Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser image, video searches by itself


  • This topic is locked This topic is locked
77 replies to this topic

#1 NickS111

NickS111

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 16 August 2017 - 09:59 AM

The issue began around 8 months ago if not longer. To primary devices used in home are HP desktop and Dell laptop both where running Win8.1, both updated via MS update to Win10. Both were bough new at Costco. Both came with McAfee. Both switched to Malwarebytes.

And we have other devices (Kindles for kids, playstation, wii, Blu-ray, smart phones) that access wifi home router.

 

Somehow, we picked update some kind of Trojan, Malware, not sure what it is that will open the browser and the search engine will search for images of butts, naked pics followed by more porn. Sometimes its video searches. This usually only affects the desktop and laptop. This is obviously very distressing to my family. We have never seen anything like this.

 

To date, we have tried the following;

 

- replaced Router and Modem

- set DNS to OpenDNS family settings. Good at stopping unwanted domains but not good at stopping image searches.

- replaced anti-virus software; to Malwarebytes. Unfortunately, MB always comes back with no threats report.

- Reloaded Win10, issue still occurred.

- Browsers; changed from IE to Firefox, Chrome, same issues occurred. Changed search engines to Google, Duckduckgo and Bing. Google doesn't block image searches very well as they are imbedded in html. Bing is better, but the program initiating the search turns off the Strict filter.

- other scans; tried Spybot and other adware type programs hoping to find something. all come back clean.

Attached Files


Edited by britechguy, 16 August 2017 - 10:09 AM.
Deleted duplicate topics and corrected typo in title


BC AdBot (Login to Remove)

 


#2 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 16 August 2017 - 10:06 AM

I was having a problem posting to the forum. It kept timing out.

 

Here are the actual scans:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2017 01
Ran by Nick (15-08-2017 20:47:23)
Running from C:\Users\Nick\Desktop
Windows 10 Home Version 1607 (X64) (2017-07-29 23:57:15)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-73530200-423008673-1402658419-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-73530200-423008673-1402658419-503 - Limited - Disabled)
Guest (S-1-5-21-73530200-423008673-1402658419-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-73530200-423008673-1402658419-1003 - Limited - Enabled)
Nick (S-1-5-21-73530200-423008673-1402658419-1001 - Administrator - Enabled) => C:\Users\Nick

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{F68DF314-BD12-4549-941C-521CB8D16DDE}) (Version: 40.11.1122.1796 - HP Inc.)
HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
KB4023057 (HKLM\...\{27C6D60B-CAD4-4C70-A1F2-299C731EA8F7}) (Version: 2.0.0.0 - Microsoft Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-73530200-423008673-1402658419-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-25] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2F0B6BD4-71A6-4C7F-B464-D620AF9D9A0C} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe [2017-07-12] (Microsoft Corporation)
Task: {32640525-5668-4830-959A-BB27EB453DD0} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe [2017-07-12] (Microsoft Corporation)
Task: {91F34992-A15B-4809-9A53-935AB6E6907A} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {B868CAA4-437B-4B4D-9999-A091DF7ADB87} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-07-29 17:23 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-07-16 04:42 - 2016-07-16 04:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-08-07 16:28 - 2017-06-21 00:48 - 002681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-15 10:36 - 2016-09-06 21:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-24 16:41 - 2017-03-03 23:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-24 16:42 - 2017-03-03 23:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-24 16:42 - 2017-03-03 23:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-24 16:42 - 2017-03-03 23:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-08-12 13:01 - 2017-03-03 23:05 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-08-12 13:01 - 2017-08-01 11:26 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-08-12 13:01 - 2017-08-01 11:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2010-06-16 14:42 - 2010-06-16 14:42 - 000839680 _____ () C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
2017-07-29 17:55 - 2017-07-29 17:56 - 013207232 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41275.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-07-29 17:55 - 2017-07-29 17:56 - 001199816 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41275.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-08-11 18:58 - 2017-08-11 18:58 - 000019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-08-11 18:58 - 2017-08-11 18:58 - 028986880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-08-11 18:58 - 2017-08-11 18:58 - 000428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-08-11 18:58 - 2017-08-11 18:58 - 020510208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-08-11 18:58 - 2017-08-11 18:58 - 002339328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-08-11 18:58 - 2017-08-11 18:58 - 003041792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-07-29 17:11 - 2017-07-29 17:51 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-29 18:09 - 2017-07-29 18:10 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-08-11 18:58 - 2017-08-11 18:58 - 001361920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-08-11 18:58 - 2017-08-11 18:58 - 000024576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Lumia.ViewerPluginProxy.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-07-29 17:27 - 2017-07-29 17:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-73530200-423008673-1402658419-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 208.67.222.123 - 208.67.220.123
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKU\S-1-5-21-73530200-423008673-1402658419-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{AE605D48-FE2E-4164-BAA0-24B4DC309783}C:\program files\hp\hp officejet 4650 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet 4650 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{DF306C33-56A9-4E02-A26A-C0BEC81B8704}C:\program files\hp\hp officejet 4650 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet 4650 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{AF713142-6903-4289-9DB5-20F5BA60EDDD}C:\program files\hp\hp officejet 4650 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet 4650 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{89DA7E3F-F8D6-4680-B462-D2EF123FA02B}C:\program files\hp\hp officejet 4650 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet 4650 series\bin\hpnetworkcommunicatorcom.exe

==================== Restore Points =========================

12-08-2017 12:43:15 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2017 08:24:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Shermans)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/15/2017 07:46:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Shermans)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/15/2017 07:43:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.15156.1008, time stamp: 0x0413a786
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1532, time stamp: 0x5965ac8c
Exception code: 0xc06d007e
Fault offset: 0x0000000000033c58
Faulting process id: 0xcc0
Faulting application start time: 0x01d316396adbea33
Faulting application path: C:\WINDOWS\system32\CompatTelRunner.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: ddd2cba4-efb7-407c-a7fc-6f2787f72b85
Faulting package full name:
Faulting package-relative application ID:

Error: (08/15/2017 07:42:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Shermans)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/12/2017 07:33:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Shermans)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/12/2017 05:25:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Shermans)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/12/2017 04:46:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Shermans)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/12/2017 04:34:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Shermans)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/12/2017 04:34:03 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected

Error: (08/12/2017 12:53:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Shermans)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (08/15/2017 08:06:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/15/2017 08:06:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/15/2017 08:06:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/15/2017 08:01:37 PM) (Source: DCOM) (EventID: 10010) (User: Shermans)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.

Error: (08/15/2017 08:01:37 PM) (Source: DCOM) (EventID: 10010) (User: Shermans)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (08/15/2017 08:01:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/15/2017 08:01:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/15/2017 08:01:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/15/2017 08:01:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/15/2017 07:46:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================
  Date: 2017-07-29 19:59:23.799
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-29 19:59:23.798
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-29 19:59:22.597
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-29 19:59:22.596
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-29 19:53:55.488
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-29 19:53:55.486
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-29 19:53:55.449
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-29 19:53:55.447
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-29 19:53:55.003
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-29 19:53:55.001
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 23%
Total physical RAM: 12191.91 MB
Available physical RAM: 9297.61 MB
Total Virtual: 14047.91 MB
Available Virtual: 11130.4 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:911.13 GB) (Free:835.5 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:18.47 GB) (Free:2.33 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 70C2138E)

Partition: GPT.

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2017 01
Ran by Nick (administrator) on SHERMANS (15-08-2017 20:46:36)
Running from C:\Users\Nick\Desktop
Loaded Profiles: Nick (Available Profiles: Nick)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41275.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41275.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\Nick\Desktop\FRST64(1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-03-29] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKU\S-1-5-21-73530200-423008673-1402658419-1001\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-73530200-423008673-1402658419-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-73530200-423008673-1402658419-1001\...\Run: [HP OfficeJet 4650 series (NET)] => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (HP Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.67.222.123 208.67.220.123
Tcpip\..\Interfaces\{cb9f3851-477f-4f65-9c5c-244368f08eb0}: [NameServer] 208.67.222.123,208.67.220.123
Tcpip\..\Interfaces\{cb9f3851-477f-4f65-9c5c-244368f08eb0}: [DhcpNameServer] 208.67.222.123 208.67.220.123

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: tllv13jw.default
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tllv13jw.default [2017-08-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-01-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-03-29] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-01] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-12] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-08-12] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [125952 2014-08-13] (Intel Corporation)
R1 MpKsl54998a98; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63E12720-1D66-44AE-95BF-B4F216B76A43}\MpKsl54998a98.sys [44928 2017-08-15] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2016-07-16] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek )
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-15 20:46 - 2017-08-15 20:47 - 000006990 _____ C:\Users\Nick\Desktop\FRST.txt
2017-08-15 20:38 - 2017-08-15 20:45 - 002395648 _____ (Farbar) C:\Users\Nick\Desktop\FRST64(1).exe
2017-08-15 20:15 - 2017-08-15 20:15 - 011447439 _____ C:\Users\Nick\Desktop\blk_list_ssohomk3_2933F2C1BC80.csv
2017-08-15 20:14 - 2017-08-15 20:14 - 000217312 _____ C:\Users\Nick\Desktop\20170816_ssohomk3_2933F2C1BC80_diag.report
2017-08-15 20:08 - 2017-08-15 20:08 - 000001694 _____ C:\Users\Nick\Desktop\laptop search 8-15-17.txt
2017-08-15 19:45 - 2017-08-15 19:45 - 000000000 ___HD C:\$WINDOWS.~BT
2017-08-12 13:03 - 2017-08-01 09:47 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-08-12 13:03 - 2017-08-01 09:39 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-12 13:03 - 2017-08-01 09:36 - 007468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-08-12 13:03 - 2017-08-01 09:32 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-08-12 13:02 - 2017-08-01 10:20 - 002264344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-12 13:02 - 2017-08-01 10:20 - 001431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-08-12 13:02 - 2017-08-01 10:20 - 000781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-12 13:02 - 2017-08-01 10:20 - 000116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-08-12 13:02 - 2017-08-01 10:19 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-08-12 13:02 - 2017-08-01 10:19 - 000577976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-12 13:02 - 2017-08-01 10:19 - 000339896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-12 13:02 - 2017-08-01 10:19 - 000266080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-12 13:02 - 2017-08-01 10:19 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-12 13:02 - 2017-08-01 10:18 - 000139104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-12 13:02 - 2017-08-01 10:16 - 006665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-12 13:02 - 2017-08-01 10:16 - 004023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-08-12 13:02 - 2017-08-01 10:16 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-12 13:02 - 2017-08-01 10:15 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-12 13:02 - 2017-08-01 10:15 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-08-12 13:02 - 2017-08-01 10:15 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-08-12 13:02 - 2017-08-01 10:15 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-08-12 13:02 - 2017-08-01 10:10 - 000306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-08-12 13:02 - 2017-08-01 10:07 - 005686784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-12 13:02 - 2017-08-01 09:59 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-12 13:02 - 2017-08-01 09:58 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-08-12 13:02 - 2017-08-01 09:56 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-08-12 13:02 - 2017-08-01 09:56 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-08-12 13:02 - 2017-08-01 09:55 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-12 13:02 - 2017-08-01 09:54 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-08-12 13:02 - 2017-08-01 09:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-08-12 13:02 - 2017-08-01 09:54 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-12 13:02 - 2017-08-01 09:53 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-08-12 13:02 - 2017-08-01 09:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2017-08-12 13:02 - 2017-08-01 09:52 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-08-12 13:02 - 2017-08-01 09:51 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-08-12 13:02 - 2017-08-01 09:51 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-08-12 13:02 - 2017-08-01 09:51 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-08-12 13:02 - 2017-08-01 09:51 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-12 13:02 - 2017-08-01 09:51 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-12 13:02 - 2017-08-01 09:51 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-12 13:02 - 2017-08-01 09:50 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-08-12 13:02 - 2017-08-01 09:50 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-08-12 13:02 - 2017-08-01 09:50 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-08-12 13:02 - 2017-08-01 09:50 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-08-12 13:02 - 2017-08-01 09:49 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-12 13:02 - 2017-08-01 09:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-08-12 13:02 - 2017-08-01 09:48 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-12 13:02 - 2017-08-01 09:47 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-08-12 13:02 - 2017-08-01 09:47 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-12 13:02 - 2017-08-01 09:47 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-08-12 13:02 - 2017-08-01 09:47 - 000396288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-12 13:02 - 2017-08-01 09:47 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-08-12 13:02 - 2017-08-01 09:45 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-08-12 13:02 - 2017-08-01 09:45 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certmgr.dll
2017-08-12 13:02 - 2017-08-01 09:42 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-12 13:02 - 2017-08-01 09:41 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-08-12 13:02 - 2017-08-01 09:40 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-12 13:02 - 2017-08-01 09:40 - 012187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-12 13:02 - 2017-08-01 09:39 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-12 13:02 - 2017-08-01 09:38 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-08-12 13:02 - 2017-08-01 09:37 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-08-12 13:02 - 2017-08-01 09:37 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-08-12 13:02 - 2017-08-01 09:37 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-12 13:02 - 2017-08-01 09:37 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll
2017-08-12 13:02 - 2017-08-01 09:37 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-08-12 13:02 - 2017-08-01 09:35 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-08-12 13:02 - 2017-08-01 09:34 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-08-12 13:02 - 2017-08-01 09:34 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-12 13:02 - 2017-08-01 09:34 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-08-12 13:02 - 2017-08-01 09:33 - 006031872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-12 13:02 - 2017-08-01 09:33 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-08-12 13:02 - 2017-08-01 09:32 - 002648576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-08-12 13:02 - 2017-08-01 09:31 - 003664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-12 13:02 - 2017-08-01 09:31 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-12 13:02 - 2017-08-01 09:31 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-08-12 13:02 - 2017-08-01 09:31 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-12 13:02 - 2017-08-01 09:31 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-08-12 13:02 - 2017-08-01 09:31 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-08-12 13:02 - 2017-08-01 09:31 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-08-12 13:02 - 2017-08-01 09:30 - 002997248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-12 13:02 - 2017-08-01 09:30 - 002482688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-12 13:02 - 2017-08-01 09:30 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-08-12 13:02 - 2017-08-01 09:30 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-12 13:02 - 2017-08-01 09:30 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-08-12 13:02 - 2017-08-01 09:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-08-12 13:02 - 2017-08-01 09:30 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-08-12 13:02 - 2017-08-01 09:29 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-08-12 13:02 - 2017-08-01 09:28 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-08-12 13:02 - 2017-08-01 07:15 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-12 13:02 - 2017-08-01 07:15 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-12 13:02 - 2017-08-01 07:15 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-12 13:02 - 2017-08-01 07:15 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-12 13:02 - 2017-08-01 07:15 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-12 13:02 - 2017-08-01 07:15 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-12 13:02 - 2017-08-01 07:15 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-12 13:02 - 2017-08-01 07:15 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-12 13:02 - 2017-08-01 07:15 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-12 13:02 - 2017-08-01 07:15 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-12 13:02 - 2017-08-01 07:15 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-12 13:02 - 2017-08-01 07:15 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-12 13:02 - 2017-08-01 07:15 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-12 13:02 - 2017-08-01 07:15 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-12 13:02 - 2017-08-01 07:15 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-12 13:02 - 2017-07-11 23:15 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-08-12 13:02 - 2017-07-11 23:12 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-12 13:02 - 2017-07-11 23:12 - 001573280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-08-12 13:02 - 2017-07-11 22:55 - 000607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-08-12 13:02 - 2017-07-11 22:55 - 000111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-08-12 13:02 - 2017-07-11 22:52 - 004312760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-08-12 13:02 - 2017-07-11 22:35 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll
2017-08-12 13:02 - 2017-07-11 22:32 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2017-08-12 13:02 - 2017-07-11 22:32 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\frprov.dll
2017-08-12 13:02 - 2017-07-11 22:31 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-12 13:02 - 2017-07-11 22:31 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2017-08-12 13:02 - 2017-07-11 22:30 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2017-08-12 13:02 - 2017-07-11 22:29 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-08-12 13:02 - 2017-07-11 22:29 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll
2017-08-12 13:02 - 2017-07-11 22:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-08-12 13:02 - 2017-07-11 22:23 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-12 13:02 - 2017-07-11 22:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-08-12 13:02 - 2017-07-11 22:21 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-12 13:02 - 2017-07-11 22:19 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-08-12 13:02 - 2017-07-11 22:18 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-08-12 13:02 - 2017-07-11 22:15 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-12 13:02 - 2017-07-11 22:15 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll
2017-08-12 13:02 - 2017-07-11 22:14 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-12 13:02 - 2017-07-11 22:13 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-12 13:02 - 2017-07-11 22:12 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-08-12 13:02 - 2017-07-11 22:11 - 002154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-08-12 13:02 - 2017-07-11 22:10 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-12 13:02 - 2017-07-11 22:10 - 000546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-08-12 13:02 - 2017-07-11 22:09 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-08-12 13:02 - 2017-07-11 22:07 - 001572352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-08-12 13:02 - 2017-07-11 22:05 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-12 13:02 - 2017-03-03 23:05 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-08-12 13:01 - 2017-08-01 12:32 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-08-12 13:01 - 2017-08-01 12:31 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-12 13:01 - 2017-08-01 12:29 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-12 13:01 - 2017-08-01 12:27 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-12 13:01 - 2017-08-01 12:25 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-08-12 13:01 - 2017-08-01 12:22 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-08-12 13:01 - 2017-08-01 12:22 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-08-12 13:01 - 2017-08-01 12:21 - 002759712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-12 13:01 - 2017-08-01 12:21 - 000857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-12 13:01 - 2017-08-01 12:21 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-08-12 13:01 - 2017-08-01 12:21 - 000295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-12 13:01 - 2017-08-01 12:21 - 000146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-08-12 13:01 - 2017-08-01 12:21 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-12 13:01 - 2017-08-01 12:21 - 000026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-08-12 13:01 - 2017-08-01 12:20 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-08-12 13:01 - 2017-08-01 12:20 - 000684344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-12 13:01 - 2017-08-01 12:20 - 000557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-08-12 13:01 - 2017-08-01 12:20 - 000383776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-12 13:01 - 2017-08-01 12:20 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-12 13:01 - 2017-08-01 12:20 - 000079712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-12 13:01 - 2017-08-01 12:18 - 008169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-12 13:01 - 2017-08-01 12:18 - 004260064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-08-12 13:01 - 2017-08-01 12:18 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-12 13:01 - 2017-08-01 12:18 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-08-12 13:01 - 2017-08-01 12:18 - 000092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-08-12 13:01 - 2017-08-01 12:17 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-12 13:01 - 2017-08-01 12:17 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-08-12 13:01 - 2017-08-01 12:17 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-08-12 13:01 - 2017-08-01 12:17 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-08-12 13:01 - 2017-08-01 12:17 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-08-12 13:01 - 2017-08-01 12:13 - 002532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-12 13:01 - 2017-08-01 12:13 - 001102176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-08-12 13:01 - 2017-08-01 12:13 - 000387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-12 13:01 - 2017-08-01 12:01 - 007218176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-12 13:01 - 2017-08-01 11:57 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-08-12 13:01 - 2017-08-01 11:54 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-12 13:01 - 2017-08-01 11:53 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-08-12 13:01 - 2017-08-01 11:52 - 022569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-12 13:01 - 2017-08-01 11:52 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-08-12 13:01 - 2017-08-01 11:52 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-12 13:01 - 2017-08-01 11:51 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-12 13:01 - 2017-08-01 11:50 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-12 13:01 - 2017-08-01 11:48 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-08-12 13:01 - 2017-08-01 11:48 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-08-12 13:01 - 2017-08-01 11:48 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-12 13:01 - 2017-08-01 11:47 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-08-12 13:01 - 2017-08-01 11:47 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-12 13:01 - 2017-08-01 11:47 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-08-12 13:01 - 2017-08-01 11:47 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-08-12 13:01 - 2017-08-01 11:47 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-08-12 13:01 - 2017-08-01 11:47 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-08-12 13:01 - 2017-08-01 11:46 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-08-12 13:01 - 2017-08-01 11:46 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-08-12 13:01 - 2017-08-01 11:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-08-12 13:01 - 2017-08-01 11:46 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-08-12 13:01 - 2017-08-01 11:46 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-12 13:01 - 2017-08-01 11:46 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-08-12 13:01 - 2017-08-01 11:46 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-12 13:01 - 2017-08-01 11:46 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-12 13:01 - 2017-08-01 11:46 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-12 13:01 - 2017-08-01 11:45 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-12 13:01 - 2017-08-01 11:45 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-08-12 13:01 - 2017-08-01 11:45 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-08-12 13:01 - 2017-08-01 11:45 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-08-12 13:01 - 2017-08-01 11:45 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-12 13:01 - 2017-08-01 11:45 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-12 13:01 - 2017-08-01 11:45 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-12 13:01 - 2017-08-01 11:44 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-12 13:01 - 2017-08-01 11:44 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-08-12 13:01 - 2017-08-01 11:43 - 000966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-08-12 13:01 - 2017-08-01 11:43 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-08-12 13:01 - 2017-08-01 11:43 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-08-12 13:01 - 2017-08-01 11:43 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-12 13:01 - 2017-08-01 11:42 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-12 13:01 - 2017-08-01 11:42 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-12 13:01 - 2017-08-01 11:41 - 002222080 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmgr.dll
2017-08-12 13:01 - 2017-08-01 11:40 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-08-12 13:01 - 2017-08-01 11:40 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-12 13:01 - 2017-08-01 11:40 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-12 13:01 - 2017-08-01 11:39 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-12 13:01 - 2017-08-01 11:39 - 001281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-12 13:01 - 2017-08-01 11:39 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-08-12 13:01 - 2017-08-01 11:39 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-12 13:01 - 2017-08-01 11:38 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-08-12 13:01 - 2017-08-01 11:38 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-08-12 13:01 - 2017-08-01 11:37 - 013091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-12 13:01 - 2017-08-01 11:36 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-12 13:01 - 2017-08-01 11:36 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-08-12 13:01 - 2017-08-01 11:35 - 001908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-12 13:01 - 2017-08-01 11:34 - 001837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-12 13:01 - 2017-08-01 11:33 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-12 13:01 - 2017-08-01 11:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2017-08-12 13:01 - 2017-08-01 11:33 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-08-12 13:01 - 2017-08-01 11:32 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-12 13:01 - 2017-08-01 11:32 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-08-12 13:01 - 2017-08-01 11:32 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-12 13:01 - 2017-08-01 11:32 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-08-12 13:01 - 2017-08-01 11:30 - 002916864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-08-12 13:01 - 2017-08-01 11:30 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-08-12 13:01 - 2017-08-01 11:30 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-08-12 13:01 - 2017-08-01 11:30 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-12 13:01 - 2017-08-01 11:29 - 004743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-12 13:01 - 2017-08-01 11:29 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-08-12 13:01 - 2017-08-01 11:29 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-12 13:01 - 2017-08-01 11:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-12 13:01 - 2017-08-01 11:28 - 001490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-08-12 13:01 - 2017-08-01 11:27 - 008076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-08-12 13:01 - 2017-08-01 11:27 - 004149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-08-12 13:01 - 2017-08-01 11:27 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-08-12 13:01 - 2017-08-01 11:27 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-08-12 13:01 - 2017-08-01 11:27 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-12 13:01 - 2017-08-01 11:27 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-08-12 13:01 - 2017-08-01 11:27 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-08-12 13:01 - 2017-08-01 11:27 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-08-12 13:01 - 2017-08-01 11:27 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-08-12 13:01 - 2017-08-01 11:26 - 001513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-12 13:01 - 2017-08-01 11:26 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-08-12 13:01 - 2017-08-01 11:25 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-12 13:01 - 2017-08-01 11:24 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-08-12 13:01 - 2017-08-01 11:24 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-12 13:01 - 2017-08-01 11:24 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-08-12 13:01 - 2017-08-01 11:24 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-08-12 13:01 - 2017-08-01 11:23 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-12 13:01 - 2017-08-01 11:23 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-08-12 13:01 - 2017-07-11 23:17 - 000081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-08-12 13:01 - 2017-07-11 23:16 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-08-12 13:01 - 2017-07-11 23:15 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-12 13:01 - 2017-07-11 23:15 - 000101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2017-08-12 13:01 - 2017-07-11 23:14 - 001886896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-08-12 13:01 - 2017-07-11 23:13 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-12 13:01 - 2017-07-11 23:09 - 001181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-08-12 13:01 - 2017-07-11 23:02 - 002186592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-12 13:01 - 2017-07-11 23:02 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-08-12 13:01 - 2017-07-11 23:01 - 000715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-08-12 13:01 - 2017-07-11 23:01 - 000156000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2017-08-12 13:01 - 2017-07-11 23:00 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-08-12 13:01 - 2017-07-11 23:00 - 000160608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2017-08-12 13:01 - 2017-07-11 23:00 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2017-08-12 13:01 - 2017-07-11 22:59 - 001100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-08-12 13:01 - 2017-07-11 22:59 - 000989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-08-12 13:01 - 2017-07-11 22:59 - 000947040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-08-12 13:01 - 2017-07-11 22:59 - 000857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-08-12 13:01 - 2017-07-11 22:59 - 000148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-08-12 13:01 - 2017-07-11 22:56 - 000277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-12 13:01 - 2017-07-11 22:55 - 004674872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-08-12 13:01 - 2017-07-11 22:25 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2017-08-12 13:01 - 2017-07-11 22:24 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmdisk0101.sys
2017-08-12 13:01 - 2017-07-11 22:24 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2017-08-12 13:01 - 2017-07-11 22:24 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll
2017-08-12 13:01 - 2017-07-11 22:23 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2017-08-12 13:01 - 2017-07-11 22:23 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-08-12 13:01 - 2017-07-11 22:23 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-08-12 13:01 - 2017-07-11 22:23 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-08-12 13:01 - 2017-07-11 22:23 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\frprov.dll
2017-08-12 13:01 - 2017-07-11 22:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2017-08-12 13:01 - 2017-07-11 22:21 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-08-12 13:01 - 2017-07-11 22:21 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2017-08-12 13:01 - 2017-07-11 22:21 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-08-12 13:01 - 2017-07-11 22:21 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2017-08-12 13:01 - 2017-07-11 22:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll
2017-08-12 13:01 - 2017-07-11 22:19 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-08-12 13:01 - 2017-07-11 22:19 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-08-12 13:01 - 2017-07-11 22:19 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-12 13:01 - 2017-07-11 22:17 - 000552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-08-12 13:01 - 2017-07-11 22:17 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-08-12 13:01 - 2017-07-11 22:16 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-08-12 13:01 - 2017-07-11 22:16 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-12 13:01 - 2017-07-11 22:15 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-08-12 13:01 - 2017-07-11 22:13 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-12 13:01 - 2017-07-11 22:12 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-12 13:01 - 2017-07-11 22:12 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-08-12 13:01 - 2017-07-11 22:12 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2017-08-12 13:01 - 2017-07-11 22:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-12 13:01 - 2017-07-11 22:10 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-12 13:01 - 2017-07-11 22:09 - 003291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-08-12 13:01 - 2017-07-11 22:08 - 002861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-08-12 13:01 - 2017-07-11 22:07 - 000954880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-12 13:01 - 2017-07-11 22:07 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-08-12 13:01 - 2017-07-11 22:06 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-12 13:01 - 2017-07-11 22:06 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-08-12 13:01 - 2017-07-11 22:06 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-08-12 13:01 - 2017-07-11 22:03 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-12 13:01 - 2017-07-11 22:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-12 13:01 - 2017-07-11 22:02 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-12 13:01 - 2017-07-11 22:01 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-12 13:01 - 2017-07-11 22:01 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-08-12 13:01 - 2017-07-11 22:00 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-08-12 13:01 - 2017-07-11 21:59 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-08-12 13:01 - 2017-07-11 21:59 - 002318336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-12 13:01 - 2017-07-11 21:59 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-12 13:01 - 2017-07-11 21:58 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-12 13:01 - 2017-07-11 21:58 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-08-12 13:01 - 2017-07-11 21:58 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-12 13:01 - 2017-07-11 21:57 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-12 13:01 - 2017-07-11 21:56 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-08-12 13:01 - 2017-07-11 19:49 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-08-12 13:01 - 2017-03-03 23:57 - 000372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-08-12 13:01 - 2017-03-03 23:16 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-08-12 13:01 - 2017-03-03 23:07 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-08-12 13:01 - 2017-03-03 23:05 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-08-11 19:07 - 2017-08-11 19:07 - 008185288 _____ (Malwarebytes) C:\Users\Nick\Desktop\AdwCleaner(1).exe
2017-08-11 18:56 - 2017-08-11 18:56 - 000002137 _____ C:\Users\Nick\Desktop\laptop image search 8-11-17.txt
2017-08-11 18:55 - 2017-08-11 18:55 - 000000000 ____D C:\Users\Nick\Desktop\it scans
2017-08-07 20:14 - 2017-08-07 20:14 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-08-07 18:38 - 2017-08-15 20:46 - 000000000 ____D C:\FRST
2017-08-07 18:30 - 2017-08-07 18:38 - 002381312 _____ (Farbar) C:\Users\Nick\Downloads\FRST64.exe
2017-08-07 16:29 - 2017-07-07 00:49 - 000340824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-07 16:29 - 2017-07-07 00:13 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-08-07 16:29 - 2017-07-07 00:10 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-08-07 16:29 - 2017-07-07 00:09 - 000637952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-08-07 16:29 - 2017-07-07 00:09 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-08-07 16:29 - 2017-07-07 00:03 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-08-07 16:29 - 2017-07-07 00:02 - 001313280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-08-07 16:29 - 2017-07-06 23:55 - 004423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-07 16:29 - 2017-07-06 23:52 - 004561408 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-07 16:29 - 2017-07-06 23:52 - 001599488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-07 16:29 - 2017-07-06 23:52 - 001413632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-08-07 16:29 - 2017-07-06 23:47 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-08-07 16:29 - 2017-06-21 00:52 - 000088416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2017-08-07 16:29 - 2017-06-21 00:42 - 000601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-08-07 16:29 - 2017-06-21 00:39 - 002048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-07 16:29 - 2017-06-21 00:38 - 000790752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-08-07 16:29 - 2017-06-21 00:36 - 000129888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2017-08-07 16:29 - 2017-06-21 00:30 - 000869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-08-07 16:29 - 2017-06-21 00:30 - 000196960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2017-08-07 16:29 - 2017-06-21 00:29 - 005722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-07 16:29 - 2017-06-21 00:28 - 002277288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-08-07 16:29 - 2017-06-21 00:28 - 001504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-08-07 16:29 - 2017-06-21 00:28 - 000524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-07 16:29 - 2017-06-21 00:28 - 000170960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-08-07 16:29 - 2017-06-21 00:27 - 001122344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-08-07 16:29 - 2017-06-21 00:27 - 000975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-08-07 16:29 - 2017-06-21 00:27 - 000861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-08-07 16:29 - 2017-06-21 00:27 - 000549088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-08-07 16:29 - 2017-06-21 00:25 - 002168288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-08-07 16:29 - 2017-06-21 00:24 - 000846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-08-07 16:29 - 2017-06-21 00:24 - 000154432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntmarta.dll
2017-08-07 16:29 - 2017-06-21 00:22 - 000361104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2017-08-07 16:29 - 2017-06-21 00:21 - 001557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-08-07 16:29 - 2017-06-21 00:21 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-08-07 16:29 - 2017-06-21 00:21 - 000374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2017-08-07 16:29 - 2017-06-21 00:20 - 000962768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-07 16:29 - 2017-06-21 00:20 - 000312472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2017-08-07 16:29 - 2017-06-21 00:04 - 001631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-07 16:29 - 2017-06-21 00:00 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-08-07 16:29 - 2017-06-21 00:00 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uudf.dll
2017-08-07 16:29 - 2017-06-20 23:58 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-08-07 16:29 - 2017-06-20 23:57 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-08-07 16:29 - 2017-06-20 23:57 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-08-07 16:29 - 2017-06-20 23:56 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-08-07 16:29 - 2017-06-20 23:53 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-08-07 16:29 - 2017-06-20 23:53 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-08-07 16:29 - 2017-06-20 23:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-08-07 16:29 - 2017-06-20 23:53 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2017-08-07 16:29 - 2017-06-20 23:53 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-08-07 16:29 - 2017-06-20 23:52 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2017-08-07 16:29 - 2017-06-20 23:51 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-08-07 16:29 - 2017-06-20 23:51 - 000258048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-08-07 16:29 - 2017-06-20 23:50 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-08-07 16:29 - 2017-06-20 23:49 - 000295936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-08-07 16:29 - 2017-06-20 23:48 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-08-07 16:29 - 2017-06-20 23:47 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-07 16:29 - 2017-06-20 23:46 - 001323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-08-07 16:29 - 2017-06-20 23:46 - 001137152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-08-07 16:29 - 2017-06-20 23:46 - 001077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-08-07 16:29 - 2017-06-20 23:46 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-08-07 16:29 - 2017-06-20 23:45 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2017-08-07 16:29 - 2017-06-20 23:45 - 000313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-07 16:29 - 2017-06-20 23:45 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uexfat.dll
2017-08-07 16:29 - 2017-06-20 23:44 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-08-07 16:29 - 2017-06-20 23:44 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ufat.dll
2017-08-07 16:29 - 2017-06-20 23:43 - 001534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-08-07 16:29 - 2017-06-20 23:43 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-08-07 16:29 - 2017-06-20 23:43 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-08-07 16:29 - 2017-06-20 23:43 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cnvfat.dll
2017-08-07 16:29 - 2017-06-20 23:42 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-07 16:29 - 2017-06-20 23:42 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2017-08-07 16:29 - 2017-06-20 23:41 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2017-08-07 16:29 - 2017-06-20 23:40 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-08-07 16:29 - 2017-06-20 23:40 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-08-07 16:29 - 2017-06-20 23:40 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-08-07 16:29 - 2017-06-20 23:38 - 001221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-08-07 16:29 - 2017-06-20 23:38 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2fs.dll
2017-08-07 16:29 - 2017-06-20 23:37 - 006109696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-08-07 16:29 - 2017-06-20 23:37 - 000400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-08-07 16:29 - 2017-06-20 23:36 - 001247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-08-07 16:29 - 2017-06-20 23:35 - 002740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-08-07 16:29 - 2017-06-20 23:35 - 001656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-08-07 16:29 - 2017-06-20 23:35 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-08-07 16:29 - 2017-06-20 23:35 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-08-07 16:29 - 2017-06-20 23:35 - 000732160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2017-08-07 16:29 - 2017-06-20 23:34 - 000654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-08-07 16:29 - 2017-06-20 23:34 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-07 16:29 - 2017-06-20 23:33 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-08-07 16:29 - 2017-06-20 23:10 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-07 16:29 - 2017-03-03 23:56 - 000263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-08-07 16:29 - 2017-03-03 23:21 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-08-07 16:29 - 2017-03-03 23:20 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-08-07 16:29 - 2017-03-03 23:20 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-08-07 16:29 - 2017-03-03 23:19 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-08-07 16:29 - 2017-03-03 23:16 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-07 16:29 - 2017-03-03 23:02 - 002138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-07 16:29 - 2016-10-05 02:15 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2017-08-07 16:28 - 2017-07-07 00:44 - 000108896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-08-07 16:28 - 2017-07-07 00:37 - 000468320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-08-07 16:28 - 2017-07-07 00:32 - 000404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-07 16:28 - 2017-07-07 00:20 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll
2017-08-07 16:28 - 2017-07-07 00:19 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-08-07 16:28 - 2017-07-07 00:19 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-08-07 16:28 - 2017-07-07 00:18 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-07 16:28 - 2017-07-07 00:18 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\onex.dll
2017-08-07 16:28 - 2017-07-07 00:17 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-08-07 16:28 - 2017-07-07 00:14 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-08-07 16:28 - 2017-07-07 00:14 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-08-07 16:28 - 2017-07-07 00:11 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-08-07 16:28 - 2017-07-07 00:00 - 000476160 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\SysWOW64\wvc.dll
2017-08-07 16:28 - 2017-07-06 23:57 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-08-07 16:28 - 2017-07-06 23:54 - 002027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-08-07 16:28 - 2017-07-06 23:49 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-07 16:28 - 2017-07-06 23:48 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2017-08-07 16:28 - 2017-07-06 23:48 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-08-07 16:28 - 2017-07-06 23:46 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-08-07 16:28 - 2017-07-06 23:46 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2017-08-07 16:28 - 2017-07-06 23:45 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-08-07 16:28 - 2017-07-06 23:44 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-07 16:28 - 2017-07-06 23:44 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\onex.dll
2017-08-07 16:28 - 2017-07-06 23:44 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-08-07 16:28 - 2017-07-06 23:44 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-08-07 16:28 - 2017-07-06 23:43 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-08-07 16:28 - 2017-07-06 23:43 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-08-07 16:28 - 2017-07-06 23:39 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-08-07 16:28 - 2017-07-06 23:36 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-08-07 16:28 - 2017-07-06 23:35 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-08-07 16:28 - 2017-07-06 23:33 - 000576000 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\system32\wvc.dll
2017-08-07 16:28 - 2017-07-06 23:29 - 000932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-08-07 16:28 - 2017-07-06 23:28 - 002096640 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-08-07 16:28 - 2017-07-06 23:28 - 000759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-08-07 16:28 - 2017-07-06 23:28 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-08-07 16:28 - 2017-07-06 23:25 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-07 16:28 - 2017-07-06 23:24 - 005388800 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2017-08-07 16:28 - 2017-07-06 23:24 - 002217472 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-08-07 16:28 - 2017-07-06 23:24 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-07 16:28 - 2017-06-21 00:54 - 000603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-08-07 16:28 - 2017-06-21 00:53 - 000794928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-08-07 16:28 - 2017-06-21 00:52 - 000774224 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-08-07 16:28 - 2017-06-21 00:51 - 000434528 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-07 16:28 - 2017-06-21 00:50 - 000126304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2017-08-07 16:28 - 2017-06-21 00:48 - 002681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-07 16:28 - 2017-06-21 00:40 - 001069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-08-07 16:28 - 2017-06-21 00:40 - 000328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-08-07 16:28 - 2017-06-21 00:38 - 007220192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-07 16:28 - 2017-06-21 00:38 - 001738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-08-07 16:28 - 2017-06-21 00:37 - 001369240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-08-07 16:28 - 2017-06-21 00:37 - 001157008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-08-07 16:28 - 2017-06-21 00:35 - 002915704 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-08-07 16:28 - 2017-06-21 00:33 - 000408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2017-08-07 16:28 - 2017-06-21 00:31 - 001277824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-07 16:28 - 2017-06-21 00:31 - 000160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-08-07 16:28 - 2017-06-21 00:04 - 001631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-07 16:28 - 2017-06-21 00:04 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-08-07 16:28 - 2017-06-21 00:03 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-08-07 16:28 - 2017-06-21 00:02 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-08-07 16:28 - 2017-06-21 00:01 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-08-07 16:28 - 2017-06-21 00:01 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-08-07 16:28 - 2017-06-21 00:01 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2017-08-07 16:28 - 2017-06-21 00:01 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-08-07 16:28 - 2017-06-21 00:00 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-08-07 16:28 - 2017-06-21 00:00 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvisioningHandlers.dll
2017-08-07 16:28 - 2017-06-21 00:00 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-08-07 16:28 - 2017-06-21 00:00 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-08-07 16:28 - 2017-06-21 00:00 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-08-07 16:28 - 2017-06-21 00:00 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-08-07 16:28 - 2017-06-20 23:59 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-08-07 16:28 - 2017-06-20 23:59 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-08-07 16:28 - 2017-06-20 23:59 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-08-07 16:28 - 2017-06-20 23:59 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2017-08-07 16:28 - 2017-06-20 23:59 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-08-07 16:28 - 2017-06-20 23:59 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2017-08-07 16:28 - 2017-06-20 23:59 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-08-07 16:28 - 2017-06-20 23:58 - 000418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-08-07 16:28 - 2017-06-20 23:58 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-08-07 16:28 - 2017-06-20 23:58 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-08-07 16:28 - 2017-06-20 23:58 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-08-07 16:28 - 2017-06-20 23:58 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2017-08-07 16:28 - 2017-06-20 23:57 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-08-07 16:28 - 2017-06-20 23:57 - 000418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-08-07 16:28 - 2017-06-20 23:57 - 000360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-08-07 16:28 - 2017-06-20 23:57 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2017-08-07 16:28 - 2017-06-20 23:57 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-08-07 16:28 - 2017-06-20 23:57 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-08-07 16:28 - 2017-06-20 23:57 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-08-07 16:28 - 2017-06-20 23:56 - 001507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2017-08-07 16:28 - 2017-06-20 23:56 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-08-07 16:28 - 2017-06-20 23:56 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-08-07 16:28 - 2017-06-20 23:56 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-08-07 16:28 - 2017-06-20 23:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-08-07 16:28 - 2017-06-20 23:56 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-08-07 16:28 - 2017-06-20 23:56 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-08-07 16:28 - 2017-06-20 23:56 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-08-07 16:28 - 2017-06-20 23:56 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-08-07 16:28 - 2017-06-20 23:56 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-08-07 16:28 - 2017-06-20 23:56 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-08-07 16:28 - 2017-06-20 23:56 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-08-07 16:28 - 2017-06-20 23:55 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-08-07 16:28 - 2017-06-20 23:55 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-08-07 16:28 - 2017-06-20 23:55 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-08-07 16:28 - 2017-06-20 23:55 - 000265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-08-07 16:28 - 2017-06-20 23:55 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-08-07 16:28 - 2017-06-20 23:55 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-08-07 16:28 - 2017-06-20 23:55 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regsvr32.exe
2017-08-07 16:28 - 2017-06-20 23:54 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2017-08-07 16:28 - 2017-06-20 23:54 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-08-07 16:28 - 2017-06-20 23:54 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-08-07 16:28 - 2017-06-20 23:54 - 000609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-08-07 16:28 - 2017-06-20 23:54 - 000574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-08-07 16:28 - 2017-06-20 23:54 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-08-07 16:28 - 2017-06-20 23:54 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-08-07 16:28 - 2017-06-20 23:54 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-07 16:28 - 2017-06-20 23:54 - 000245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-08-07 16:28 - 2017-06-20 23:54 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2017-08-07 16:28 - 2017-06-20 23:53 - 000437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-08-07 16:28 - 2017-06-20 23:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-08-07 16:28 - 2017-06-20 23:53 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-08-07 16:28 - 2017-06-20 23:53 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-08-07 16:28 - 2017-06-20 23:53 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-08-07 16:28 - 2017-06-20 23:53 - 000271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-08-07 16:28 - 2017-06-20 23:53 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-08-07 16:28 - 2017-06-20 23:53 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-08-07 16:28 - 2017-06-20 23:52 - 017198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-07 16:28 - 2017-06-20 23:52 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2017-08-07 16:28 - 2017-06-20 23:52 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-08-07 16:28 - 2017-06-20 23:52 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-08-07 16:28 - 2017-06-20 23:52 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-08-07 16:28 - 2017-06-20 23:51 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-08-07 16:28 - 2017-06-20 23:51 - 000634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-08-07 16:28 - 2017-06-20 23:51 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-08-07 16:28 - 2017-06-20 23:50 - 000857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-08-07 16:28 - 2017-06-20 23:50 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-08-07 16:28 - 2017-06-20 23:50 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-08-07 16:28 - 2017-06-20 23:49 - 003778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-07 16:28 - 2017-06-20 23:49 - 002104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-08-07 16:28 - 2017-06-20 23:49 - 001913856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-08-07 16:28 - 2017-06-20 23:49 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-08-07 16:28 - 2017-06-20 23:49 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-08-07 16:28 - 2017-06-20 23:49 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-08-07 16:28 - 2017-06-20 23:49 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-08-07 16:28 - 2017-06-20 23:49 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-08-07 16:28 - 2017-06-20 23:49 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2017-08-07 16:28 - 2017-06-20 23:48 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroleui.dll
2017-08-07 16:28 - 2017-06-20 23:47 - 007655424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-08-07 16:28 - 2017-06-20 23:47 - 001105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-08-07 16:28 - 2017-06-20 23:47 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-08-07 16:28 - 2017-06-20 23:46 - 000627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2017-08-07 16:28 - 2017-06-20 23:44 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-08-07 16:28 - 2017-06-20 23:44 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-08-07 16:28 - 2017-06-20 23:43 - 001217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-08-07 16:28 - 2017-06-20 23:42 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-08-07 16:28 - 2017-06-20 23:42 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-08-07 16:28 - 2017-06-20 23:42 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-08-07 16:28 - 2017-06-20 23:42 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFSv1.dll
2017-08-07 16:28 - 2017-06-20 23:42 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-08-07 16:28 - 2017-06-20 23:41 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-08-07 16:28 - 2017-06-20 23:41 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-08-07 16:28 - 2017-06-20 23:40 - 004474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-07 16:28 - 2017-06-20 23:40 - 001891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-08-07 16:28 - 2017-06-20 23:40 - 000611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-08-07 16:28 - 2017-06-20 23:40 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-08-07 16:28 - 2017-06-20 23:39 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-08-07 16:28 - 2017-06-20 23:39 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-08-07 16:28 - 2017-06-20 23:39 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-07 16:28 - 2017-06-20 23:38 - 005611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-08-07 16:28 - 2017-06-20 23:38 - 003733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-07 16:28 - 2017-06-20 23:38 - 002424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-08-07 16:28 - 2017-06-20 23:38 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-08-07 16:28 - 2017-06-20 23:38 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-08-07 16:28 - 2017-06-20 23:37 - 000357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-08-07 16:28 - 2017-06-20 23:37 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-08-07 16:28 - 2017-06-20 23:36 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-08-07 16:28 - 2017-06-20 23:35 - 001369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-08-07 16:28 - 2017-06-20 23:35 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-08-07 16:28 - 2017-06-20 23:33 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2017-08-07 16:28 - 2017-06-20 23:33 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2017-08-07 16:28 - 2017-06-20 23:32 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-07 16:28 - 2017-06-20 23:30 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2017-08-07 16:28 - 2017-03-03 23:28 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-08-07 16:28 - 2017-03-03 23:26 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2017-08-07 16:28 - 2017-03-03 23:23 - 001145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-08-07 16:28 - 2017-03-03 23:23 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2017-08-07 16:28 - 2017-03-03 23:21 - 001243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-08-07 16:28 - 2017-03-03 23:17 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-08-07 16:28 - 2017-03-03 23:15 - 001078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-08-07 16:28 - 2017-03-03 23:14 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-08-07 16:28 - 2016-10-14 20:45 - 001790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-08-07 16:28 - 2016-09-15 09:58 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-08-07 16:28 - 2016-09-15 09:47 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
2017-08-07 16:27 - 2017-07-06 23:47 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-08-07 16:27 - 2017-07-06 23:44 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-08-07 16:27 - 2017-07-06 23:42 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-08-07 16:27 - 2017-07-06 23:28 - 000927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-08-07 16:27 - 2017-06-21 23:17 - 000987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-08-07 16:27 - 2017-06-21 23:17 - 000485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-08-07 16:27 - 2017-06-21 00:47 - 000764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-07 16:27 - 2017-06-21 00:40 - 000224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2017-08-07 16:27 - 2017-06-21 00:35 - 001267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-08-07 16:27 - 2017-06-21 00:03 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\uudf.dll
2017-08-07 16:27 - 2017-06-21 00:02 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-08-07 16:27 - 2017-06-21 00:01 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-08-07 16:27 - 2017-06-21 00:01 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Authentication.dll
2017-08-07 16:27 - 2017-06-21 00:00 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-08-07 16:27 - 2017-06-21 00:00 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2017-08-07 16:27 - 2017-06-21 00:00 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-08-07 16:27 - 2017-06-21 00:00 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-08-07 16:27 - 2017-06-21 00:00 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2017-08-07 16:27 - 2017-06-21 00:00 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-08-07 16:27 - 2017-06-20 23:59 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-08-07 16:27 - 2017-06-20 23:59 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-08-07 16:27 - 2017-06-20 23:59 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-08-07 16:27 - 2017-06-20 23:59 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-08-07 16:27 - 2017-06-20 23:59 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2017-08-07 16:27 - 2017-06-20 23:58 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-08-07 16:27 - 2017-06-20 23:58 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-08-07 16:27 - 2017-06-20 23:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2017-08-07 16:27 - 2017-06-20 23:58 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-08-07 16:27 - 2017-06-20 23:57 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll
2017-08-07 16:27 - 2017-06-20 23:57 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-08-07 16:27 - 2017-06-20 23:56 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-08-07 16:27 - 2017-06-20 23:56 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-08-07 16:27 - 2017-06-20 23:56 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-08-07 16:27 - 2017-06-20 23:55 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-07 16:27 - 2017-06-20 23:54 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-08-07 16:27 - 2017-06-20 23:54 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2017-08-07 16:27 - 2017-06-20 23:53 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-08-07 16:27 - 2017-06-20 23:52 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-08-07 16:27 - 2017-06-20 23:52 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-07 16:27 - 2017-06-20 23:51 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-07 16:27 - 2017-06-20 23:50 - 001054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2017-08-07 16:27 - 2017-06-20 23:49 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-08-07 16:27 - 2017-06-20 23:48 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\uexfat.dll
2017-08-07 16:27 - 2017-06-20 23:47 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ufat.dll
2017-08-07 16:27 - 2017-06-20 23:47 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-08-07 16:27 - 2017-06-20 23:46 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFSv1.dll
2017-08-07 16:27 - 2017-06-20 23:46 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\cnvfat.dll
2017-08-07 16:27 - 2017-06-20 23:43 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2017-08-07 16:27 - 2017-06-20 23:43 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2017-08-07 16:27 - 2017-06-20 23:42 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-08-07 16:27 - 2017-06-20 23:41 - 001359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-08-07 16:27 - 2017-06-20 23:41 - 001021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2017-08-07 16:27 - 2017-06-20 23:41 - 000460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-08-07 16:27 - 2017-06-20 23:40 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-08-07 16:27 - 2017-06-20 23:40 - 001421824 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-08-07 16:27 - 2017-06-20 23:40 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-08-07 16:27 - 2017-06-20 23:39 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-08-07 16:27 - 2017-06-20 23:36 - 000881152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2017-08-07 16:27 - 2017-06-20 23:36 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-08-07 16:27 - 2017-06-20 23:34 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2017-08-07 16:27 - 2017-03-03 23:27 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-08-07 16:27 - 2016-10-05 02:32 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-08-07 16:18 - 2017-07-05 21:29 - 000690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-08-07 16:18 - 2017-06-19 19:42 - 000993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-08-07 15:49 - 2017-04-21 14:53 - 000029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-08-07 15:49 - 2017-04-21 14:50 - 000030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-08-07 15:48 - 2017-04-21 14:53 - 000018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-08-07 15:48 - 2017-04-21 14:50 - 000018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-08-05 13:29 - 2017-08-11 19:10 - 000000000 ____D C:\AdwCleaner
2017-08-05 13:28 - 2017-08-05 13:29 - 008185288 _____ (Malwarebytes) C:\Users\Nick\Downloads\AdwCleaner.exe
2017-08-03 19:28 - 2017-08-12 12:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-03 19:28 - 2017-08-12 12:45 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-03 19:24 - 2017-08-03 19:24 - 000000000 ____D C:\Users\Nick\AppData\Local\UNP
2017-07-31 21:28 - 2017-08-07 17:04 - 000000000 ____D C:\Users\Nick\AppData\Local\PokerStars.NET
2017-07-31 21:28 - 2017-07-31 21:28 - 000002065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.net.lnk
2017-07-31 21:28 - 2017-07-31 21:28 - 000002059 _____ C:\Users\Public\Desktop\PokerStars.net.lnk
2017-07-31 21:28 - 2017-07-31 21:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
2017-07-31 21:27 - 2017-07-31 21:29 - 000000000 ____D C:\Program Files (x86)\PokerStars.NET
2017-07-31 21:21 - 2017-08-03 19:22 - 000000000 ____D C:\Program Files\rempl
2017-07-31 21:21 - 2017-07-31 21:27 - 111947528 _____ (Rational Intellectual Holdings Ltd.) C:\Users\Nick\Downloads\PokerStarsInstallPM.exe
2017-07-31 21:21 - 2017-07-31 21:22 - 000000000 ____D C:\Program Files\UNP
2017-07-31 21:21 - 2017-07-31 21:21 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-07-31 21:21 - 2017-07-29 19:54 - 000565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-07-29 19:53 - 2017-07-29 20:07 - 000000000 ____D C:\Users\Nick\AppData\Local\Mozilla
2017-07-29 19:53 - 2017-07-29 19:54 - 000000000 ____D C:\Users\Nick\AppData\Roaming\Mozilla
2017-07-29 19:53 - 2017-07-29 19:53 - 000266192 _____ (Mozilla) C:\Users\Nick\Downloads\Firefox Setup Stub 54.0.1.exe
2017-07-29 19:53 - 2017-07-29 19:53 - 000001231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-29 19:53 - 2017-07-29 19:53 - 000001219 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-29 19:53 - 2017-07-29 19:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-29 19:53 - 2017-07-29 19:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-29 19:35 - 2017-07-29 19:35 - 000002320 _____ C:\Users\Public\Desktop\HP OfficeJet 4650 series.lnk
2017-07-29 19:35 - 2017-07-29 19:35 - 000000974 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2017-07-29 19:35 - 2017-07-29 19:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-07-29 19:34 - 2017-07-29 19:36 - 000000000 ____D C:\Users\Nick\AppData\Local\HP
2017-07-29 19:34 - 2017-07-29 19:35 - 000000000 ____D C:\Program Files (x86)\HP
2017-07-29 19:32 - 2017-07-29 19:33 - 216648224 _____ C:\Users\Nick\Downloads\OJ4650_Full_WebPack_1122.exe
2017-07-29 19:27 - 2017-07-29 19:34 - 000000000 ____D C:\ProgramData\HP
2017-07-29 19:27 - 2017-07-29 19:34 - 000000000 ____D C:\Program Files\HP
2017-07-29 19:27 - 2017-07-29 19:33 - 000000000 ____D C:\Users\Nick\AppData\Roaming\HP_Easy_Start
2017-07-29 19:27 - 2017-07-29 19:27 - 000003420 _____ C:\WINDOWS\System32\Tasks\HPEA3JOBS
2017-07-29 19:27 - 2017-07-29 19:27 - 000002682 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP ePrint SW.lnk
2017-07-29 19:27 - 2017-07-29 19:27 - 000000000 ____D C:\ProgramData\Apple
2017-07-29 19:26 - 2017-07-29 19:27 - 000000000 ____D C:\ProgramData\Package Cache
2017-07-29 19:26 - 2017-07-29 19:26 - 005873288 _____ C:\Users\Nick\Downloads\HPEasyStart_5_5_3253_26.exe
2017-07-29 19:25 - 2017-07-29 19:25 - 032860728 _____ (HP) C:\Users\Nick\Downloads\HPEPrintAppSetupx64.exe
2017-07-29 18:32 - 2017-07-29 18:32 - 000000000 ____D C:\Users\Nick\AppData\Local\ElevatedDiagnostics
2017-07-29 18:26 - 2016-07-03 21:04 - 090684588 _____ C:\Users\Nick\Desktop\WP_20160703_21_03_38_Pro.mp4
2017-07-29 18:25 - 2017-07-29 18:25 - 000000000 ____D C:\Users\Nick\Desktop\WhatsApp Images
2017-07-29 18:25 - 2017-07-29 18:25 - 000000000 ____D C:\Users\Nick\Desktop\turbotax misc
2017-07-29 18:25 - 2017-07-29 18:25 - 000000000 ____D C:\Users\Nick\Desktop\frig black photos
2017-07-29 18:25 - 2017-07-29 18:25 - 000000000 ____D C:\Users\Nick\Desktop\dining table photos
2017-07-29 18:00 - 2017-07-29 18:03 - 000000000 ____D C:\Users\Nick\Desktop\TurboTax
2017-07-29 17:59 - 2017-07-29 12:44 - 000061263 _____ C:\Users\Nick\Desktop\Use Wildcard to Limit TLD (and block Google search images).pdf
2017-07-29 17:59 - 2017-07-21 21:15 - 000197519 _____ C:\Users\Nick\Desktop\religious-belief-exemption.pdf
2017-07-29 17:59 - 2017-07-08 08:53 - 001474648 _____ C:\Users\Nick\Desktop\Sherman Prequal.pdf
2017-07-29 17:59 - 2017-06-22 19:07 - 005396789 _____ C:\Users\Nick\Desktop\pepwave_surf_soho_user_manual_fw7.pdf
2017-07-29 17:48 - 2017-07-29 17:48 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-07-29 17:37 - 2017-08-15 19:45 - 000000000 ___DC C:\WINDOWS\Panther
2017-07-29 17:37 - 2017-08-07 16:57 - 000000000 ____D C:\Windows.old
2017-07-29 17:37 - 2017-07-29 17:37 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-07-29 17:37 - 2017-07-29 17:37 - 000000000 ____D C:\WINDOWS\InfusedApps
2017-07-29 17:37 - 2017-07-29 16:39 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-07-29 17:36 - 2017-07-29 17:36 - 000000000 ____D C:\WINDOWS\Setup
2017-07-29 17:33 - 2017-07-29 17:33 - 009747512 _____ (Piriform Ltd) C:\Users\Nick\Downloads\ccsetup532.exe
2017-07-29 17:33 - 2017-07-29 17:33 - 000002854 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-07-29 17:33 - 2017-07-29 17:33 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-29 17:33 - 2017-07-29 17:33 - 000000000 ____D C:\WINDOWS\OCR
2017-07-29 17:33 - 2017-07-29 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-29 17:33 - 2017-07-29 17:33 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-07-29 17:33 - 2017-07-29 17:33 - 000000000 ____D C:\Program Files\MSBuild
2017-07-29 17:33 - 2017-07-29 17:33 - 000000000 ____D C:\Program Files\CCleaner
2017-07-29 17:33 - 2017-07-29 17:33 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-07-29 17:33 - 2017-07-29 17:33 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-07-29 17:32 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-07-29 17:32 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-07-29 17:32 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-07-29 17:32 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-07-29 17:32 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-07-29 17:32 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2017-07-29 17:32 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-07-29 17:32 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-07-29 17:32 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-07-29 17:32 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-07-29 17:32 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\system32\0409
2017-07-29 17:32 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\DigitalLocker
2017-07-29 17:29 - 2017-07-31 08:14 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-29 17:29 - 2017-07-31 08:14 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-29 17:27 - 2017-08-15 20:24 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2017-07-29 17:27 - 2017-08-12 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-07-29 17:27 - 2017-08-12 17:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-29 17:27 - 2017-08-12 17:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-07-29 17:27 - 2017-08-12 17:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-07-29 17:27 - 2017-08-12 17:47 - 000000000 ____D C:\WINDOWS\Provisioning
2017-07-29 17:27 - 2017-08-12 17:47 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-07-29 17:27 - 2017-08-12 17:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-29 17:27 - 2017-08-12 17:47 - 000000000 ____D C:\Program Files\Windows Defender
2017-07-29 17:27 - 2017-08-12 17:47 - 000000000 ____D C:\Program Files\Common Files\System
2017-07-29 17:27 - 2017-08-12 17:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-29 17:27 - 2017-08-12 17:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-29 17:27 - 2017-08-12 12:48 - 000000000 ___HD C:\Program Files\WindowsApps
2017-07-29 17:27 - 2017-08-07 20:35 - 000000000 ____D C:\WINDOWS\rescache
2017-07-29 17:27 - 2017-08-07 20:15 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ____D C:\WINDOWS\system32\setup
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-29 17:27 - 2017-08-07 20:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-07-29 17:27 - 2017-08-07 20:12 - 000015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-07-29 17:27 - 2017-07-30 18:11 - 000000000 ____D C:\WINDOWS\appcompat
2017-07-29 17:27 - 2017-07-29 18:32 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-07-29 17:27 - 2017-07-29 17:37 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-07-29 17:27 - 2017-07-29 17:33 - 000000000 ____D C:\WINDOWS\SystemApps
2017-07-29 17:27 - 2017-07-29 17:32 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-07-29 17:27 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-07-29 17:27 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2017-07-29 17:27 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-07-29 17:27 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\system32\Com
2017-07-29 17:27 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\IME
2017-07-29 17:27 - 2017-07-29 17:32 - 000000000 ____D C:\WINDOWS\Help
2017-07-29 17:27 - 2017-07-29 17:32 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 __RSD C:\WINDOWS\Media
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ___SD C:\WINDOWS\system32\Nui
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\Web
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\Vss
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\tracing
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\TAPI
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SystemResources
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\winevt
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\spool
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\ras
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\IME
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\icsxml
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\ias
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\downlevel
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\DDFs
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\System
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SKB
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\security
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\schemas
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\SchCache
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\Resources
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\Registration
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\PLA
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\Performance
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\ModemLogs
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\L2Schemas
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\InputMethod
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\Globalization
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\Cursors
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\Branding
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\addins
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\ProgramData\Comms
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\Program Files\Windows Portable Devices
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\Program Files\Windows NT
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\Program Files\Common Files\Services
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\Program Files (x86)\Windows NT
2017-07-29 17:27 - 2017-07-29 17:27 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-07-29 17:27 - 2017-07-29 17:25 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-07-29 17:27 - 2017-07-29 17:25 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-07-29 17:27 - 2017-07-29 17:25 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2017-07-29 17:27 - 2017-07-29 17:25 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-07-29 17:27 - 2017-07-29 17:25 - 000017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2017-07-29 17:27 - 2017-07-29 17:25 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-07-29 17:27 - 2017-07-29 17:25 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-07-29 17:27 - 2017-07-29 17:25 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2017-07-29 17:27 - 2017-07-29 17:25 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-07-29 17:27 - 2017-07-29 17:25 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-07-29 17:27 - 2017-07-29 17:25 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-07-29 17:27 - 2017-07-29 17:25 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2017-07-29 17:27 - 2017-07-29 17:25 - 000000219 _____ C:\WINDOWS\system.ini
2017-07-29 17:27 - 2017-07-29 17:25 - 000000092 _____ C:\WINDOWS\win.ini
2017-07-29 17:27 - 2017-07-29 16:56 - 000000000 __RHD C:\Users\Public\Libraries
2017-07-29 17:27 - 2017-07-29 16:56 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-07-29 17:27 - 2017-07-29 16:53 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-29 17:27 - 2017-07-29 16:51 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-29 17:27 - 2017-07-29 16:50 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-07-29 17:27 - 2017-07-29 16:45 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-07-29 17:27 - 2017-07-29 16:40 - 000000000 ____D C:\ProgramData\USOPrivate
2017-07-29 17:26 - 2017-08-12 17:48 - 000000000 ____D C:\WINDOWS\INF
2017-07-29 17:24 - 2017-08-12 17:48 - 000101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-29 17:24 - 2017-08-12 17:48 - 000093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-29 17:24 - 2017-07-29 17:24 - 000188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-29 17:23 - 2017-08-12 17:48 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-29 17:23 - 2017-08-12 17:48 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-29 17:23 - 2017-07-29 17:23 - 065033984 _____ (Malwarebytes ) C:\Users\Nick\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-29 17:23 - 2017-07-29 17:23 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-29 17:23 - 2017-07-29 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-29 17:23 - 2017-07-29 17:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-07-29 17:23 - 2017-07-29 17:23 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-29 17:23 - 2017-06-27 12:06 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-29 17:16 - 2017-07-29 17:16 - 000002092 _____ C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
2017-07-29 17:16 - 2017-07-29 17:16 - 000000000 ____D C:\Users\Nick\AppData\Roaming\OpenDNS Updater
2017-07-29 17:16 - 2017-07-29 17:16 - 000000000 ____D C:\Program Files (x86)\OpenDNS Updater
2017-07-29 17:15 - 2017-08-12 16:35 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-07-29 17:15 - 2017-07-29 17:15 - 000000000 ____D C:\Users\Nick\AppData\Roaming\Macromedia
2017-07-29 17:09 - 2017-08-12 17:48 - 080740352 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-07-29 17:09 - 2017-08-12 17:48 - 014155776 _____ C:\WINDOWS\system32\config\SYSTEM
2017-07-29 17:09 - 2017-08-12 17:48 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-07-29 17:09 - 2017-08-12 17:48 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2017-07-29 17:09 - 2017-08-12 17:48 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY
2017-07-29 17:09 - 2017-08-07 20:14 - 000000000 ____D C:\WINDOWS\servicing
2017-07-29 17:09 - 2017-07-31 21:27 - 000000000 ___RD C:\Program Files (x86)
2017-07-29 17:09 - 2017-07-29 17:37 - 000131072 _____ C:\WINDOWS\system32\config\SAM
2017-07-29 17:09 - 2017-07-29 17:27 - 000000000 ____D C:\WINDOWS\system32\SMI
2017-07-29 17:09 - 2017-07-29 16:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-29 17:07 - 2017-07-29 17:07 - 000003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-73530200-423008673-1402658419-1001
2017-07-29 17:06 - 2017-07-29 18:35 - 000000000 ____D C:\Users\Nick\AppData\Local\MicrosoftEdge
2017-07-29 17:06 - 2017-07-29 17:07 - 000002363 _____ C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-29 17:06 - 2017-07-29 17:06 - 000000000 ____D C:\Users\Nick\AppData\Roaming\Skype
2017-07-29 17:05 - 2017-08-06 16:00 - 000000000 ____D C:\Users\Nick\AppData\Local\Comms
2017-07-29 17:05 - 2017-07-29 17:05 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-07-29 17:04 - 2017-07-29 17:04 - 000000000 ____D C:\Users\Nick\AppData\Local\VirtualStore
2017-07-29 17:04 - 2017-07-29 17:04 - 000000000 ____D C:\Users\Nick\AppData\Local\Publishers
2017-07-29 17:03 - 2017-08-12 12:49 - 000000000 ____D C:\Users\Nick\AppData\Local\Packages
2017-07-29 17:03 - 2017-07-29 17:50 - 000000000 ____D C:\Users\Nick\AppData\Local\ConnectedDevicesPlatform
2017-07-29 17:03 - 2017-07-29 17:03 - 000000020 ___SH C:\Users\Nick\ntuser.ini
2017-07-29 17:03 - 2017-07-29 17:03 - 000000000 ____D C:\Users\Nick\AppData\Roaming\Adobe
2017-07-29 17:03 - 2017-07-29 17:03 - 000000000 ____D C:\Users\Nick\AppData\Local\TileDataLayer
2017-07-29 17:02 - 2017-07-29 17:02 - 000000000 ____D C:\Program Files (x86)\Intel
2017-07-29 17:02 - 2017-01-25 04:42 - 000103936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-07-29 17:02 - 2017-01-25 04:42 - 000099840 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-07-29 17:01 - 2017-08-15 20:06 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-29 17:01 - 2017-07-29 17:01 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-07-29 17:01 - 2017-07-29 17:01 - 000000000 ____D C:\Program Files\Intel
2017-07-29 17:01 - 2017-07-29 17:01 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-07-29 16:58 - 2017-08-12 17:52 - 001006864 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-29 16:57 - 2017-07-29 16:57 - 000000000 _SHDL C:\Users\Default User
2017-07-29 16:57 - 2017-07-29 16:57 - 000000000 _SHDL C:\Users\All Users
2017-07-29 16:49 - 2017-08-12 19:48 - 000000000 ____D C:\Users\Nick
2017-07-29 16:44 - 2017-07-29 16:44 - 000007873 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-07-29 16:44 - 2017-07-29 16:44 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-07-29 16:44 - 2017-07-29 16:44 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-07-29 16:44 - 2017-07-29 16:44 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2017-07-29 16:44 - 2017-07-29 16:44 - 000000000 ____D C:\ProgramData\SoundResearch
2017-07-29 16:44 - 2017-07-29 16:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-07-29 16:44 - 2017-07-29 16:44 - 000000000 ____D C:\Program Files\Realtek
2017-07-29 16:41 - 2017-04-27 18:01 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-07-29 16:40 - 2017-07-29 16:40 - 000000000 ____D C:\ProgramData\USOShared
2017-07-29 16:39 - 2017-08-15 19:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-29 16:39 - 2017-08-12 17:48 - 000203200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-29 16:39 - 2017-08-12 17:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-15 20:09 - 2017-06-16 20:23 - 000000000 ____D C:\Users\Nick\AppData\LocalLow\Mozilla
2017-08-15 20:06 - 2015-08-29 18:57 - 000000000 __SHD C:\Users\Nick\IntelGraphicsProfiles
2017-08-12 17:56 - 2016-02-13 06:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-07-29 17:24 - 2016-07-16 04:43 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbeio.dll
2017-07-29 17:22 - 2016-07-16 04:43 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2017-07-29 17:07 - 2015-08-29 19:01 - 000000000 ___RD C:\Users\Nick\OneDrive

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-15 20:24

==================== End of FRST.txt ============================



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:09 AM

Posted 20 August 2017 - 03:01 PM

Greetings NickS111 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.

While I am doing that can you tell me if by "reloading" Windows 10 you mean a reformat/reinstall or just refreshing the Operating System? Please explain.

Is a browser(s) opened without any involvement by you whatsoever? If so, which browser(s) and under what circumstances?

Edited by Oh My!, 20 August 2017 - 03:31 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:09 AM

Posted 23 August 2017 - 09:50 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 23 August 2017 - 11:30 AM

Hi Gary,
 
Good to meet you and thank for your help. I appreciate your work. My name is Nick. I didn't see the response Sunday as I had been waiting for a response. Thank you for responding. Please responses to your questions;
 
While I am doing that can you tell me if by "reloading" Windows 10 you mean a reformat/reinstall or just refreshing the Operating System? Please explain. - Yes, it was a reformat and reinstall of win10.

Is a browser(s) opened without any involvement by you whatsoever? If so, which browser(s) and under what circumstances? - Correct, no involvement form us. Usually we may have a webpage open to yahoo mail or a real estate page. We walk away for a different task. Upon return a new "Image Search" page is open either from google, yahoo, bing, duckduckgo search engines.
 
The following is a sample web history. Again, we do initiate the search. We don't seek out this type of files.
 
 

**Links deleted**

Edited by Oh My!, 23 August 2017 - 12:39 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:09 AM

Posted 23 August 2017 - 01:43 PM

No problem Nick, that happens sometimes.

Please do this.

===================================================

Checking Firefox Sync Status

--------------------
  • Launch Firefox
  • In the address bar type about:preferences#sync and hit Enter
  • Under Firefox Account let me know if you see Disconnect... to the left of Manage Account
  • Under Sync across all devices list the items with check marks
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 23 August 2017 - 04:11 PM

Thanks Gary. Ok. I will look at Firefox settings later today and provide the information.



#8 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 23 August 2017 - 10:16 PM

Gary,

 

 I don't see the options you mentioned after entering about:preferences#sync and hit Enter. I don't have a Firefox account. An account was never setup. Shouldnt that mean nothing is synced.

 

I stopped using MS edge for the very same reason as it almost automatically syncs all devices.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:09 AM

Posted 24 August 2017 - 07:57 AM

Which browsers are you currently using where you experience the redirects? 

Browsers; changed from IE to Firefox, Chrome, same issues occurred.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 24 August 2017 - 09:58 AM

Current browser is Firefox with Bing as the search engine. Bing strict settings has been better than other search engines.

 

Other browsers and search engines tried; IE, Edge, Chrome, Safari ....Google, Yahoo, Duckduckgo, Bing. Issue occurred on every browser and search engine and across other devices connected via wifi.

 

The laptop had another "image search" happen last night. My wife was shopping online for boots. Walked away, came back to laptop, 2 new pages were open of image searches of naked women. No one else uses the laptop. My wife has been very upset by the pop-ups. Firefox settings has pop-ups blocked. Porn is blocked in router. Firefox search engine was designated as Bing. The searches came up through Duckduckgo. I can send the web history if you want to see it.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:09 AM

Posted 24 August 2017 - 12:39 PM

Thank you.

Can you tell me if you get this activity on the laptop when it is not connected to your network?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 24 August 2017 - 02:32 PM

No. It only occurs when connected. The laptop is a wireless connection.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:09 AM

Posted 24 August 2017 - 02:44 PM

If you are connected to a network other than yours do you get the same behavior?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 24 August 2017 - 02:57 PM

Good question. I took the laptop once to my office. Don't recall any issues through work wifi. And when we have traveled, we take laptop. Don't recall any issues with hotel wifi.

 

On my windows phone I don't have the issues when I connect to my work wifi. Only have the pop-up issues from home wifi.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:09 AM

Posted 24 August 2017 - 03:06 PM

I know you said you replaced the modem/router but I suspect this is the issue. I would recommend doing a factory reset which requires the holding down of the reset button for a period of time (usually all lights flash) and that clears out all information. You will then have to go through the setup process again. Not sure your brand but there has to be a manufacturer page that provides detailed instructions.

If you are willing, I would ask you to reset and let me know what happens.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users