - 2013-10-11 11:31 - 000947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2017-08-03 14:08 - 2013-10-07 00:26 - 000501184 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2017-08-03 14:08 - 2013-10-07 00:26 - 000487360 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2017-08-03 14:08 - 2013-10-07 00:26 - 000415680 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2017-08-03 14:08 - 2013-08-14 15:36 - 000662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2017-08-03 14:08 - 2013-08-14 15:35 - 000663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2017-08-03 14:08 - 2013-07-23 15:39 - 014048512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2017-08-03 14:08 - 2013-07-23 15:39 - 000922880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2017-08-03 14:08 - 2013-06-25 12:47 - 000871856 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
2017-08-03 14:08 - 2013-06-25 12:47 - 000162224 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
2017-08-03 14:08 - 2013-06-25 12:46 - 000582056 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
2017-08-03 14:08 - 2013-06-21 11:01 - 000109848 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2017-08-03 14:08 - 2013-04-03 14:13 - 000906800 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2017-08-03 14:08 - 2012-08-31 19:18 - 007164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-08-03 14:08 - 2012-08-31 19:17 - 000434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-08-03 14:08 - 2012-08-31 19:17 - 000141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-08-03 14:08 - 2012-08-31 19:17 - 000124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-08-03 14:08 - 2012-08-31 19:17 - 000075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-08-03 14:08 - 2012-03-08 11:47 - 000108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2017-08-03 14:08 - 2012-01-10 10:20 - 000065944 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2017-08-03 14:08 - 2011-12-20 15:32 - 000331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-08-03 14:08 - 2011-09-02 14:21 - 000221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2017-08-03 14:08 - 2011-09-02 14:21 - 000081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2017-08-03 14:08 - 2011-09-02 14:21 - 000078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2017-08-03 14:08 - 2011-08-23 17:00 - 000603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 001756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 001568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 001486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-08-03 14:08 - 2011-05-31 09:42 - 000241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-08-03 14:08 - 2011-03-17 12:17 - 001361336 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2017-08-03 14:08 - 2011-03-07 17:11 - 000148416 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2017-08-03 14:08 - 2010-11-08 07:31 - 000375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-08-03 14:08 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-08-03 14:08 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-08-03 14:08 - 2010-11-08 07:31 - 000204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-08-03 14:08 - 2010-11-08 07:31 - 000101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-08-03 14:08 - 2010-11-08 07:31 - 000078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-08-03 14:08 - 2010-09-27 09:34 - 000318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2017-08-03 14:08 - 2010-07-22 16:48 - 000074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2017-08-03 14:08 - 2009-11-24 09:55 - 000518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-08-03 14:08 - 2009-11-24 09:55 - 000211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2017-08-03 14:08 - 2009-11-24 09:55 - 000198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2017-08-03 14:08 - 2009-11-24 09:55 - 000155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-08-03 14:04 - 2017-08-03 14:04 - 000000000 ____D C:\Users\Chris\AppData\Roaming\ASUS
2017-08-03 13:14 - 2017-08-03 13:14 - 000000000 ____D C:\Program Files\Common Files\Nikon
2017-08-03 13:14 - 2017-08-03 13:14 - 000000000 ____D C:\Program Files (x86)\Nikon
2017-08-03 13:13 - 2017-08-06 06:16 - 000000000 ____D C:\Program Files\Nikon
2017-08-03 13:13 - 2017-08-03 13:13 - 000002163 _____ C:\Users\Public\Desktop\Capture NX-D.lnk
2017-08-03 13:13 - 2017-08-03 13:13 - 000000000 ____D C:\WINDOWS\Downloaded Installations
2017-08-03 13:13 - 2017-08-03 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capture NX-D
2017-08-03 13:08 - 2017-08-03 13:08 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-08-03 13:03 - 2017-08-03 14:02 - 000000000 ____D C:\Nikon Coolpix S6800
2017-08-03 08:37 - 2017-08-03 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-08-03 08:37 - 2017-08-03 08:37 - 000000000 ____D C:\Program Files\7-Zip
2017-08-03 07:46 - 2017-08-03 13:14 - 000000000 ____D C:\Users\Chris\AppData\Local\Downloaded Installations
2017-08-03 07:32 - 2017-08-03 07:32 - 000000000 ____D C:\Users\Chris\AppData\Roaming\FireShot
2017-08-02 22:52 - 2017-08-14 08:38 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-02 22:51 - 2017-08-14 08:38 - 000000000 ____D C:\Users\Chris\Desktop\mbar
2017-08-02 21:58 - 2017-08-02 23:25 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Chris\Desktop\rkill.exe
2017-08-02 21:57 - 2017-08-02 21:57 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Chris\Desktop\mbar-1.09.3.1001.exe
2017-08-02 21:56 - 2017-08-02 21:56 - 000892416 _____ (Farbar) C:\Users\Chris\Desktop\MiniToolBox.exe
2017-08-02 21:55 - 2017-08-02 21:55 - 000852798 _____ C:\Users\Chris\Desktop\SecurityCheck.exe
2017-08-02 18:46 - 2017-07-06 22:31 - 001518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-08-02 18:46 - 2017-07-06 22:00 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-08-02 18:46 - 2017-07-06 21:59 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-08-02 18:46 - 2017-07-06 21:58 - 002298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-08-02 18:46 - 2017-07-06 21:58 - 001237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-08-02 18:46 - 2017-06-19 21:15 - 000455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-08-02 18:46 - 2017-06-19 21:08 - 004469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-08-02 18:46 - 2017-06-19 21:04 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-08-02 18:46 - 2017-06-19 21:02 - 001121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-08-02 18:46 - 2017-06-19 21:00 - 002597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-08-02 18:46 - 2017-06-19 20:39 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-08-02 18:46 - 2017-06-19 20:35 - 002679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-08-02 18:46 - 2017-06-19 20:35 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-02 18:46 - 2017-06-19 20:34 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-08-02 18:46 - 2017-06-19 20:34 - 001492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-08-02 18:45 - 2017-07-07 06:00 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-08-02 18:45 - 2017-07-06 23:26 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-08-02 18:45 - 2017-07-06 23:25 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-08-02 18:45 - 2017-07-06 23:24 - 000117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-08-02 18:45 - 2017-07-06 23:22 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-08-02 18:45 - 2017-07-06 23:21 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-08-02 18:45 - 2017-07-06 23:20 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-08-02 18:45 - 2017-07-06 23:20 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-08-02 18:45 - 2017-07-06 23:14 - 001760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-08-02 18:45 - 2017-07-06 23:13 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-08-02 18:45 - 2017-07-06 23:11 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-08-02 18:45 - 2017-07-06 23:10 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-08-02 18:45 - 2017-07-06 23:10 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-08-02 18:45 - 2017-07-06 23:09 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-08-02 18:45 - 2017-07-06 23:07 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-08-02 18:45 - 2017-07-06 23:07 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-08-02 18:45 - 2017-07-06 22:57 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-08-02 18:45 - 2017-07-06 22:57 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-08-02 18:45 - 2017-07-06 22:37 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-08-02 18:45 - 2017-07-06 22:37 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-08-02 18:45 - 2017-07-06 22:31 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-08-02 18:45 - 2017-07-06 22:30 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-08-02 18:45 - 2017-07-06 22:29 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-08-02 18:45 - 2017-07-06 22:27 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-08-02 18:45 - 2017-07-06 22:27 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-08-02 18:45 - 2017-07-06 22:26 - 001529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-08-02 18:45 - 2017-07-06 22:25 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-08-02 18:45 - 2017-07-06 22:22 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-08-02 18:45 - 2017-07-06 22:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-08-02 18:45 - 2017-07-06 22:19 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-08-02 18:45 - 2017-07-06 22:18 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-08-02 18:45 - 2017-07-06 22:18 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-08-02 18:45 - 2017-07-06 22:18 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-08-02 18:45 - 2017-07-06 22:17 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-08-02 18:45 - 2017-07-06 22:17 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-08-02 18:45 - 2017-07-06 22:16 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-08-02 18:45 - 2017-07-06 22:15 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-08-02 18:45 - 2017-07-06 22:14 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-08-02 18:45 - 2017-07-06 22:14 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-08-02 18:45 - 2017-07-06 22:14 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-08-02 18:45 - 2017-07-06 22:14 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-08-02 18:45 - 2017-07-06 22:13 - 005892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-08-02 18:45 - 2017-07-06 22:12 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-08-02 18:45 - 2017-07-06 22:12 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-08-02 18:45 - 2017-07-06 22:12 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-08-02 18:45 - 2017-07-06 22:11 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-08-02 18:45 - 2017-07-06 22:11 - 001888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-08-02 18:45 - 2017-07-06 22:11 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-08-02 18:45 - 2017-07-06 22:10 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-08-02 18:45 - 2017-07-06 22:09 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-08-02 18:45 - 2017-07-06 22:08 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-08-02 18:45 - 2017-07-06 22:07 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-08-02 18:45 - 2017-07-06 22:07 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-08-02 18:45 - 2017-07-06 22:06 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-08-02 18:45 - 2017-07-06 22:06 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-08-02 18:45 - 2017-07-06 22:06 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-08-02 18:45 - 2017-07-06 22:05 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-08-02 18:45 - 2017-07-06 22:05 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-08-02 18:45 - 2017-07-06 22:04 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-08-02 18:45 - 2017-07-06 22:04 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-08-02 18:45 - 2017-07-06 22:04 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-08-02 18:45 - 2017-07-06 22:03 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-08-02 18:45 - 2017-07-06 22:02 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-08-02 18:45 - 2017-07-06 22:01 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-02 18:45 - 2017-07-06 22:00 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-08-02 18:45 - 2017-07-06 22:00 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-08-02 18:45 - 2017-07-06 21:59 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-08-02 18:45 - 2017-07-06 21:58 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-08-02 18:45 - 2017-07-06 21:55 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-08-02 18:45 - 2017-07-06 21:55 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-08-02 18:45 - 2017-07-06 21:53 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-08-02 18:45 - 2017-07-06 21:53 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-08-02 18:45 - 2017-07-01 14:52 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-08-02 18:45 - 2017-06-19 22:17 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-08-02 18:45 - 2017-06-19 22:16 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-08-02 18:45 - 2017-06-19 22:15 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-08-02 18:45 - 2017-06-19 22:11 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-08-02 18:45 - 2017-06-19 22:11 - 000411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-08-02 18:45 - 2017-06-19 22:10 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-08-02 18:45 - 2017-06-19 22:08 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-08-02 18:45 - 2017-06-19 22:05 - 001057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-08-02 18:45 - 2017-06-19 22:04 - 004847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-08-02 18:45 - 2017-06-19 22:03 - 000102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-08-02 18:45 - 2017-06-19 22:02 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-08-02 18:45 - 2017-06-19 22:00 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-08-02 18:45 - 2017-06-19 21:59 - 001220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-08-02 18:45 - 2017-06-19 21:59 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-08-02 18:45 - 2017-06-19 21:58 - 000833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-08-02 18:45 - 2017-06-19 21:34 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-08-02 18:45 - 2017-06-19 21:15 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-08-02 18:45 - 2017-06-19 21:14 - 001150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-08-02 18:45 - 2017-06-19 21:13 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-08-02 18:45 - 2017-06-19 21:13 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-08-02 18:45 - 2017-06-19 21:12 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-08-02 18:45 - 2017-06-19 21:12 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-08-02 18:45 - 2017-06-19 21:11 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-08-02 18:45 - 2017-06-19 21:11 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-08-02 18:45 - 2017-06-19 21:10 - 000722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-08-02 18:45 - 2017-06-19 21:10 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-08-02 18:45 - 2017-06-19 21:10 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-08-02 18:45 - 2017-06-19 21:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-08-02 18:45 - 2017-06-19 21:09 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-08-02 18:45 - 2017-06-19 21:09 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-08-02 18:45 - 2017-06-19 21:09 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-08-02 18:45 - 2017-06-19 21:09 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-08-02 18:45 - 2017-06-19 21:09 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-08-02 18:45 - 2017-06-19 21:08 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-08-02 18:45 - 2017-06-19 21:08 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-08-02 18:45 - 2017-06-19 21:08 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-08-02 18:45 - 2017-06-19 21:08 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-08-02 18:45 - 2017-06-19 21:08 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-08-02 18:45 - 2017-06-19 21:07 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-08-02 18:45 - 2017-06-19 21:07 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-08-02 18:45 - 2017-06-19 21:07 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-08-02 18:45 - 2017-06-19 21:07 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-08-02 18:45 - 2017-06-19 21:07 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-08-02 18:45 - 2017-06-19 21:07 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-08-02 18:45 - 2017-06-19 21:07 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-08-02 18:45 - 2017-06-19 21:06 - 000754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-08-02 18:45 - 2017-06-19 21:06 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-08-02 18:45 - 2017-06-19 21:06 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-08-02 18:45 - 2017-06-19 21:05 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-08-02 18:45 - 2017-06-19 21:05 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-08-02 18:45 - 2017-06-19 21:04 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-08-02 18:45 - 2017-06-19 21:04 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-08-02 18:45 - 2017-06-19 21:04 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-08-02 18:45 - 2017-06-19 21:04 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-08-02 18:45 - 2017-06-19 21:04 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-08-02 18:45 - 2017-06-19 21:04 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-08-02 18:45 - 2017-06-19 21:04 - 000181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-08-02 18:45 - 2017-06-19 21:04 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-08-02 18:45 - 2017-06-19 21:04 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-08-02 18:45 - 2017-06-19 21:03 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-08-02 18:45 - 2017-06-19 21:03 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-08-02 18:45 - 2017-06-19 21:02 - 000354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-08-02 18:45 - 2017-06-19 21:01 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-08-02 18:45 - 2017-06-19 21:00 - 002171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-08-02 18:45 - 2017-06-19 20:59 - 001674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-08-02 18:45 - 2017-06-19 20:56 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-08-02 18:45 - 2017-06-19 20:49 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-08-02 18:45 - 2017-06-19 20:49 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-08-02 18:45 - 2017-06-19 20:46 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-08-02 18:45 - 2017-06-19 20:45 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-08-02 18:45 - 2017-06-19 20:45 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-08-02 18:45 - 2017-06-19 20:43 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-08-02 18:45 - 2017-06-19 20:43 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-08-02 18:45 - 2017-06-19 20:43 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-08-02 18:45 - 2017-06-19 20:43 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-08-02 18:45 - 2017-06-19 20:43 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-08-02 18:45 - 2017-06-19 20:43 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-08-02 18:45 - 2017-06-19 20:42 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-08-02 18:45 - 2017-06-19 20:42 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-08-02 18:45 - 2017-06-19 20:42 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-08-02 18:45 - 2017-06-19 20:42 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-08-02 18:45 - 2017-06-19 20:42 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-08-02 18:45 - 2017-06-19 20:41 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-08-02 18:45 - 2017-06-19 20:41 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-08-02 18:45 - 2017-06-19 20:41 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-08-02 18:45 - 2017-06-19 20:41 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-08-02 18:45 - 2017-06-19 20:41 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-08-02 18:45 - 2017-06-19 20:40 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-08-02 18:45 - 2017-06-19 20:40 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-08-02 18:45 - 2017-06-19 20:40 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-08-02 18:45 - 2017-06-19 20:40 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-08-02 18:45 - 2017-06-19 20:39 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-08-02 18:45 - 2017-06-19 20:39 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-08-02 18:45 - 2017-06-19 20:39 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-08-02 18:45 - 2017-06-19 20:39 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-08-02 18:45 - 2017-06-19 20:38 - 001451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-08-02 18:45 - 2017-06-19 20:38 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-08-02 18:45 - 2017-06-19 20:38 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-08-02 18:45 - 2017-06-19 20:38 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-08-02 18:45 - 2017-06-19 20:38 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-08-02 18:45 - 2017-06-19 20:37 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-08-02 18:45 - 2017-06-19 20:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-08-02 18:45 - 2017-06-19 20:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-08-02 18:45 - 2017-06-19 20:30 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-08-02 18:45 - 2017-06-19 20:30 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-08-02 18:45 - 2017-06-19 20:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-08-02 18:45 - 2017-06-19 20:28 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-08-02 18:44 - 2017-07-06 23:27 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-08-02 18:44 - 2017-07-06 23:27 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-08-02 18:44 - 2017-07-06 23:27 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-08-02 18:44 - 2017-07-06 23:27 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-08-02 18:44 - 2017-07-06 23:27 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-08-02 18:44 - 2017-07-06 23:17 - 001017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-08-02 18:44 - 2017-07-06 23:14 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-08-02 18:44 - 2017-07-06 23:13 - 000147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-08-02 18:44 - 2017-07-06 23:12 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-08-02 18:44 - 2017-07-06 23:10 - 000372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-08-02 18:44 - 2017-07-06 22:27 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-08-02 18:44 - 2017-07-06 22:27 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-08-02 18:44 - 2017-07-06 22:27 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-08-02 18:44 - 2017-07-06 22:27 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-08-02 18:44 - 2017-07-06 22:23 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-08-02 18:44 - 2017-07-06 22:22 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-08-02 18:44 - 2017-07-06 22:21 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-08-02 18:44 - 2017-07-06 22:19 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-08-02 18:44 - 2017-07-06 22:19 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-08-02 18:44 - 2017-07-06 22:18 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-08-02 18:44 - 2017-07-06 22:13 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-08-02 18:44 - 2017-07-06 22:12 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-02 18:44 - 2017-07-06 22:12 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-08-02 18:44 - 2017-07-06 22:12 - 001420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-08-02 18:44 - 2017-07-06 22:11 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-08-02 18:44 - 2017-07-06 22:11 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-08-02 18:44 - 2017-07-06 22:11 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-08-02 18:44 - 2017-07-06 22:07 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-08-02 18:44 - 2017-07-06 22:07 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-08-02 18:44 - 2017-07-06 22:05 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-08-02 18:44 - 2017-07-06 22:04 - 001703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-08-02 18:44 - 2017-07-06 22:04 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-08-02 18:44 - 2017-06-19 22:18 - 001564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-08-02 18:44 - 2017-06-19 22:18 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-08-02 18:44 - 2017-06-19 22:17 - 000629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-08-02 18:44 - 2017-06-19 22:17 - 000544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-08-02 18:44 - 2017-06-19 22:17 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-08-02 18:44 - 2017-06-19 22:17 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-08-02 18:44 - 2017-06-19 22:16 - 001214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-08-02 18:44 - 2017-06-19 22:03 - 000179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-08-02 18:44 - 2017-06-19 22:02 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-08-02 18:44 - 2017-06-19 22:00 - 000558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-08-02 18:44 - 2017-06-19 22:00 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-08-02 18:44 - 2017-06-19 21:59 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-08-02 18:44 - 2017-06-19 21:58 - 000406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-08-02 18:44 - 2017-06-19 21:58 - 000203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-08-02 18:44 - 2017-06-19 21:16 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-08-02 18:44 - 2017-06-19 21:16 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-08-02 18:44 - 2017-06-19 21:14 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-08-02 18:44 - 2017-06-19 21:13 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-08-02 18:44 - 2017-06-19 21:13 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-08-02 18:44 - 2017-06-19 21:13 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-08-02 18:44 - 2017-06-19 21:12 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-08-02 18:44 - 2017-06-19 21:09 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-08-02 18:44 - 2017-06-19 21:09 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-08-02 18:44 - 2017-06-19 21:09 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-08-02 18:44 - 2017-06-19 21:09 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-08-02 18:44 - 2017-06-19 21:09 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-08-02 18:44 - 2017-06-19 21:08 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-08-02 18:44 - 2017-06-19 21:07 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-08-02 18:44 - 2017-06-19 21:07 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-08-02 18:44 - 2017-06-19 21:07 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-08-02 18:44 - 2017-06-19 21:07 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-08-02 18:44 - 2017-06-19 21:06 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-08-02 18:44 - 2017-06-19 21:06 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-08-02 18:44 - 2017-06-19 21:06 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-08-02 18:44 - 2017-06-19 21:06 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-08-02 18:44 - 2017-06-19 21:06 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-08-02 18:44 - 2017-06-19 21:05 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-08-02 18:44 - 2017-06-19 21:05 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-08-02 18:44 - 2017-06-19 21:05 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-08-02 18:44 - 2017-06-19 21:05 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-08-02 18:44 - 2017-06-19 21:05 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-08-02 18:44 - 2017-06-19 21:04 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-08-02 18:44 - 2017-06-19 21:04 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-08-02 18:44 - 2017-06-19 21:02 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-08-02 18:44 - 2017-06-19 21:02 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-08-02 18:44 - 2017-06-19 21:01 - 003332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-08-02 18:44 - 2017-06-19 21:01 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-08-02 18:44 - 2017-06-19 21:01 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-08-02 18:44 - 2017-06-19 21:01 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-08-02 18:44 - 2017-06-19 21:00 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-08-02 18:44 - 2017-06-19 20:57 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-08-02 18:44 - 2017-06-19 20:57 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-08-02 18:44 - 2017-06-19 20:56 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-08-02 18:02 - 2017-08-11 09:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-02 17:02 - 2017-08-02 21:56 - 000899584 _____ (Farbar) C:\Users\Chris\Desktop\FSS.exe
2017-08-02 12:56 - 2017-08-15 09:57 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-02 12:29 - 2017-08-04 12:30 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-08-01 09:01 - 2017-08-17 16:48 - 000544424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-01 07:44 - 2017-08-01 07:44 - 000000000 ____D C:\Users\Chris\AppData\Local\Publishers
2017-08-01 07:23 - 2017-08-01 07:23 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-TT96U0C-Windows-10-Home-(64-bit).dat
2017-08-01 07:23 - 2017-08-01 07:23 - 000000000 ____D C:\RegBackup
2017-08-01 06:12 - 2017-08-18 13:20 - 000002239 _____ C:\Users\Chris\Desktop\Tweaking.com - Windows Repair.lnk
2017-08-01 06:11 - 2017-08-01 06:11 - 000000574 _____ C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2017-08-01 06:11 - 2017-08-01 06:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-08-01 06:11 - 2017-08-01 06:11 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2017-07-31 20:35 - 2017-08-13 05:54 - 000001591 _____ C:\Users\Chris\Desktop\Install Kaspersky Anti-Virus version 17.0.0.611.lnk
2017-07-31 20:29 - 2017-07-31 20:29 - 000000000 ____D C:\Program Files (x86)\Panda Security
2017-07-31 20:28 - 2017-07-31 20:29 - 000000000 ____D C:\ProgramData\Panda Security
2017-07-31 20:26 - 2017-08-13 12:53 - 000001249 _____ C:\Users\Chris\Desktop\IM-Magic Partition Resizer Free.lnk
2017-07-31 20:26 - 2017-07-31 20:26 - 000000000 ____D C:\Program Files\IM-Magic
2017-07-31 20:21 - 2017-07-31 20:21 - 000000000 ____D C:\Users\Chris\AppData\Local\Zemana
2017-07-31 09:45 - 2017-08-15 09:58 - 000000000 ____D C:\AdwCleaner
2017-07-31 09:45 - 2017-07-31 09:45 - 000000000 ____D C:\Users\Chris\AppData\Roaming\AVAST Software
2017-07-31 09:43 - 2017-08-02 12:29 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150170579535903
2017-07-31 09:42 - 2017-07-31 09:44 - 000126352 _____ C:\TDSSKiller.3.1.0.15_31.07.2017_09.42.40_log.txt
2017-07-31 09:40 - 2017-08-04 15:07 - 000000000 ____D C:\ProgramData\AVAST Software
2017-07-30 21:08 - 2017-07-30 21:08 - 000000000 ____D C:\Users\Chris\Desktop\OpenOffice 4.1.3 (en-US) Installation Files
2017-07-29 18:32 - 2017-08-20 06:19 - 000001953 _____ C:\Users\Public\Desktop\Defraggler.lnk
2017-07-29 18:32 - 2017-07-29 18:32 - 000000000 ____D C:\Program Files\Defraggler
2017-07-29 06:02 - 2017-07-31 20:33 - 000000000 ____D C:\Users\TEMP.DESKTOP-TT96U0C.003
2017-07-29 06:02 - 2017-07-29 06:02 - 000000020 ___SH C:\Users\TEMP.DESKTOP-TT96U0C.003\ntuser.ini
2017-07-28 16:58 - 2017-07-31 20:33 - 000000000 ____D C:\Users\TEMP.DESKTOP-TT96U0C.002
2017-07-28 16:58 - 2017-07-28 16:58 - 000000020 ___SH C:\Users\TEMP.DESKTOP-TT96U0C.002\ntuser.ini
2017-07-28 15:55 - 2017-07-28 15:56 - 000126352 _____ C:\TDSSKiller.3.1.0.15_28.07.2017_15.55.30_log.txt
2017-07-27 10:39 - 2017-07-27 10:40 - 295249968 _____ (Acronis) C:\Users\Chris\Downloads\atih_installer_hd_4061_en-US.exe
2017-07-27 10:38 - 2017-07-27 10:39 - 000000900 _____ C:\Users\Chris\Desktop\Allway_Sync.lnk
2017-07-27 10:17 - 2017-07-27 10:17 - 000001150 _____ C:\Users\Chris\Desktop\Brain Workshop.lnk
2017-07-27 10:17 - 2017-07-27 10:17 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Brain Workshop
2017-07-27 10:17 - 2017-07-27 10:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brain Workshop
2017-07-27 10:17 - 2017-07-27 10:17 - 000000000 ____D C:\Program Files (x86)\Brain Workshop
2017-07-27 09:54 - 2017-07-31 20:33 - 000000000 ____D C:\Users\TEMP.DESKTOP-TT96U0C.001
2017-07-27 09:54 - 2017-07-27 09:54 - 000000020 ___SH C:\Users\TEMP.DESKTOP-TT96U0C.001\ntuser.ini
2017-07-27 09:51 - 2017-07-27 09:51 - 000024576 _____ C:\WINDOWS\system32\UserMgrLog.etl
2017-07-27 09:51 - 2017-07-27 09:51 - 000006144 _____ C:\WINDOWS\system32\umstartup.etl
2017-07-27 09:46 - 2017-08-01 06:31 - 000000000 ____D C:\Users\TEMP.DESKTOP-TT96U0C.000
2017-07-27 09:14 - 2017-07-31 20:33 - 000000000 ____D C:\Users\TEMP.DESKTOP-TT96U0C
2017-07-27 09:14 - 2017-07-27 09:14 - 000000020 ___SH C:\Users\TEMP.DESKTOP-TT96U0C\ntuser.ini
2017-07-27 09:12 - 2017-07-27 09:12 - 000006064 _____ C:\TDSSKiller.3.1.0.15_27.07.2017_09.12.32_log.txt
2017-07-27 09:11 - 2017-07-27 09:11 - 000000562 _____ C:\TDSSKiller.3.1.0.15_27.07.2017_09.11.05_log.txt
2017-07-27 09:09 - 2017-07-27 09:09 - 000000000 ____D C:\TDSSKiller_Quarantine
2017-07-27 09:06 - 2017-07-27 09:10 - 000406738 _____ C:\TDSSKiller.3.1.0.15_27.07.2017_09.06.20_log.txt
2017-07-27 08:57 - 2017-07-27 08:58 - 000026604 _____ C:\TDSSKiller.3.1.0.15_27.07.2017_08.57.46_log.txt
2017-07-27 07:52 - 2017-07-27 07:52 - 000000000 ____D C:\Users\Chris\AppData\Local\Macromedia
2017-07-27 07:47 - 2017-08-03 09:13 - 000000000 ____D C:\Users\Chris\AppData\Local\Adobe
2017-07-27 05:11 - 2017-07-27 05:11 - 000000000 ____D C:\Users\TEMP\Documents\AEGIS II
2017-07-27 05:11 - 2017-07-27 05:11 - 000000000 ____D C:\Users\TEMP\AppData\Local\ASUS
2017-07-27 05:09 - 2017-07-31 20:33 - 000000000 ____D C:\Users\TEMP
2017-07-27 05:09 - 2017-07-27 05:09 - 000000020 ___SH C:\Users\TEMP\ntuser.ini
2017-07-26 13:13 - 2017-08-09 10:32 - 000000738 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-07-26 13:13 - 2017-08-09 10:32 - 000000726 _____ C:\Users\Chris\Desktop\Windows 10 Update Assistant.lnk
2017-07-26 10:50 - 2017-07-26 10:50 - 000057724 _____ C:\Users\Chris\Documents\cc_20170726_105000.reg
2017-07-26 10:18 - 2017-08-13 11:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-07-26 10:17 - 2017-08-13 11:18 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-26 09:31 - 2017-07-26 09:55 - 000000000 ____D C:\Users\Chris\AppData\Roaming\ImgBurn
2017-07-26 09:20 - 2017-08-08 19:47 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2017-07-26 09:18 - 2017-07-26 09:18 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Logitech
2017-07-26 09:16 - 2017-07-26 09:23 - 000000000 ____D C:\Program Files\Logitech
2017-07-26 09:16 - 2017-07-26 09:18 - 000000000 ____D C:\Users\Chris\AppData\Roaming\LogiShrd
2017-07-26 09:16 - 2017-07-26 09:16 - 000000000 ____D C:\Users\Chris\AppData\Local\CEF
2017-07-26 09:15 - 2017-07-26 09:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-07-26 09:15 - 2017-07-26 09:19 - 000000000 ____D C:\ProgramData\LogiShrd
2017-07-26 09:14 - 2017-08-14 09:52 - 000001941 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2017-07-26 09:14 - 2017-08-07 11:46 - 000001953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2017-07-26 09:14 - 2017-07-26 09:20 - 000000000 ____D C:\Program Files\Common Files\LogiShrd
2017-07-26 09:14 - 2017-07-26 09:14 - 000000000 ____D C:\Program Files (x86)\ImgBurn
2017-07-26 06:35 - 2017-07-26 06:35 - 000478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\402E7A16.sys
2017-07-26 06:35 - 2017-07-26 06:35 - 000000000 ____D C:\KVRT_Data
2017-07-26 05:45 - 2017-07-26 05:45 - 000000544 _____ C:\WINDOWS\system32\.crusader
2017-07-26 04:43 - 2017-08-11 10:26 - 000000000 ____D C:\ESD
2017-07-26 02:30 - 2017-08-11 10:44 - 000000000 _____ C:\Recovery.txt
2017-07-25 19:15 - 2017-08-01 04:48 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-07-25 19:15 - 2017-07-26 10:02 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-07-25 19:15 - 2017-07-25 19:15 - 000000000 ____D C:\Program Files\McAfee.com
2017-07-25 19:15 - 2017-07-25 19:15 - 000000000 ____D C:\Program Files\Common Files\AV
2017-07-25 16:56 - 2017-07-25 16:56 - 000000000 ____D C:\Users\Chris\Computer
2017-07-25 16:55 - 2017-08-05 12:14 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-07-25 16:55 - 2017-08-05 12:14 - 000001969 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-07-25 16:55 - 2017-07-25 16:55 - 000000000 ____D C:\Users\Chris\AppData\Local\DBG
2017-07-25 16:55 - 2017-07-25 16:55 - 000000000 ____D C:\Program Files\HitmanPro
2017-07-25 16:54 - 2017-07-26 05:45 - 000000000 ____D C:\ProgramData\HitmanPro
2017-07-25 16:22 - 2017-07-31 20:34 - 000000000 ____D C:\Program Files (x86)\ClamWin
2017-07-25 14:14 - 2017-08-11 10:38 - 000000000 ____D C:\$Windows.~BT
2017-07-25 13:53 - 2017-07-25 13:53 - 000000000 ____D C:\Users\Chris\AppData\Local\VirtualStore

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-20 06:16 - 2017-07-13 11:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-19 23:36 - 2017-07-13 12:19 - 000001051 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-19 23:36 - 2017-07-13 10:10 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2017-08-19 17:00 - 2017-07-13 10:23 - 000000000 ____D C:\WINDOWS\INF
2017-08-19 16:22 - 2017-07-13 12:43 - 000001000 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-19 08:00 - 2017-07-13 12:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-18 17:48 - 2017-07-13 10:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-18 15:23 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-18 15:22 - 2016-06-01 05:39 - 000338824 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-18 15:18 - 2017-07-13 10:35 - 000217864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-18 13:43 - 2016-09-29 21:07 - 000345650 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-08-18 08:23 - 2017-02-02 12:40 - 000000000 ____D C:\Users\Chris\Desktop\Chris Files
2017-08-17 16:52 - 2017-07-13 10:24 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-17 16:30 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_957
2017-08-16 17:40 - 2017-01-31 16:50 - 000000000 ____D C:\Users\Chris\AppData\LocalLow\Mozilla
2017-08-16 16:48 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_592
2017-08-15 17:24 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_190
2017-08-15 15:46 - 2017-07-13 12:29 - 000001025 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-08-14 16:22 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_118
2017-08-13 21:29 - 2017-07-13 12:25 - 000000000 ____D C:\Users\Chris\AppData\Local\ElevatedDiagnostics
2017-08-13 20:49 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_422
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-08-13 11:33 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-08-13 11:32 - 2017-07-13 10:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-13 11:32 - 2017-07-13 10:24 - 000000000 ___RD C:\Program Files\Windows Defender
2017-08-13 11:32 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-13 11:32 - 2017-07-13 10:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-13 11:32 - 2017-07-13 10:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-13 11:32 - 2017-07-13 10:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-08-13 11:22 - 2017-07-13 10:15 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-13 10:45 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_294
2017-08-13 06:33 - 2017-07-13 12:58 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-08-11 10:26 - 2017-07-13 10:09 - 000000000 ____D C:\WINDOWS\Panther
2017-08-11 09:53 - 2017-07-13 10:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-08-11 09:53 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-08-11 09:15 - 2016-09-29 21:26 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-08-11 09:15 - 2016-09-29 21:26 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-08-11 09:10 - 2016-09-29 21:09 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-11 09:09 - 2017-07-13 10:41 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-11 09:01 - 2017-07-13 13:51 - 000000000 ____D C:\ProgramData\APRP
2017-08-09 10:51 - 2017-07-13 10:57 - 000000000 ____D C:\Users\Chris
2017-08-09 10:32 - 2017-07-13 12:23 - 000000000 ____D C:\Windows10Upgrade
2017-08-07 12:24 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_987
2017-08-05 17:20 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_616
2017-08-05 10:01 - 2017-03-06 07:44 - 000000000 ____D C:\Computer
2017-08-04 16:31 - 2008-02-19 17:10 - 000081920 _____ (Soeperman Enterprises Ltd.) C:\Users\Chris\Desktop\BFU.exe
2017-08-03 14:09 - 2017-07-13 10:40 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-08-03 14:09 - 2017-07-13 10:40 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-08-03 14:09 - 2016-09-29 21:03 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-08-03 13:15 - 2016-06-01 05:41 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-03 11:48 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_658
2017-08-03 09:13 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-03 09:13 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-02 18:52 - 2017-07-13 11:10 - 000000000 ____D C:\Users\Chris\AppData\Local\packages
2017-08-01 12:32 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_846
2017-08-01 10:39 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_455
2017-08-01 07:38 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_496
2017-08-01 07:28 - 2015-10-29 23:24 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_60
2017-07-31 20:34 - 2017-07-13 13:08 - 000000270 _____ C:\WINDOWS\Tasks\McAfeeLogon.job
2017-07-31 20:34 - 2017-07-13 10:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-07-31 20:34 - 2017-07-13 10:10 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-31 20:34 - 2016-06-01 05:51 - 000000000 ____D C:\ProgramData\McAfee
2017-07-31 07:15 - 2017-07-13 10:26 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-31 07:15 - 2017-07-13 10:26 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-26 17:34 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-07-26 17:33 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-07-26 17:32 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\Provisioning
2017-07-26 10:03 - 2017-07-13 10:24 - 000000000 ____D C:\WINDOWS\appcompat
2017-07-25 19:17 - 2016-06-01 05:51 - 000000000 ____D C:\Program Files\mcafee
2017-07-25 19:17 - 2015-10-29 23:24 - 000000124 _____ C:\WINDOWS\win.ini
2017-07-25 19:13 - 2017-07-13 13:07 - 000000000 _____ C:\Users\Chris\AppData\Roaming\MCVi2UserDetail.ini

==================== Files in the root of some directories =======

2017-08-11 13:59 - 2017-08-11 13:59 - 000000706 _____ () C:\Program Files (x86)\LMIR0002.tmp.bat
2017-08-11 13:59 - 2017-08-11 13:59 - 000000514 _____ () C:\Program Files (x86)\LMIR0002.tmp_r.bat
2017-07-13 13:07 - 2017-07-25 19:13 - 000000000 _____ () C:\Users\Chris\AppData\Roaming\MCVi2UserDetail.ini
2017-08-06 06:12 - 2017-07-11 12:36 - 004784320 _____ (COMODO) C:\ProgramData\cis681E.exe
2017-08-06 06:12 - 2017-07-11 12:41 - 000365248 _____ (COMODO) C:\ProgramData\cmdres.dll
2017-07-13 10:40 - 2017-07-13 10:40 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\ProgramData\cis681E.exe
C:\ProgramData\cmdres.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-13 21:28

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Chris (20-08-2017 06:40:33)
Running from C:\Users\Chris\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-13 19:07:26)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-152517617-1602392019-748697119-500 - Administrator - Disabled)
Chris (S-1-5-21-152517617-1602392019-748697119-1001 - Administrator - Enabled) => C:\Users\Chris
DefaultAccount (S-1-5-21-152517617-1602392019-748697119-503 - Limited - Disabled)
Guest (S-1-5-21-152517617-1602392019-748697119-501 - Limited - Disabled)
Test (S-1-5-21-152517617-1602392019-748697119-1006 - Administrator - Enabled) => C:\Users\Test

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AEGIS II - Boost Launcher (HKLM-x32\...\{4829AFF2-F50E-44F6-8BC5-C985F2C24CE1}) (Version: 3.00.06 - ASUSTeK Computer Inc.)
AEGIS II - GameALive (HKLM-x32\...\{9A689EB4-C4FA-49C1-80A5-EC49A7F43046}) (Version: 3.00.21 - ASUSTeK Computer Inc.)
AEGIS II - Lighting (HKLM-x32\...\{E7691292-4F73-4EC6-A3F8-126BFDC987F5}) (Version: 3.00.19 - ASUSTeK Computer Inc.)
AEGIS II - System Usage (HKLM-x32\...\{E8D6582C-D43C-452A-9F75-1D8C6BC0AA12}) (Version: 3.00.06 - ASUSTeK Computer Inc.)
AEGIS II - Threshold Setting (HKLM-x32\...\{6C5979A6-97A8-4D0C-8A3F-4F49D2A13055}) (Version: 3.00.07 - ASUSTeK Computer Inc.)
AEGIS II (HKLM-x32\...\{A9FDB6CC-F2D6-4903-87BC-1537931F11B0}) (Version: 2.01.04 - ASUSTeK Computer Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.26.1 - Asmedia Technology)
ASUS App Box (HKLM-x32\...\{F0CE6060-50B1-401E-8357-B6E24DB98D21}) (Version: 1.01.09 - ASUSTeK Computer Inc.)
ASUS Command - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.17 - ASUSTeK Computer Inc.)
ASUS Command - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.01.13 - ASUSTeK Computer Inc.)
ASUS Command - Backup & Recovery (HKLM-x32\...\{34D67DE5-2ECF-4E6B-A243-2C16E2792787}) (Version: 2.01.17 - ASUSTeK Computer Inc.)
ASUS Command - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.01.18 - ASUSTeK Computer Inc.)
ASUS Command - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.02.09 - ASUSTeK Computer Inc.)
ASUS Command - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.05.05 - ASUSTeK Computer Inc.)
ASUS Command (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.11.01 - ASUSTeK Computer Inc.)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Brain Workshop 4.8.4 (HKLM-x32\...\Brain Workshop_is1) (Version: 4.8.4 - Paul Hoskinson & Jonathan Toomim)
Capture NX-D (HKLM\...\{2D088846-B670-47AF-91C3-76E0B3E887C3}) (Version: 1.4.5 - Nikon Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.1 - ASUSTek Computer Inc.)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Exact Audio Copy 1.3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.3 - Andre Wiethoff)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.1.21155 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IM-Magic Partition Resizer Free 2017 (HKLM-x32\...\IM_Magic_PR) (Version: 2017 - IM-Magic Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 55.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.2 (x64 en-US)) (Version: 55.0.2 - Mozilla)
Mozilla Firefox 55.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.2 (x86 en-US)) (Version: 55.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.879.110515 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0282 - REALTEK Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.1 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.11.399 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} =>  -> No File
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (Foxit Software Inc.)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-10-21] (NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (Foxit Software Inc.)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B628FA1-549D-4AB8-9BD8-F978449E7B8B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {0CAAD5B0-D99B-45EB-87E4-73549342B363} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe [2013-04-02] (ASUSTek Computer Inc.) <==== ATTENTION
Task: {10560CE2-E384-4320-97E8-19B31B4DBB1C} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {16CC14BF-CC6F-48C0-99F5-21374547D563} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {191706EB-30DC-4CAF-9893-F99418BBC7E7} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-25] (ASUSTek Computer Inc.)
Task: {2B92089D-CED5-4F82-AFED-E256DD0520B5} - System32\Tasks\ASUS\ASUS OCULUS WIZARD HELPER => C:\PROGRAM FILES (X86)\ASUS\ASUS OCULUS WIZARD\ASOCULUSCHECK.EXE [2016-03-01] (ASUSTeK COMPUTER INC.)
Task: {3460E8CD-20E9-43A4-A7C6-CCD63FA30440} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {44246604-2AB2-4C62-A479-F4378B68C683} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [2015-11-30] ()
Task: {54BE101E-6C08-4D15-9F42-581CE7CF6E61} - System32\Tasks\ASUS\AEGIS_II Lighting CD_Rom Execute => C:\Program Files (x86)\ASUS\AEGIS II\Lighting\CheckCD_RomLighting.exe [2015-09-24] ()
Task: {6B08E212-2D20-4F63-9D62-D12877E02A82} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2014-03-19] (ASUSTeK Computer Inc.)
Task: {6CAB5548-69C1-4334-8A23-803A1234FE6F} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2016-07-15] ()
Task: {743D16EB-F3A0-4AC3-BE93-1D9FC1705DA6} - System32\Tasks\ASUS\AEGIS II Matrix => C:\Program Files (x86)\ASUS\AEGIS II\LaunchAtStartupHelper.exe [2015-03-13] ()
Task: {7D2DD800-8017-440A-A0C0-B2B100A2921B} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2016-07-15] ()
Task: {886FF21B-CC5A-4C8D-A0D0-9DDC74846B56} - System32\Tasks\ASUS\AEGIS_II Lighting AudioDetect Execute => C:\Program Files (x86)\ASUS\AEGIS II\Lighting\AudioDetect.exe [2015-08-11] ()
Task: {8B9AF170-7ECC-4CAC-9C5A-CB24A9BBE8FF} - System32\Tasks\ASUS\AEGIS II SysInfo Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_SysMode.exe [2015-04-22] (ASUSTeK Computer Inc.)
Task: {9CEE68ED-04C8-4A8B-BA29-6CD6A66B4893} - System32\Tasks\ASUS\AEGIS II - Boost Launcher => C:\Program Files (x86)\ASUS\AEGIS II\Boost Launcher\BLMonitor.exe [2015-04-20] ()
Task: {A55F1505-34B4-4F2C-BE01-4DD24CA7DEFC} - System32\Tasks\ASUS\AEGIS II Alert Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AlertService.exe [2015-02-12] (ASUSTeK Computer Inc.)
Task: {BA7CA5FE-D2D8-4E7F-9BF9-0232A5F9B4A0} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2015-02-02] ()
Task: {C4FF6099-B11B-44C3-AA26-505D6EB896BF} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: {D8D6D13E-77BE-4CD6-847D-4702B46FBCA3} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {D9381437-6969-4980-A387-7577DF0B9E42} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {ECE215FD-6E46-40E1-A30E-7115D976CA28} - System32\Tasks\ASUS\AEGIS II System Level Up Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AsSysLevelUpSrc.exe [2015-02-12] (ASUSTeK Computer Inc.)
Task: {F7D34C1C-01D9-4926-B6A9-00745D9FD45D} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {F9FFEA1C-F81F-4201-8459-243C4178F9D8} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe [2015-07-07] (ASUSTeK)
Task: {FAD02530-D87F-4153-B436-147D74696532} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {FF3D5825-9974-4855-B0BA-D16E610357BE} - System32\Tasks\ASUS\AEGIS II Toast Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AsToastHelper.exe [2015-02-12] (ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\ProgramData\cis681E.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DriverMax Notification.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\McAfeeLogon.job => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2010-07-14 20:44 - 2010-07-14 20:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-09-29 21:16 - 2014-08-27 14:48 - 000907776 _____ () C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandler.dll
2016-06-01 05:41 - 2015-04-20 17:06 - 000860160 _____ () C:\Windows\BoostLauncherMenu\x64\ContextMenuHandler.dll
2017-03-18 12:58 - 2017-03-18 12:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 12:59 - 2017-03-18 18:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-02 10:33 - 2017-08-02 10:33 - 000014576 _____ () C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dvvqihha.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\sss64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
river"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\402E7A16.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Sound, Video and Game Controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21560227.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\402E7A16.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-29 23:24 - 2017-08-18 14:04 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-152517617-1602392019-748697119-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\Pictures\Wallpapers & Images\Large Photos & Wallpaper\Makena Cove_Maui, HI.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: USODiskOptimizer => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "LogiOptions"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "StereoLinksInstall"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKU\S-1-5-21-152517617-1602392019-748697119-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-152517617-1602392019-748697119-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6C58AD39-6523-43CE-BC83-FC45743E9497}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7F93AC36-F4C0-40C7-A661-90DE1C235E18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B066A2A0-D80D-44D5-8940-701F4F39071B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D689FB5E-4CB8-428E-886B-929853229E93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{71539D78-CBB0-41B7-80FA-FF77B66B3E40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{49F82B16-E081-4952-B1A5-3006409BC5AE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{87D0D4EB-2201-4AD1-9F0D-A80E2C736282}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AA203F70-3DCC-4115-9D87-F29EB8838AA3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4A64472A-1823-4083-856E-B050325CE72D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{19DF0BB3-5279-424A-AD7C-E4C18715CD7C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3586D135-8F0E-4530-BF1A-D42BAC1BEE03}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE
FirewallRules: [{00BE55C0-FBF8-44D9-9126-6684CA2CB69C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EF537B44-2BBA-4AC1-9F20-07F230E7C6A1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2017 08:13:36 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Error: (08/19/2017 08:13:34 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (08/19/2017 08:13:27 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Error: (08/19/2017 04:13:35 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Error: (08/18/2017 02:43:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AEGIS_II_SysMode.exe, version: 2.0.0.6, time stamp: 0x552fb8bc
Faulting module name: KERNELBASE.dll, version: 10.0.15063.502, time stamp: 0xc3955624
Exception code: 0x0eedfade
Fault offset: 0x000eb802
Faulting process id: 0x1858
Faulting application start time: 0x01d31873592edcf2
Faulting application path: C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_SysMode.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 680c6b4c-1414-4915-b8a9-c39c235129d6
Faulting package full name:
Faulting package-relative application ID:

Error: (08/18/2017 02:43:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AEGIS_II_AsSysLevelUpSrc.exe, version: 2.2.0.6, time stamp: 0x54dc3ed9
Faulting module name: KERNELBASE.dll, version: 10.0.15063.502, time stamp: 0xc3955624
Exception code: 0x0eedfade
Fault offset: 0x000eb802
Faulting process id: 0x1894
Faulting application start time: 0x01d3187359300e1c
Faulting application path: C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AsSysLevelUpSrc.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: cba7aaee-f24e-4c00-9f06-dc9735f3b1fd
Faulting package full name:
Faulting package-relative application ID:

Error: (08/18/2017 02:42:55 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Error: (08/18/2017 02:42:55 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (08/18/2017 02:42:48 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Error: (08/18/2017 02:37:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AEGIS_II_SysMode.exe, version: 2.0.0.6, time stamp: 0x552fb8bc
Faulting module name: KERNELBASE.dll, version: 10.0.15063.502, time stamp: 0xc3955624
Exception code: 0x0eedfade
Fault offset: 0x000eb802
Faulting process id: 0x1904
Faulting application start time: 0x01d31872945e29f6
Faulting application path: C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_SysMode.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: cfc191b8-3154-48b3-bd9e-ffbe5e9ed59b
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (08/20/2017 06:41:06 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/20/2017 06:41:00 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/20/2017 06:40:34 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/20/2017 06:40:34 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/20/2017 06:40:30 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/20/2017 06:40:30 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/20/2017 06:40:30 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/20/2017 06:39:18 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/20/2017 06:39:07 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/20/2017 06:39:07 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TT96U0C)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


CodeIntegrity:
===================================
  Date: 2017-08-06 05:57:33.896
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-06 05:57:29.697
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-06 05:57:27.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-06 05:55:30.973
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-06 05:55:30.962
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-06 05:55:30.956
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-06 05:54:24.049
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 10%
Total physical RAM: 16313.24 MB
Available physical RAM: 14600.64 MB
Total Virtual: 18745.24 MB
Available Virtual: 17239.46 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.91 GB) (Free:535.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 27B0BCE0)

Partition: GPT.

==================== End of Addition.txt ============================



#5 SquidBoy02

SquidBoy02
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bay Area - San Francisco, CA
  • Local time:10:43 AM

Posted 20 August 2017 - 10:26 AM

Hi, nasdaq...

 

 

I also took a look at the list of Apps I have under Windows 10 Home...and at the very end is a program named Unavailable, which *won't allow* me to Modify or Uninstall...e.g., the buttons are "de-toggled." 

 

 

The date of the program - 7/13/2017 - is approximately the date that I began to have problems after the MS Update.

 

 

Just FYI...

 

 

-- S.B.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 20 August 2017 - 01:14 PM


Hi,

This look likes the solution to your problem.

Follow the instructions on this page.
https://www.windowscentral.com/windows-10-creators-update-common-problems-and-fixes#fix_creators_update_windows_update_install_errors

If at any time you need advice before proceeding please ask.

#7 SquidBoy02

SquidBoy02
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bay Area - San Francisco, CA
  • Local time:10:43 AM

Posted 20 August 2017 - 02:20 PM

Hi,

 

I'm trying everything you listed...and so far nothing is working.

 

 

As mentioned before, any attempt to alter the Master Boot Record results in a crash of the system.  Opening Update & Security - It starts to open, and then closes suddenly.  Everything else is shutting down, too, when I attempt to open it.

 

 

I'll keep going and update on Monday. 

 

 

I'm almost 100% Certain that the UEFI or BIOS portion of the MotherBoard is corrupted...and my next attempt to fix will involve: Power Down & Remove Power Cord - Discharge Remaining Power with multiple presses of the Power On Button - Remove the CMOS Battery and press Power On Button multiple times...wait for 15 minutes...Replace CMOS Battery & Power Cord and attempt to flash BIOS using a flash ulility on a flash drive when I enter BIOS on Boot.

 

 

If flashing the BIOS doesn't work, then I'm not sure what I'll do.

 

 

Thanks,

 

 

--S.B.



#8 SquidBoy02

SquidBoy02
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bay Area - San Francisco, CA
  • Local time:10:43 AM

Posted 21 August 2017 - 06:34 PM

Update...

 

 

As of today, Monday, nothing has worked to solve my problem...even though I've applied everything listed in the last link to Solutions.

 

 

Are there any persons who have specific knowledge regarding: Hidden Master Boot Record Hi-Jacks / BIOS Bootkits / Rootkits that occur in Windows 10?

 

 

In my case, this infection occurred at the same time as an update to Creator's Update, v.1703...and it appears to be a Bootkit / Rootkit / UEFI / Firmware Infection.  Every attempt to shut it down, or use a detection toon (aswmrb, MBER, etc.) results in a Windows Stop Code and crash of my system.

 

 

Any help is welcome, as this is just prior to Thermonuclear War on the System - CMOS clear via Battery Removal, BIOS Flash, and ultimately...new Mother-Board.

 

 

All suggestions welcome...

 

 

-- S.B.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 22 August 2017 - 07:43 AM



Hi,

Yes apparently the last Windows 10 Update failed on your computer.

I found this article.
How to Upgrade to Windows 10 Creators Update version 1703 using ISO File from Versions 1507, 1511 and 1607
https://www.bleepingcomputer.com/forums/t/654100/windows-10-update-1703-failed-and-in-a-loop/



I also found in this topic, in the Windows 10 Forum.
https://www.bleepingcomputer.com/forums/t/654100/windows-10-update-1703-failed-and-in-a-loop/

Follow the instructions submitted by zainmax

If at any time you need advice before proceding please call.

#10 SquidBoy02

SquidBoy02
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bay Area - San Francisco, CA
  • Local time:10:43 AM

Posted 22 August 2017 - 10:12 AM

Thank You...Malware Response Team.

 

 

I'll give these a try, and then get back to you with the results. 

 

 

I'm a bit skeptical that this will work, though, because my system says that I currently am running v.1703, Creator's Update, but I Can't Boot Normally...it just "Hangs"...Boots Only in Trouble-Shooting to Safe Mode w/ Networking...and every tool I've used to detect Rootkits / Bootkits in the Master Boot Record has crashed the system - GMER, Avast aswmbr - creating a Windows Stop Code, suggesting, to me at least, that I've got a different "Gremlin" or "Ghost in the Machine" that is subverting my efforts.

 

 

Crossing my fingers...and I'll give it another try.

 

 

Thanks for the persistence!

 

 

-- S.B.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 22 August 2017 - 01:05 PM

Hi,

You can check with the Windows 10 Experts in this forum.

https://www.bleepingcomputer.com/forums/f/229/windows-10-support/

#12 SquidBoy02

SquidBoy02
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bay Area - San Francisco, CA
  • Local time:10:43 AM

Posted 24 August 2017 - 09:53 AM

Hi, Nasdaq...

 

 

I've been going through the problem fixes listed in the previous links, and so far I still don't have a solution to the No Boot.  I'm still working at it, and I'll post what I find.

 

 

Currently, I'm working through the HD Boot Sector at the moment using the link you provided for the Windows 10 Experts.  Specifically I'm doing a sfc /scannow via Windows Power Shell (Admin) on the C: drive and it's going through its paces.

 

 

https://www.bleepingcomputer.com/forums/t/653994/windows-wont-boot/

 

 

I'll check in again in a day or so.

 

 

Thx, - S.B.



#13 SquidBoy02

SquidBoy02
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bay Area - San Francisco, CA
  • Local time:10:43 AM

Posted 27 August 2017 - 11:58 AM

Okay...Status Update:

 

 

I've about given up on repairing this system.  I've persisted in my efforts, and nothing has worked so far, and every indication is that I have a Rootkit / Bootkit infection. 

 

 

Every attempt to repair the MBR and boot normally has either crashed the repair, or the startup runs into an infinite loop with the Microsoft Beads circling for hours.  Every Rootkit Remover Program crashes part way through in the process of detection...I'm guessing it's thwarted by the Rootkit itself...and the GMER Rootkit program crashes, but it did yield the following log the last time I ran it.

 

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-08-25 12:26:11
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000035 TOSHIBA_DT01ACA100 rev.MS2OA7L0 931.51GB
Running: iexplore.exe.exe; Driver: C:\Users\Chris\AppData\Local\Temp\fwxdipob.sys


---- Disk sectors - GMER 2.2 ----

Disk    \Device\Harddisk0\DR0                        unknown MBR code

---- Threads - GMER 2.2 ----

Thread  C:\WINDOWS\system32\csrss.exe [652:680]      ffff91df41dd9ac0
Thread  c:\windows\system32\svchost.exe [1112:1188]  00007ffaa0e376d0
Thread  c:\windows\system32\svchost.exe [1112:1204]  00007ffa9c9c14a0
Thread  c:\windows\system32\svchost.exe [1212:1304]  00007ffaa0e376d0
Thread  c:\windows\system32\svchost.exe [1328:1472]  00007ffa9c1943c0
Thread  c:\windows\system32\svchost.exe [1424:1544]  00007ffa9bc96790
Thread  C:\WINDOWS\system32\svchost.exe [1588:1612]  00007ffaa2f6ae60
Thread  C:\WINDOWS\system32\svchost.exe [1588:1624]  00007ffa9ab82690
Thread  C:\WINDOWS\system32\ctfmon.exe [3932:936]    00007ffa926a3f50
Thread  C:\WINDOWS\system32\ctfmon.exe [3932:1004]   00007ffaa34076c0
Thread  C:\WINDOWS\system32\ctfmon.exe [3932:944]    00007ffa9235eaa0
Thread  C:\WINDOWS\system32\ctfmon.exe [3932:800]    00007ffa922dba00
Thread  C:\WINDOWS\system32\ctfmon.exe [3932:4024]   00007ffa922dba00
Thread  C:\WINDOWS\system32\ctfmon.exe [3932:3308]   00007ffa922dba00
Thread  C:\WINDOWS\system32\ctfmon.exe [3932:3344]   00007ffa922dba00
Thread  C:\WINDOWS\system32\ctfmon.exe [3932:1384]   00007ffa922dba00

---- EOF - GMER 2.2 ----
 

 

The Microsoft Level 2 Techs can't figure it out as the Rootkit / Bootkit is thwarting the usual fixes, even the self-repair in Windows 10, and their latest plan is to format the HDD and try again.  Not REALLY a big help, there.  I installed a brand new HDD and every effort to install was unsuccessful...so I don't think it's only on the HDD, but possibly in the BIOS itself??  Does that make sense?

 

 

Meanwhile, I'm transferring my last set of files to an external HDD and pondering the "Nuclear Option:" - preparing to pull the CMOS Battery on the Motherboard, Flash the BIOS, do a Deep Format of the HDD using DBAN (Darik's Boot & Nuke) and begin again after purging the Motherboard of all energy in capacitors, etc.

 

Although this time, when I reinstall, I might very well just stick with a LINUX Mint 18.2 install, and say farewell to Windows forever.  I'm going to be saving images of the HDD weekly from here on, in order to restore if this happens again.

 

 

Questions:

  • If this doesn't work, is it reasonable to consider a new Motherboard with better features?  I believe it's a mini-ITX board in limited space, so my options might be limited.
  • Also, is this CPU embedded on the Mobo...or can I transfer it to a different board?
  • Is there a program available which will protect me from this type of infection in the future?
  • And finally, is there a brand of Motherboard which facilitates more ready repairs to the system (better BIOS control, etc.) - e.g. Gigabyte, others?

 

Thoughts or Suggestions on my current plans are very welcome.

 

-- S.B.

 

 

ASUS G11CD Desktop Computer

 

Operating System
    Windows 10 Home 64-bit
CPU
    Intel Core i7 @ 3.40GHz
    Skylake 14nm Technology
RAM
    16.0GB
Motherboard
    ASUSTeK COMPUTER INC. G11CD (LGA1151)
    %1 Chipset
Graphics
    This service cannot be started in Safe Mode
Storage
    931GB TOSHIBA DT01ACA100 (SATA)    35 °C
Optical Drives
    ASUS DVD RAM GHD1N
Audio
    Realtek High Definition Audio



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 PM

Posted 28 August 2017 - 07:52 AM



Hi,

First submit the file in Bold to Virus total.
https://www.virustotal.com/#/home/upload

C:\WINDOWS\system32\csrss.exe

If found to be infected let me know and will take it from there.

In the event that it's clean continue.


The Microsoft Level 2 Techs can't figure it out as the Rootkit / Bootkit is thwarting the usual fixes, even the self-repair in Windows 10, and their latest plan is to format the HDD and try again


We have a Wndows 10 Forum but not sure if someone there can help you with your problems.
You can read the various topics or Start a new one for your situation.
https://www.bleepingcomputer.com/forums/f/229/windows-10-support/

Questions:
If this doesn't work, is it reasonable to consider a new Motherboard with better features? I believe it's a mini-ITX board in limited space, so my options might be limited.
Also, is this CPU embedded on the Mobo...or can I transfer it to a different board?
Is there a program available which will protect me from this type of infection in the future?
And finally, is there a brand of Motherboard which facilitates more ready repairs to the system (better BIOS control, etc.) - e.g. Gigabyte, others?


Hardware is not my forte so best you check with the experts in the Windows 10.


Is there a program available which will protect me from this type of infection in the future?

Only if we knew what we are dealing with.

I will keep this topic open for 6 days. If you need to return please do.

#15 SquidBoy02

SquidBoy02
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bay Area - San Francisco, CA
  • Local time:10:43 AM

Posted 28 August 2017 - 09:15 AM

Hi, Nasdaq...

 

 

Not sure if I understand what to do...

 

 

I searched my system, and I DO have that program...but not csrss.exe...it's csrss as an Application.

 

 

** I clicked on the Upload and Scan File button, and navigated to csrss to submit it...and it came back as (0/65) - No Engines Detected This File.  BUT...I am running in Safe Mode, and it wasn't the *.exe file.

 

 

Back to you...

 

 

-- S.B.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users