Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with a frst fixit txt


  • This topic is locked This topic is locked
9 replies to this topic

#1 balistic-1

balistic-1

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 06 September 2017 - 06:04 PM

Hello all I finally broke down and asking for help I have most of this computer cleaned up but I am still having a pesky requested resource in use and I'm not familiar enough with windows 10 to do much like I could in 7 and below so anyone familiar with FRST hopefully can help me with a fixit text  

THANKS AGAIN!!!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Shawn Merklein (administrator) on BALISTIC-1 (06-09-2017 17:58:27)
Running from C:\Users\Shawn Merklein\Downloads
Loaded Profiles: Shawn Merklein (Available Profiles: Shawn Merklein)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(HP) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Windows\System32\msfgvtx.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Users\Shawn Merklein\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Users\Shawn Merklein\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Shawn Merklein\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(BitTorrent Inc.) C:\Users\Shawn Merklein\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Shawn Merklein\AppData\Roaming\uTorrent\updates\3.4.6_42178\utorrentie.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Shawn Merklein\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Shawn Merklein\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Shawn Merklein\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-11-19] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [svcvmx] => C:\Users\Shawn Merklein\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [916480 2017-09-05] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1232445883-2437180452-1787125336-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-08-04] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1232445883-2437180452-1787125336-1001\...\RunOnce: [Uninstall C:\Users\Shawn Merklein\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shawn Merklein\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1232445883-2437180452-1787125336-1001\...\RunOnce: [Uninstall C:\Users\Shawn Merklein\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shawn Merklein\AppData\Local\Microsoft\OneDrive\17.3.6390.0509"
HKU\S-1-5-21-1232445883-2437180452-1787125336-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
BootExecute: autocheck autochk * Partizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d96ad196-e250-4097-aab1-bb431c73c4da}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{d96ad196-e250-4097-aab1-bb431c73c4da}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-1232445883-2437180452-1787125336-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1232445883-2437180452-1787125336-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

FireFox:
========
FF DefaultProfile: rvk8mkqm.default
FF ProfilePath: C:\Users\Shawn Merklein\AppData\Roaming\Mozilla\Firefox\Profiles\rvk8mkqm.default [2017-09-03]
FF NetworkProxy: Mozilla\Firefox\Profiles\rvk8mkqm.default -> type", 0
FF Extension: (HMA! IP Checker) - C:\Users\Shawn Merklein\AppData\Roaming\Mozilla\Firefox\Profiles\rvk8mkqm.default\Extensions\ipinfo@hidemyass.com.xpi [2017-08-27]
FF Extension: (uTorrent easy client) - C:\Users\Shawn Merklein\AppData\Roaming\Mozilla\Firefox\Profiles\rvk8mkqm.default\Extensions\jid1-xJrt4U23zkSdbA@jetpack.xpi [2017-08-27]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1394360 2015-08-12] (Intel Corporation)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1102352 2017-08-04] (Garmin Ltd. or its subsidiaries)
R2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [33632 2016-03-09] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-01-13] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-11-19] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-01] (Microsoft Corporation)
S2 bvaFWEke4iCB Updater; no ImagePath
S2 gupdate; no ImagePath
S3 gupdatem; no ImagePath
S3 MozillaMaintenance; no ImagePath

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [56160 2016-03-09] (HP)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-12] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-12] (Intel Corporation)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [42336 2016-03-09] (HP)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-09] (Intel Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-09-05] (Greatis Software)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72792 2016-12-27] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-08-29] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-14] (HP)
U3 aswMBR; C:\Users\Shawn Merklein\AppData\Local\Temp\aswMBR.sys [62728 2017-09-05] () [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\Shawn Merklein\AppData\Local\Temp\aswVmm.sys [224896 2017-09-05] () <==== ATTENTION

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys A7901875F89D011C38CF52C98ACF5B29
C:\WINDOWS\System32\drivers\3ware.sys EE1CCC54F75C24727A218F98FC5349DA
C:\WINDOWS\system32\DRIVERS\Accelerometer.sys CCB7A0A15FB067EF5A24F93CB595B9D3
C:\WINDOWS\System32\drivers\ACPI.sys 73C73E1AA0D4D727A04AAAB120B7F56A
C:\WINDOWS\System32\drivers\AcpiDev.sys 0935496EF9624B46B935CB35ECE1F205
C:\WINDOWS\System32\Drivers\acpiex.sys D6794C31F4077B71433988787BAA926E
C:\WINDOWS\System32\drivers\acpipagr.sys FE5F656D6B35089DA39112E74EC6A85A
C:\WINDOWS\System32\drivers\acpipmi.sys 2F242941E4DFF69B883D77A16F039557
C:\WINDOWS\System32\drivers\acpitime.sys C247E35A21682DA8D0DC3AF9F025FCC5
C:\WINDOWS\System32\drivers\ADP80XX.SYS 49B9DB97AFC85DCCBDACDAB2E90085B7
C:\WINDOWS\system32\drivers\afd.sys 323AA1953ED9C01E23F740FA891FE064
C:\WINDOWS\System32\DRIVERS\ahcache.sys 23522E5D581F7722B1B5B86737CAE39C
C:\WINDOWS\System32\drivers\amdk8.sys DF21E05E41E5AC3F13F304D91457649A
C:\WINDOWS\System32\drivers\amdppm.sys 45D0AA4BB90B821DF92E8F19ABED0C5E
C:\WINDOWS\System32\drivers\amdsata.sys 74FFBC43B4B899C9A8CA06A892F2CE73
C:\WINDOWS\System32\drivers\amdsbs.sys AAB0F1D8D7E54761ABAB13AF161F1680
C:\WINDOWS\System32\drivers\amdxata.sys F91BAAC4237C40352A807000F3B716F9
C:\WINDOWS\System32\drivers\appid.sys BC121C099C6C659126AD2102AFDFF8CF
C:\WINDOWS\System32\drivers\applockerfltr.sys 68190E2BADF23BD782344970E5B5DE9E
C:\WINDOWS\System32\drivers\arcsas.sys E6AB1F0B4C3D4E0D2A88332D76FECD03
C:\WINDOWS\System32\drivers\asyncmac.sys 61C5A480C43E7E8E49C42869F49D0D3E
C:\WINDOWS\System32\drivers\atapi.sys A10F989A812B57B9695F6C305907C9C6
C:\WINDOWS\System32\drivers\bxvbda.sys 61BAC67048CA5C1D08C48FCC8012B613
C:\WINDOWS\System32\drivers\BasicDisplay.sys 94D6B95485BFA35D81524B0EBA0F7569
C:\WINDOWS\System32\drivers\BasicRender.sys 72ABA6AC74F7AA9C9A4AC61BE628ADD1
C:\WINDOWS\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\WINDOWS\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 0A508274355745EEF01C6BE3198D02C4
C:\WINDOWS\System32\DRIVERS\bowser.sys 9CD2A4821DE379305CACB2E99AD8953A
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys 722036C26D2C4E50EC2A2EC5FD678846
C:\WINDOWS\System32\drivers\bthhfenum.sys C2E31BE025D46D189E38DD1EDF07837A
C:\WINDOWS\System32\drivers\BthHFHid.sys F7CD605FC0B0B22F3F6F247595E3A655
C:\WINDOWS\System32\drivers\bthmodem.sys 535DC41A33630AE4C262406F9E981C03
C:\WINDOWS\System32\drivers\buttonconverter.sys 23F9EF739F685E07482116425E7879AA
C:\WINDOWS\System32\drivers\capimg.sys 60EB6A4CE3E21887D302350631C16F26
C:\WINDOWS\System32\DRIVERS\cdfs.sys F8FB51B9EF6372610E9B31A1D86B62FC
C:\WINDOWS\System32\drivers\cdrom.sys 613D0137C269187FA298A157E3D14A18
C:\WINDOWS\System32\drivers\cht4sx64.sys 0AED948DA8D5F08B3D6F12E4E2089736
C:\WINDOWS\System32\drivers\cht4vx64.sys 0002A0FDE087C1657AB31CE73077539C
C:\WINDOWS\System32\drivers\circlass.sys 6B4F90A287D75CCD78694F6790C911B2
C:\WINDOWS\System32\drivers\CLFS.sys 1A7C52B88A22750DCB0A579BDB1F2696
C:\WINDOWS\System32\drivers\registry.sys EEC3A4A98AE1A337E3CD1483AD6F2E15
C:\WINDOWS\System32\drivers\CmBatt.sys 429623E266EF067A44E8CF148E9DFB9B
C:\WINDOWS\System32\Drivers\cng.sys EBCCEA63F3A733ED7A1A2E4E2BCFBE2F
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys 3DB10C59405931E2C72EFB82C1AF97D1
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys 34C935AF2A414572B412B3556586D783
C:\WINDOWS\System32\drivers\condrv.sys 44EEEB2382F566999287E13F2067693C
C:\WINDOWS\System32\drivers\dam.sys 3BBD0073265DA6D3EFBA54B26E5D8236
C:\WINDOWS\System32\Drivers\dfsc.sys 385E6F76E684E7EEEECBBB156C45D191
C:\WINDOWS\System32\drivers\disk.sys 35B9D46560339A5A7F0CAC6ED702C817
C:\WINDOWS\System32\drivers\dmvsc.sys 815F45161A4571C2C44491564F3D5968
C:\WINDOWS\system32\DRIVERS\Dot4.sys C0AA415718DDD13A136E353844628A65
C:\WINDOWS\System32\drivers\Dot4Prt.sys CC88A1D8A39752859101ECCE1F1BC888
C:\WINDOWS\system32\DRIVERS\dot4usb.sys 292ADB7C57B5457F18F2FC06934B0B40
C:\WINDOWS\System32\drivers\dptf_cpu.sys C1283B0BEE35F9AF3511E0EBA71F311C
C:\WINDOWS\system32\DRIVERS\drmkaud.sys AE6BD4C879A8C849E53947C92DF3B3A0
C:\WINDOWS\System32\drivers\dxgkrnl.sys D7E28FCA055C090A5447036D590A8995
C:\WINDOWS\System32\drivers\evbda.sys 7EC6FC0266D74BD47ABB130A328B70EC
C:\WINDOWS\System32\drivers\EhStorClass.sys 8D74B8B5D6F7C5BC4C525BAF2B083FF1
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys 2A9817B5A9260D8F60D52E36BEF10443
C:\WINDOWS\System32\drivers\errdev.sys 77B60DEC7DCB4233E4A69D3F52E5DB24
C:\WINDOWS\system32\DRIVERS\esif_lf.sys 99984B5D3378F8236F3A85E51ACEDD16
C:\Windows\System32\Drivers\exfat.sys FCD2C63754C2E739A8EEAD9BC63F9DDC
C:\Windows\System32\Drivers\fastfat.sys FA918EC296EB410FF02867D008D02421
C:\WINDOWS\System32\drivers\fdc.sys 99598ECA5E41996E005D5B9D9FF1EFA2
C:\WINDOWS\System32\drivers\filecrypt.sys F44F666B0EACC3181544FFCF8CA0FFC7
C:\WINDOWS\System32\drivers\fileinfo.sys 78A210DDFDF2C9EC884631D2DAA573F0
C:\WINDOWS\System32\drivers\filetrace.sys 1A97DB5E701A186989F3795223C3BE39
C:\WINDOWS\System32\drivers\flpydisk.sys 46626665F0E5906E45619B4EFD6186B8
C:\WINDOWS\System32\drivers\fltmgr.sys FDA72ACA14D516D18C33AFCD0FD9260F
C:\WINDOWS\System32\drivers\FsDepends.sys B07A40B5A7A58B8C75663A572A46084C
C:\Windows\System32\Drivers\Fs_Rec.sys 6D6BB5C7363CD35FA715E826F3D029EE
C:\WINDOWS\System32\DRIVERS\fvevol.sys 8EEC4925C03E375C4EC496E45C44139A
C:\WINDOWS\System32\drivers\vmgencounter.sys EF78034773CE506323655A868C949144
C:\WINDOWS\System32\drivers\genericusbfn.sys B55FEBC6A00DAA1FE074F020B6907516
C:\WINDOWS\System32\Drivers\msgpioclx.sys DDD8A8CDDC7F13EF57D1DAAE71865936
C:\WINDOWS\System32\drivers\gpuenergydrv.sys 7ACD8F69B5D6EC97E6D2C006E19BED88
C:\WINDOWS\System32\drivers\HDAudBus.sys 10E3515FE5DBA6656FA62C29342EC4A1
C:\WINDOWS\System32\drivers\HidBatt.sys B90D284B97CD4CA9DE7430AAAD887A56
C:\WINDOWS\System32\drivers\hidbth.sys B2FE11643CC6ACDEE6C247DD36018FDB
C:\WINDOWS\System32\drivers\hidi2c.sys D24355488A2D4D2323518EC1AC7A6D9E
C:\WINDOWS\System32\drivers\hidinterrupt.sys 0AF9ABBA4F3F55C6C803890D64BC3C29
C:\WINDOWS\System32\drivers\hidir.sys CDBCF8E9AB06D88A1E1191D32F320C5D
C:\WINDOWS\System32\drivers\hidusb.sys D8536CB438CC4CCDAE047B768EED22B2
C:\WINDOWS\System32\DRIVERS\hpdskflt.sys 6575F8B80AB80A91DDD4744D04847D9D
C:\WINDOWS\System32\drivers\HpSAMD.sys F5CA18197B4646E04DB9EB2D6642CC4D
C:\WINDOWS\System32\drivers\HTTP.sys 2BEFE2891C7696CED805F6116A1A2067
C:\WINDOWS\System32\drivers\hvservice.sys 74FC79C52395B10FFD0B55CF22CF88FC
C:\WINDOWS\System32\drivers\hwpolicy.sys 771EDDA9830A3079F996F34D681FB6E5
C:\WINDOWS\System32\drivers\hyperkbd.sys 3B9F315E7FA72CC25228EB097DD9C694
C:\WINDOWS\System32\drivers\i8042prt.sys B54B30992620C97230013A74461C8517
C:\WINDOWS\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\WINDOWS\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 5A0E850F8CD17791A3E6A3CF81D0CA28
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 7508F1096803385D6376BFD0BD473AC4
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys 97E553D03219D3D51705C7235D9EAEBD
C:\WINDOWS\System32\drivers\iaStorV.sys 8350FE3BCDE3428BC040877BB7E9EAEB
C:\WINDOWS\System32\drivers\ibbus.sys 3BA03F7C7700DDF4C383DDE9252F5817
C:\WINDOWS\system32\DRIVERS\igdkmd64.sys 27AA91AF43DCD082E13A83A31B0A90AC
C:\WINDOWS\System32\drivers\IndirectKmd.sys 2A01C96DF5802D3434634E55C91232D8
C:\WINDOWS\system32\drivers\RTKVHD64.sys 2C7FD91E94D8E17E4A6B1E445C7F17A4
C:\WINDOWS\system32\DRIVERS\IntcDAud.sys E300D1E37B737ED14F7A08CD5604E5D9
C:\WINDOWS\System32\drivers\IntelPcc.sys 72586E6D6DD4144D0C4CBD9D2653BBED
C:\WINDOWS\System32\drivers\intelide.sys 9F7E87F6595D065A8A200A291043045E
C:\WINDOWS\System32\drivers\intelpep.sys A6BD2E20AE1BC5CB2776C87C28E4F4CA
C:\WINDOWS\System32\drivers\intelppm.sys 2A48DA39542636DB0FA3BA915385D1B3
C:\WINDOWS\System32\drivers\iorate.sys DB32758F3A7F6CCE81A5430080A2EA65
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys FE85D0A86CA7A5A99CF8CD04DE7F80AE
C:\WINDOWS\System32\drivers\IPMIDrv.sys 10D01A3657AC8E8004C83D613163DE1E
C:\WINDOWS\System32\drivers\ipnat.sys F1DAECC3B3D6399875D4F10529D6A77C
C:\WINDOWS\system32\drivers\irda.sys 7475A2903BB704B446AA6309E34D3362
C:\WINDOWS\System32\drivers\irenum.sys 9725E7F0C64CE9916A5CDABE8D6E13C3
C:\WINDOWS\System32\drivers\isapnp.sys 58040898883A96160D41739C80328BBF
C:\WINDOWS\System32\drivers\msiscsi.sys 3C97BBD57E92F76A079338DE6F8317C6
C:\WINDOWS\System32\drivers\kbdclass.sys 210808437570BDDEE71A43535E3A2D30
C:\WINDOWS\System32\drivers\kbdhid.sys 0B779E9FC426CA2268D28181FA6C222F
C:\WINDOWS\System32\drivers\kdnic.sys 813BA3EB2CE038F2A5382DDD75CAD60B
C:\WINDOWS\System32\Drivers\ksecdd.sys 97C797421A34D5571C03B707CBAFE39A
C:\WINDOWS\System32\Drivers\ksecpkg.sys A8E2DBA6E785CC6381EC3A13EA785E7A
C:\WINDOWS\system32\drivers\ksthunk.sys 4ED115CD1A1099705F56B5E0FFF97CC6
C:\WINDOWS\System32\drivers\lltdio.sys 5933A6673F00D8255C52957E40C2D601
C:\WINDOWS\System32\drivers\lsi_sas.sys 8E1B0946948CCC0BC1FA3CB70374A795
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 4F68163FC04C973500DC4DA0946917B0
C:\WINDOWS\System32\drivers\lsi_sas3i.sys E5AC5F2815938651CDCC27F425474673
C:\WINDOWS\System32\drivers\lsi_sss.sys CCF6EC9FB9B8F18E05B4253E81013E48
C:\WINDOWS\system32\drivers\luafv.sys C9579D32219E5B936AC3A48D470117EC
C:\WINDOWS\System32\drivers\megasas.sys C3CDCCF07486BD2616A7B82946E07AC0
C:\WINDOWS\System32\drivers\MegaSas2i.sys 2CF0CB2A0ED68C5455371E84C16F9627
C:\WINDOWS\System32\drivers\megasr.sys FADB2FE017E69EECE0E1BA78661C2E8C
C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys E0EF6C1399A9B1AAA0B28590411BED04
C:\WINDOWS\System32\drivers\mlx4_bus.sys FD60818B66B2E8A5415EA840E99A9D8F
C:\WINDOWS\system32\drivers\mmcss.sys 68F6977F1CFBAAC770D940A8C0326FA1
C:\WINDOWS\System32\drivers\modem.sys 0D50B3F3AB32D416786B58D4553859CE
C:\WINDOWS\System32\drivers\monitor.sys 9CCCB7FC3EDADEBA461D78615A6011A6
C:\WINDOWS\System32\drivers\mouclass.sys 27A07B2FB2E3057DA8DAEA4F25D843C7
C:\WINDOWS\System32\drivers\mouhid.sys 7BD6E7F7C9001AB21B8362CFFEE80B25
C:\WINDOWS\System32\drivers\mountmgr.sys F5BDAEE4B7D369D4C74668DCFBA3FF10
C:\WINDOWS\System32\drivers\mpsdrv.sys 30844BD376F9D01E62C820BEF446F1F8
C:\WINDOWS\system32\drivers\mrxdav.sys 25D32BE04FE0A23FDF57FD5382757672
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys D559FF28B1AD9B1E15A4186E785E61F6
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys CFE8297B003C85AEFB506BDDEE3E67FA
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys BD4B9B58F1297FE7E05284DC156DE810
C:\WINDOWS\System32\drivers\bridge.sys 85669C51BA3BBD4CF6457C280BFAEA0C
C:\Windows\System32\Drivers\Msfs.sys F01B849D9D4A8CEAF32D4FDBD0B83C92
C:\WINDOWS\System32\drivers\msgpiowin32.sys 22ECD8F5D1DFADF2011BBB1700CB871D
C:\WINDOWS\System32\drivers\mshidkmdf.sys FD870F6968A145E4D2BA8A8842686B03
C:\WINDOWS\System32\drivers\mshidumdf.sys 30364757963A028CE5DF0FBAAC270173
C:\WINDOWS\System32\drivers\msisadrv.sys 6BB0FEDDAE7135FA37FFAFF4D9E0E876
C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys 4586CDA25B7866DD9505CEECF9DB3C74
C:\WINDOWS\System32\drivers\mslldp.sys 642CDE46351D5D2D90311E77072AB46D
C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys F2302A5CE63CA7673200FAFCEEEDB6AF
C:\WINDOWS\system32\DRIVERS\MSPQM.sys 6114512EA26E835BA522C63635429DB5
C:\Windows\System32\Drivers\MsRPC.sys AA538E16E644D00E3BA5349BBA9598EC
C:\WINDOWS\System32\drivers\mssmbios.sys 0543BEFD41EC4D25C7F7CF36409CEC7D
C:\WINDOWS\system32\DRIVERS\MSTEE.sys C1569E4DB8EFE3617847BF041A3C842F
C:\WINDOWS\System32\drivers\MTConfig.sys 130B16970154BA9876B09E5C4BAC63BE
C:\WINDOWS\System32\Drivers\mup.sys A2A906C0D38BFE1D780251D044BDBD4D
C:\WINDOWS\System32\drivers\mvumis.sys 3D2C5B4995CA0751D32DEA0DE9FDFE44
C:\WINDOWS\System32\DRIVERS\nwifi.sys A5FA29F748BBF38FC3FAE4B54FA20A93
C:\WINDOWS\System32\drivers\ndfltr.sys 629CB21AC49C8867E0F29DF1C16DB7B4
C:\WINDOWS\System32\drivers\ndis.sys 42A3B76320D483D443A60661FE1FEF14
C:\WINDOWS\System32\drivers\ndiscap.sys 6DD605338FAAF6BA17662AA874E0D162
C:\WINDOWS\System32\drivers\NdisImPlatform.sys E34196F285F8B8879E1FF36C31F7179E
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 1FAD2398673F30CEC616B89C46B7DCBA
C:\WINDOWS\System32\drivers\ndisuio.sys AEB8ECBE66CC46854066CB1F5623E179
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys 7340104C2BF2F126714F7CDE85E63610
C:\WINDOWS\System32\drivers\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\WINDOWS\System32\DRIVERS\NDProxy.sys 78A12E3DF035B5D054986949B19BE43C
C:\WINDOWS\System32\drivers\Ndu.sys 04C8859355C1DC9C0FA198D1894D71C2
C:\WINDOWS\System32\drivers\NetAdapterCx.sys 6C76780A01FC2B885BD6E957B5C36B02
C:\WINDOWS\System32\drivers\netbios.sys 5D1513BD6430307C9DB86C6E351372ED
C:\WINDOWS\System32\DRIVERS\netbt.sys 6FEBB0A847FFD5F057B9AC8889F1B9A7
C:\Windows\System32\Drivers\Npfs.sys 001CBD7A2CD45C4EB39C01C3C677EF73
C:\WINDOWS\System32\drivers\npsvctrig.sys 90F5DC9802AAA00CD0B6E2AD9E7FFADC
C:\WINDOWS\System32\drivers\nsiproxy.sys 0C6218321A09A7B51BA7FFAFBA4CCB21
C:\Windows\System32\Drivers\NTFS.sys F909D5D5ED637096D3DF8C27FA422D32
C:\Windows\System32\Drivers\Null.sys 6E6DD6F9DD2A034CF85E94047DBDB992
C:\WINDOWS\System32\drivers\nvraid.sys D261DF41F0840F734856A2B4F5E072C7
C:\WINDOWS\System32\drivers\nvstor.sys 23B702B555EB0436B9DAA0BC63DA65CE
C:\WINDOWS\System32\drivers\parport.sys 6B81BF7853D161DB8AC62CD8B9C2DE6B
C:\Windows\SysWOW64\drivers\Partizan.sys 032F1C32A6A97C317AEFF9D64D2A1D8A
C:\WINDOWS\System32\drivers\partmgr.sys 0553ECB742278C8F4CFA28B43FF20EAD
C:\WINDOWS\System32\drivers\pci.sys 29AF16726F4DD84376ECA85AB6AFF2C6
C:\WINDOWS\System32\drivers\pciide.sys 214DCC87E3898F738075D1341252A552
C:\WINDOWS\System32\drivers\pcmcia.sys AED76A3333B3A31536E430020E0226FC
C:\WINDOWS\System32\drivers\pcw.sys E63FB38B6E75B39467492FBAD2CD512A
C:\WINDOWS\System32\drivers\pdc.sys 382D493B91B816D12C6F775E7896ED29
C:\WINDOWS\System32\drivers\peauth.sys 1509A77F840AA9E72CF8247D0CF2FBDE
C:\WINDOWS\System32\drivers\percsas2i.sys 540116170E2135FCD5DDE77702166B67
C:\WINDOWS\System32\drivers\percsas3i.sys 8356F87553BF49C703CF382033815898
C:\WINDOWS\System32\drivers\raspptp.sys 5645B9D9788CCA2C88B9534996ED2D6D
C:\WINDOWS\System32\drivers\processr.sys 372913E12677A8CBBBABDD8311894F9D
C:\WINDOWS\System32\drivers\pacer.sys B621114B8D1E9256DC1BFD6BA2F4DE69
C:\WINDOWS\system32\drivers\qwavedrv.sys 819602BBBFDB0BD46DEA3715BF0DD452
C:\WINDOWS\System32\DRIVERS\rasacd.sys CDF47037A0939F56D11F699629C276AD
C:\WINDOWS\System32\drivers\AgileVpn.sys 28C2EA278070EE12701D0EDF8CB0EC36
C:\WINDOWS\System32\drivers\rasl2tp.sys 17E565710172ED71B8531D8822E1C5D1
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 726857E441D1D67F57694A1B613ABD34
C:\WINDOWS\System32\drivers\rassstp.sys F0F4EEDEEBEE7A4244FAFB96A16B5712
C:\WINDOWS\System32\DRIVERS\rdbss.sys 1A49C9F966A04D031DAD4C73C49D5288
C:\WINDOWS\System32\drivers\rdpbus.sys 79A415E6FA915EFC00297DAB16EC2635
C:\WINDOWS\System32\drivers\rdpdr.sys 7135785C21CA79D270D11037C43D3F19
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 97A61A3CB2B5CB4FC32B3224EF333448
C:\WINDOWS\System32\drivers\rdyboost.sys 69BB204AE07EE84ECFAB1BF13C4BD04B
C:\Windows\System32\Drivers\ReFSv1.sys 940D6F5A2B0A61EE4170DF84F6C95C20
C:\WINDOWS\System32\drivers\rspndr.sys 5FF28F097C9699097B473F8FC7C1AA7D
C:\WINDOWS\System32\drivers\rt640x64.sys F9265C902BB9146C6BFF97BDF35C04DE
C:\WINDOWS\System32\drivers\rtwlane.sys 8245240721FE1614ADA6E4A22CD2FFCD
C:\WINDOWS\System32\drivers\vms3cap.sys B5DAEE69BACA64D2BB004568E22D8756
C:\WINDOWS\System32\drivers\sbp2port.sys 5E73FB63E2DBC75FE0C17DEB0010CE0E
C:\WINDOWS\System32\DRIVERS\scfilter.sys 3D9A82B03C92D1FEC42CB171D6F57778
C:\WINDOWS\System32\drivers\scmbus.sys 227A7AAD04CB11116F8B935CA31F0D04
C:\WINDOWS\System32\drivers\scmdisk0101.sys 50FCAD2051E6DD313393437DE6D7C049
C:\WINDOWS\System32\drivers\sdbus.sys 08ED027CD8A43E3412BDD134A43B13E8
C:\WINDOWS\System32\drivers\sdstor.sys 4DFEC463DD018EC4EC47F9E94128EFDC
C:\WINDOWS\System32\drivers\SerCx.sys 401D706DDC0A7AF18C3DD228ADF74551
C:\WINDOWS\System32\drivers\SerCx2.sys 7084D11083F0CDCA8B5C76F9846ABF5D
C:\WINDOWS\System32\drivers\serenum.sys 3FF478A8ED32A83C36581425F6282B6C
C:\WINDOWS\System32\drivers\serial.sys 92509187AA171A80521528B36F753E1D
C:\WINDOWS\System32\drivers\sermouse.sys 433D38FF6D08B993847EA2A10EB8CB52
C:\WINDOWS\System32\drivers\sfloppy.sys 697D3EE0740AEAB62B66ABCA1C83D13B
C:\WINDOWS\System32\drivers\SiSRaid2.sys A34CE1830E45DA98932295FDE4B7908A
C:\WINDOWS\System32\drivers\sisraid4.sys A7B5C670770E908DA5FEF5BF1136E933
C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys 12C5840594577F0DC3CA82850DBFD67F
C:\WINDOWS\System32\drivers\spaceport.sys 4208A6432D0D6511A4A9BC47B8F53F8A
C:\WINDOWS\System32\drivers\SpbCx.sys E03264C4C25B568F92ED1656AD541E64
C:\WINDOWS\System32\DRIVERS\srv.sys 2E0F160AFE1EB7E8C21D6FE782FFFE0B
C:\WINDOWS\System32\DRIVERS\srv2.sys A0BDA7332A9EE59062A7037D161C8715
C:\WINDOWS\System32\DRIVERS\srvnet.sys F13EE0DB1FB1D6946AC3228D7EFCFC8F
C:\WINDOWS\System32\drivers\stexstor.sys 29D26E1347AE1BBD4201014E19880B2C
C:\WINDOWS\System32\drivers\storahci.sys 6BC6023E866489D22CE30E18846B80D9
C:\WINDOWS\System32\drivers\vmstorfl.sys C5E0ACE4771F5575D9D5B457ABF3AD03
C:\WINDOWS\System32\drivers\stornvme.sys 9886ECF5D6142DD2EE30D2C23F411E60
C:\WINDOWS\System32\drivers\storqosflt.sys BEBF85EB4D90E6996047DA027D0ED26E
C:\WINDOWS\System32\drivers\storufs.sys 8E73037A6F8938475692FFCC26EBF385
C:\WINDOWS\System32\drivers\storvsc.sys 9D9DED47DA10E845EFF2DD57C94C809B
C:\WINDOWS\System32\drivers\swenum.sys 505E0C40B5D0ADDCBB414640F59BD2E0
C:\WINDOWS\System32\drivers\Synth3dVsc.sys 32F46FB0F290D16DAA452B289C985795
C:\WINDOWS\system32\DRIVERS\SynTP.sys 5FFA759FB12CEEDBF3372D1F8858B50B
C:\WINDOWS\System32\drivers\tcpip.sys 330E2CFD0B251D81115419FF506C6ADA
C:\WINDOWS\System32\drivers\tcpip.sys 330E2CFD0B251D81115419FF506C6ADA
C:\WINDOWS\System32\drivers\tcpipreg.sys 14A6ED9AD702CE1F1CE34756EB41834F
C:\WINDOWS\system32\DRIVERS\tdx.sys DB4B0E7D8F782982631F78D6F11C6531
C:\WINDOWS\System32\drivers\terminpt.sys 06130AFFECEB94525FC2352936576B70
C:\WINDOWS\System32\drivers\tpm.sys 46171262D0E806779DEEDFCAB2F830CC
C:\Windows\System32\drivers\TrueSight.sys 0D5A09B08568760AE85A801FCBC0F83D
C:\WINDOWS\System32\drivers\TsUsbFlt.sys A6F4025664C9D4BC2A9EDAB4092706D7
C:\WINDOWS\System32\drivers\TsUsbGD.sys 37A96AD493E110C0BF1EE0AC0F9E7DBD
C:\WINDOWS\System32\drivers\tunnel.sys 79E264287F17D56D768440B0270466DE
C:\WINDOWS\System32\drivers\uaspstor.sys AA65954F512BA097DD190790876DD991
C:\WINDOWS\System32\Drivers\UcmCx.sys AB6268022C3A5B529075A39C33904DA6
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 7ED2EDA43D21C7A5F589A7960E265C52
C:\WINDOWS\System32\drivers\UcmUcsi.sys 169351463039B45F5CDED9768879F712
C:\WINDOWS\System32\drivers\ucx01000.sys 08A9E3AD29B215484FBB68CDC175DF3A
C:\WINDOWS\System32\drivers\udecx.sys DA70AEE267491AA56BC63AA0C0C96CA2
C:\WINDOWS\System32\DRIVERS\udfs.sys FBC5ECF6D5A868D0B116C2DBB02B8168
C:\WINDOWS\System32\drivers\UEFI.sys B918E40FAA9CD118CCA4AD388B748C98
C:\WINDOWS\System32\drivers\ufx01000.sys 0FD75222C1AD2687AB365BEBEA400DD4
C:\WINDOWS\System32\drivers\UfxChipidea.sys C1A78C53E01C641AE41BFA65797819F5
C:\WINDOWS\System32\drivers\ufxsynopsys.sys 767307212110EBEFB93EC9A5BE9E85B9
C:\WINDOWS\System32\drivers\umbus.sys DC460AAA18CA2342FBBFB2DF9B044472
C:\WINDOWS\System32\drivers\umpass.sys C3CF0377917ECE6D65D7623E1E61568F
C:\WINDOWS\System32\drivers\urschipidea.sys 6B46FC140C9AF68E6E7697D66D59CB4D
C:\WINDOWS\System32\drivers\urscx01000.sys B4402E7F0923F660270442CE76877ABE
C:\WINDOWS\System32\drivers\urssynopsys.sys 9DD431F1B94789CFB527E5D19261F124
C:\WINDOWS\System32\drivers\usbccgp.sys C87E32B90F085970D9637FBAD45EF6FE
C:\WINDOWS\System32\drivers\usbcir.sys 0B663856474AC41924D9E9112203858F
C:\WINDOWS\System32\drivers\usbehci.sys F83D2250256203AC5DA5E8601C1AFDD7
C:\WINDOWS\System32\drivers\usbhub.sys 7FFD26742321919590ED77FCA556D65F
C:\WINDOWS\System32\drivers\UsbHub3.sys 7A749B2863B5561BE34B39E8E249AD8F
C:\WINDOWS\System32\drivers\usbohci.sys D2109F1F4FEBF1DAC415CDC5DE876479
C:\WINDOWS\System32\drivers\usbprint.sys 29C9572F2D061CFC3C0BD48A3163E343
C:\WINDOWS\System32\drivers\usbser.sys 429477D6DEF3321FF7D3EF23CAAADA00
C:\WINDOWS\System32\drivers\USBSTOR.SYS 529634743FB9D72BDC27F2AF02F3260C
C:\WINDOWS\System32\drivers\usbuhci.sys C917D09064CDBD18F75ADC9B2C48F847
C:\WINDOWS\System32\Drivers\usbvideo.sys B4F448F2424492F99F83D3676A453553
C:\WINDOWS\System32\drivers\USBXHCI.SYS 58827BEFC54D4396D3FD191F5DD31C1D
C:\WINDOWS\System32\drivers\vdrvroot.sys 0CBDE344FB48E42D78E29469F202ADBC
C:\WINDOWS\System32\drivers\VerifierExt.sys 723195568C8755CAD57F7933C5F2C5C2
C:\WINDOWS\System32\drivers\vhdmp.sys C124B94459916152B71A6961BE8770BB
C:\WINDOWS\System32\drivers\vhf.sys 7929228F0E8B0C2FA0495A17A4FC27F6
C:\WINDOWS\System32\drivers\vmbus.sys AEE432ED868831B1F068E373598F6D93
C:\WINDOWS\System32\drivers\VMBusHID.sys 9444B23FC694B5F90F21B0FC7F10D8DD
C:\WINDOWS\System32\drivers\vmgid.sys 4D0287F566B36536DD812A54C015FC4A
C:\WINDOWS\System32\drivers\volmgr.sys 29075915F9BDC3437F8BED71C067D399
C:\WINDOWS\System32\drivers\volmgrx.sys 6BDB6CE6D2D9E3D3F28F1C97E12B62E2
C:\WINDOWS\System32\drivers\volsnap.sys BF2546583BB75F01DDA60A7921DFB230
C:\WINDOWS\System32\drivers\volume.sys AC2E20A74D09D24485BE8396CE04F07B
C:\WINDOWS\System32\drivers\vpci.sys 92F6E3E6D3F1795263EB34B37F74AEF7
C:\WINDOWS\System32\drivers\vsmraid.sys FD9BCB8920973CEAD4D49DC7A6D8A618
C:\WINDOWS\System32\drivers\vstxraid.sys 0C111F220798CCE80484026E06822379
C:\WINDOWS\System32\drivers\vwifibus.sys 607639716E9DB1CEF4E18B5B229293B4
C:\WINDOWS\System32\drivers\vwififlt.sys B1ED64E628763148BF84FBE23F2AD711
C:\WINDOWS\System32\drivers\vwifimp.sys B1133B813E4CBF258A392CA08255BA24
C:\WINDOWS\System32\drivers\wacompen.sys 55D00B785A7587F4263D125817871283
C:\WINDOWS\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\WINDOWS\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\WINDOWS\system32\drivers\wcifs.sys E330144B97D493AA886000DCAAA8DAF5
C:\WINDOWS\system32\drivers\wcnfs.sys 8FE13674424DE8438F1A81A02BA2D423
C:\WINDOWS\system32\drivers\WdBoot.sys D520B1B849B6D4D707AB31722B952C2D
C:\WINDOWS\System32\drivers\Wdf01000.sys 5030C76047D756263093A47B82970868
C:\WINDOWS\system32\drivers\WdFilter.sys 29FF9199EDEB4F5470BB134D1A2563D2
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys CAC84836FC881E888146E8B08E568D74
C:\WINDOWS\System32\Drivers\WdNisDrv.sys 17CF416CFF408190F5A4CBD79AB12E55
C:\WINDOWS\System32\drivers\wfplwfs.sys 0A9985727EC057BBAE4C1615CD93938C
C:\WINDOWS\System32\drivers\wimmount.sys 0CF79A0EACFFBB75A50A469A27696D02
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys 0DE131733317EB4BE67028366B0CAAC6
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 92EB5D38BDF10C790450F3E46BF93A0E
C:\WINDOWS\System32\drivers\winmad.sys F95DE20312ACCA7761446DE152BD1F7C
C:\WINDOWS\System32\drivers\WinUSB.SYS 4EFB346BFDAEEB29316AA52BBB9852B1
C:\WINDOWS\System32\drivers\winverbs.sys 8B9AFF5F08E66A6F1F1063DEC9457FB6
C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys F3E427DB8ED545879AE6716F7FA9B85E
C:\WINDOWS\System32\drivers\wmiacpi.sys 6F4F4F5A007D1710BD76FB311DA97C07
C:\Windows\System32\Drivers\Wof.sys 43C8D087B31C592163B33A4BDA540E40
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 75A9284F01FE7CB1A7D5EAE5C1EB4F33
C:\WINDOWS\system32\drivers\ws2ifsl.sys 36D7B73ADC3E10607ED6EC874AFB5D1E
C:\WINDOWS\System32\drivers\WudfPf.sys AED7FE551E8672B824A56324076183EB
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\WINDOWS\System32\drivers\xboxgip.sys DB77764B46D02DCB9777D9E00A3F7D63
C:\WINDOWS\System32\drivers\xinputhid.sys 63088A3361D9A308F328F11E9099DD87
C:\Users\Shawn Merklein\AppData\Local\Temp\aswMBR.sys AE358AA704ED7BD4A592053426237065
C:\Users\Shawn Merklein\AppData\Local\Temp\aswVmm.sys A6542A6E95461458FD386D4A40417F31

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-06 17:57 - 2017-09-06 17:57 - 000282005 _____ C:\Users\Shawn Merklein\Downloads\Shortcut.txt
2017-09-06 17:49 - 2017-09-06 17:50 - 002395648 _____ (Farbar) C:\Users\Shawn Merklein\Downloads\FRST64.exe
2017-09-06 17:48 - 2017-09-06 17:48 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\GrantPerms64
2017-09-06 17:47 - 2017-09-06 17:47 - 000628779 _____ C:\Users\Shawn Merklein\Downloads\GrantPerms64.zip
2017-09-06 17:19 - 2017-09-06 17:20 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\American.Horror.Story.S07E01.HDTV.x264-SVA[ettv]
2017-09-06 00:38 - 2017-09-06 00:41 - 298130802 ____R C:\Users\Shawn Merklein\Downloads\[MomsBangTeens] Alena Croft, Evelin Stone - Movie Night Done Right (21.08.2017) rq.mp4
2017-09-06 00:29 - 2017-09-06 01:07 - 527417856 ____R C:\Users\Shawn Merklein\Downloads\[Swallowed] Alex More, Jojo Kiss, Joseline Kelly - Are Tag Team Sensation (19.06.2017) rq (720p).mp4
2017-09-06 00:27 - 2017-09-06 00:38 - 688541501 ____R C:\Users\Shawn Merklein\Downloads\[BangBus] Alex More (From Jail to a Dirt Road, Biggest Mistake She Ever Done - 05.04.2017) rq.mp4
2017-09-05 23:08 - 2017-09-05 23:08 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\Women.Seeking.Women.144.XXX.DVDRip.x264-UPPERCUT
2017-09-05 23:04 - 2017-09-05 23:12 - 622975488 ____R C:\Users\Shawn Merklein\Downloads\[Exxxtrasmall] Alex More - Tiny Trained bleep Teen (17.08.2017) rq.mp4
2017-09-05 22:31 - 2017-09-05 22:53 - 989228349 ____R C:\Users\Shawn Merklein\Downloads\MomsBangTeens - Pussy Hunting With Stepmom - Olivia Austin, Quinn Wilde [720p].mp4
2017-09-05 22:26 - 2017-09-05 22:35 - 544531031 ____R C:\Users\Shawn Merklein\Downloads\[MomsTeachSex] India Summer, Kenzie Reeves - Mom Cums First (03.09.2017) rq.mp4
2017-09-05 22:24 - 2017-09-05 22:33 - 378461913 ____R C:\Users\Shawn Merklein\Downloads\[AssParade] Rose Monroe - Rose s Sexercise (21.08.2017) rq.mp4
2017-09-05 22:23 - 2017-09-06 17:18 - 000000000 ____D C:\Users\Shawn Merklein\AppData\LocalLow\uTorrent
2017-09-05 20:21 - 2017-09-06 17:13 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Local\ntuserlitelist
2017-09-05 20:16 - 2017-09-06 08:48 - 000090310 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2017-09-05 20:16 - 2017-09-06 08:48 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-05 20:14 - 2017-09-05 20:14 - 000000000 ____D C:\@RestoreQuarantine
2017-09-05 20:03 - 2017-09-05 23:18 - 000000000 ____D C:\ProgramData\RegRun
2017-09-05 20:02 - 2017-09-06 17:35 - 000000000 ____D C:\Users\Shawn Merklein\Documents\RegRun2
2017-09-05 20:02 - 2017-09-06 17:32 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2017-09-05 20:02 - 2017-09-05 20:18 - 000003428 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2017-09-05 20:02 - 2017-09-05 20:17 - 000001080 _____ C:\Users\Shawn Merklein\Desktop\UnHackMe.lnk
2017-09-05 20:02 - 2017-09-05 20:05 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2017-09-05 20:02 - 2017-09-05 20:02 - 000040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2017-09-05 20:02 - 2017-09-05 20:02 - 000000002 RSHOT C:\WINDOWS\winstart.bat
2017-09-05 20:02 - 2017-09-05 20:02 - 000000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2017-09-05 20:02 - 2017-09-05 20:02 - 000000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2017-09-05 20:02 - 2017-09-05 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2017-09-05 20:02 - 2017-08-30 11:47 - 000014984 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2017-09-05 20:02 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2017-09-05 19:49 - 2017-09-05 19:49 - 000000000 ____D C:\Users\Shawn Merklein\Documents\PCHunter_free
2017-09-05 19:09 - 2017-09-05 19:09 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Shawn Merklein\Downloads\tdsskiller.exe
2017-09-05 18:58 - 2017-09-05 18:58 - 005200384 _____ (AVAST Software) C:\Users\Shawn Merklein\Downloads\aswmbr.exe
2017-09-05 18:47 - 2017-09-05 18:50 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\www.Torrenting.com - Midnight.Texas.S01E07.XviD-AFG
2017-09-05 18:46 - 2017-09-05 18:49 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\People.of.Earth.S02E07.HDTV.x264-SVA[ettv]
2017-09-04 21:35 - 2017-09-04 21:35 - 000881904 _____ (Plumbytes Software) C:\Users\Shawn Merklein\Downloads\j,txt.exe
2017-09-04 20:05 - 2017-09-04 20:05 - 000000000 ____D C:\Users\Shawn Merklein\Documents\RootkitRevealer
2017-09-04 20:03 - 2017-09-04 20:03 - 000000000 ____D C:\Users\Shawn Merklein\Pavark
2017-09-04 20:00 - 2017-09-04 20:00 - 000000000 ____D C:\Users\Shawn Merklein\Documents\tdl-detector
2017-09-04 19:53 - 2017-09-04 19:53 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Shawn Merklein\Downloads\mbar-1.09.3.1001.exe
2017-09-04 18:55 - 2017-09-04 18:56 - 035802208 _____ (Adlice Software ) C:\Users\Shawn Merklein\Downloads\setup (1).exe
2017-09-04 18:51 - 2017-09-04 18:51 - 002263086 ____R C:\Users\Shawn Merklein\Documents\shawn Backup_2017-09-04_185118.mbf
2017-09-04 18:27 - 2017-09-04 18:27 - 002299520 ____R C:\Users\Shawn Merklein\Documents\shawn Backup_2017-09-04_182731.mbf
2017-09-04 18:26 - 2017-09-04 18:26 - 002299520 ____R C:\Users\Shawn Merklein\Documents\shawn Backup_2017-09-04_182651.mbf
2017-09-04 18:07 - 2017-09-04 18:14 - 298054379 ____R C:\Users\Shawn Merklein\Downloads\[MySistersHotFriend] Bella Rose (02.09.2017) rq.mp4
2017-09-04 18:02 - 2017-09-04 18:05 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\www.Torrenting.com - The.Last.Ship.S04E04.HDTV.x264-LOL
2017-09-04 18:01 - 2017-09-04 18:03 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\The.Strain.S04E08.HDTV.x264-SVA[ettv]
2017-09-03 19:30 - 2017-09-03 19:30 - 000604928 _____ (Reimage) C:\Users\Shawn Merklein\Downloads\ReimageRepair.exe
2017-09-03 00:42 - 2017-09-03 07:47 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\Mommy.Swap.XXX.DVDRip.x264-BTRA
2017-09-01 23:45 - 2017-09-01 23:56 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\5 Incredible Orgies 2014 WEB-DL MP4-RARBG
2017-09-01 21:50 - 2017-09-01 21:58 - 299830961 ____R C:\Users\Shawn Merklein\Downloads\[2ChicksSameTime] Kimber Lee, Vanessa Cage (21.07.2017) rq.mp4
2017-08-31 22:11 - 2017-09-04 19:20 - 000000000 ____D C:\ProgramData\TEMP
2017-08-31 22:09 - 2017-08-31 22:09 - 000000000 ____D C:\ProgramData\Simply Super Software
2017-08-31 22:02 - 2017-08-31 22:03 - 007986864 _____ ( ) C:\Users\Shawn Merklein\Downloads\AVG_Remover.exe
2017-08-31 18:48 - 2017-08-31 18:51 - 323624818 ____R C:\Users\Shawn Merklein\Downloads\gfrevenge.17.08.30.shortie.breeze.and.miranda.mills.we.can.share[tk][480p].mp4
2017-08-30 18:34 - 2017-08-30 18:38 - 289449724 _____ C:\Users\Shawn Merklein\Downloads\[WeLiveTogether] Darcie Dolce, Lena Paul - Back To School (29.08.2017) rq.mp4
2017-08-30 18:34 - 2017-08-30 18:34 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\This Hurts Mommy More (Modern Taboo Family)(Role Play)
2017-08-30 18:32 - 2017-08-30 18:35 - 247457734 _____ C:\Users\Shawn Merklein\Downloads\[MyFriendsHotMom] Ashton Blake (28.08.2017) rq.mp4
2017-08-30 18:31 - 2017-08-30 18:34 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\5 Incredible Orgies 2 201511 DVDRip
2017-08-30 18:31 - 2017-08-30 18:31 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\Cytherea.Is.A.Lesbian.Squirt.Machine.x264-PORNOLATiON
2017-08-30 18:28 - 2017-08-30 18:31 - 291600099 _____ C:\Users\Shawn Merklein\Downloads\[MonsterCurves] Briana Bounce - Working Out With Briana (29.08.2017) rq.mp4
2017-08-30 18:26 - 2017-08-30 18:26 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\Moms Bang Teens - Dirty minds - Puma Swede & Vanessa Cage [432] [.mp4]
2017-08-30 18:23 - 2017-08-30 18:24 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\5 Incredible Orgies 3 (2016) WEB-DL SPLIT SCENES MP4-RARBG
2017-08-29 21:42 - 2017-08-29 21:42 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-29 21:42 - 2017-08-29 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-29 21:42 - 2017-06-27 12:06 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-29 19:02 - 2017-08-28 23:16 - 000011776 _____ C:\WINDOWS\wafting.exe
2017-08-29 18:00 - 2017-09-06 17:41 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Local\CrashDumps
2017-08-29 17:52 - 2017-08-29 23:22 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-29 17:51 - 2017-08-29 20:55 - 000000000 ____D C:\ProgramData\RogueKiller
2017-08-29 17:46 - 2017-08-29 17:50 - 035783232 _____ (Adlice Software ) C:\Users\Shawn Merklein\Downloads\setup.exe
2017-08-29 08:33 - 2017-08-29 21:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-29 08:13 - 2017-08-29 08:13 - 000591356 _____ C:\WINDOWS\Minidump\082917-46687-01.dmp
2017-08-29 08:11 - 2017-08-29 08:11 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\bhnm0b2nrpg
2017-08-29 08:11 - 2017-08-29 08:11 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\bcxhatae4nw
2017-08-29 08:11 - 2017-08-29 08:11 - 000000000 ____D C:\ProgramData\Micro Foundation 7
2017-08-29 02:51 - 2017-08-29 02:51 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Local\NetworkTiles
2017-08-29 00:54 - 2017-08-29 00:54 - 000000000 ____D C:\zoek
2017-08-28 23:43 - 2017-08-28 23:43 - 000571380 _____ C:\WINDOWS\Minidump\082817-35000-01.dmp
2017-08-28 23:41 - 2017-08-28 23:41 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\wtmo1ynwrrg
2017-08-28 23:41 - 2017-08-28 23:41 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\apqqcxlutg1
2017-08-28 23:39 - 2017-08-28 23:39 - 000601076 _____ C:\WINDOWS\Minidump\082817-34140-01.dmp
2017-08-28 23:37 - 2017-08-28 23:37 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\ymd52mgjesx
2017-08-28 23:37 - 2017-08-28 23:37 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\pew54tporac
2017-08-28 23:35 - 2017-08-28 23:35 - 000610716 _____ C:\WINDOWS\Minidump\082817-38875-01.dmp
2017-08-28 23:33 - 2017-08-28 23:33 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\jpomvs4za2g
2017-08-28 23:33 - 2017-08-28 23:33 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\fhyfv53f5hq
2017-08-28 23:31 - 2017-08-28 23:31 - 000591812 _____ C:\WINDOWS\Minidump\082817-40687-01.dmp
2017-08-28 23:29 - 2017-08-28 23:29 - 000003858 _____ C:\WINDOWS\System32\Tasks\k31052664
2017-08-28 23:29 - 2017-08-28 23:29 - 000003742 _____ C:\WINDOWS\System32\Tasks\tsk31052664k31052664
2017-08-28 23:29 - 2017-08-28 23:29 - 000000020 _____ C:\WINDOWS\b82006397
2017-08-28 23:29 - 2017-08-28 23:29 - 000000000 ___HD C:\Program Files (x86)\Sternly
2017-08-28 23:29 - 2017-08-28 23:29 - 000000000 ___HD C:\Program Files (x86)\nonthreatening
2017-08-28 23:29 - 2017-08-28 23:29 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\w53cn3wqduf
2017-08-28 23:29 - 2017-08-28 23:29 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\lnxmp5iv3lu
2017-08-28 23:29 - 2017-08-28 23:29 - 000000000 ____D C:\Program Files (x86)\podolsky
2017-08-28 23:29 - 2017-08-28 23:29 - 000000000 ____D C:\Program Files (x86)\Gamma
2017-08-28 23:27 - 2017-08-29 08:08 - 000383288 _____ C:\runcheck.txt
2017-08-28 22:58 - 2017-08-28 22:58 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\x0vltbe2ai5
2017-08-28 22:58 - 2017-08-28 22:58 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\imrbxdd1tbo
2017-08-28 22:55 - 2017-08-28 22:55 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\j4xr1k5bsiw
2017-08-28 22:54 - 2017-08-28 22:54 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\guyexiic4je
2017-08-28 22:51 - 2017-08-28 22:51 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\pgfb4pdpnik
2017-08-28 22:51 - 2017-08-28 22:51 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\ao410bjb22x
2017-08-28 22:49 - 2017-08-28 22:49 - 000578292 _____ C:\WINDOWS\Minidump\082817-33375-01.dmp
2017-08-28 22:47 - 2017-08-28 22:47 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\ooquyfjlxpb
2017-08-28 22:47 - 2017-08-28 22:47 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\db0pppfpsab
2017-08-28 22:44 - 2017-08-28 22:44 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\xjpso51pzbw
2017-08-28 22:44 - 2017-08-28 22:44 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\gb1410nddnx
2017-08-28 22:42 - 2017-08-28 22:42 - 000000000 _____ C:\WINDOWS\Minidump\082817-31968-01.dmp
2017-08-28 22:40 - 2017-08-28 22:40 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\msa1d5wlsl1
2017-08-28 22:40 - 2017-08-28 22:40 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\1vif1m33klp
2017-08-28 22:38 - 2017-08-28 22:38 - 000578164 _____ C:\WINDOWS\Minidump\082817-34687-01.dmp
2017-08-28 22:36 - 2017-08-28 22:36 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\insgnrtwdki
2017-08-28 22:36 - 2017-08-28 22:36 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\hxj0wp2cnzm
2017-08-28 22:21 - 2017-08-28 22:22 - 000610492 _____ C:\WINDOWS\Minidump\082817-36031-01.dmp
2017-08-28 22:17 - 2017-08-28 22:17 - 000000000 _____ C:\WINDOWS\Minidump\082817-34015-01.dmp
2017-08-28 22:15 - 2017-08-28 22:15 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\uob3umbltt4
2017-08-28 22:13 - 2017-08-28 22:13 - 000625212 _____ C:\WINDOWS\Minidump\082817-36953-01.dmp
2017-08-28 21:08 - 2017-08-28 21:11 - 000606212 _____ C:\WINDOWS\Minidump\082817-35421-01.dmp
2017-08-28 21:07 - 2017-08-29 19:03 - 000000000 ____D C:\Program Files\DLUW2FUXP4
2017-08-28 21:00 - 2017-08-28 21:01 - 000602340 _____ C:\WINDOWS\Minidump\082817-35828-01.dmp
2017-08-28 20:52 - 2017-08-28 20:52 - 000587604 _____ C:\WINDOWS\Minidump\082817-35281-01.dmp
2017-08-28 20:47 - 2017-08-28 20:47 - 000616860 _____ C:\WINDOWS\Minidump\082817-37265-01.dmp
2017-08-28 20:43 - 2017-08-28 20:43 - 000592764 _____ C:\WINDOWS\Minidump\082817-38265-01.dmp
2017-08-28 18:36 - 2017-08-28 18:36 - 000597292 _____ C:\WINDOWS\Minidump\082817-36468-01.dmp
2017-08-28 17:23 - 2017-08-28 17:24 - 000579964 _____ C:\WINDOWS\Minidump\082817-38296-01.dmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswf87fa4e061f18de4.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswd9b2a8847b978f96.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswb2f36dd1fb0556e9.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw9dfb93c4074b3e5f.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw9d245e7785c972a5.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw9aaabc578475f20a.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw87483b4899eac03f.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw68acee272c11dbba.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw6683406255101b30.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw4cc021c02cefef7b.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw41128c9feed671f1.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw404e12a2e30ec1b4.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw3910a6f4f8c7994b.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw3540a63467b9c64b.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw34503c8216568305.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw3314a4e8edcc09ca.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw30dc8647fe848bd3.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw2d8c8ab913b75ea7.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw2aa8d0873abd7a41.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw225f15301aaf6218.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw1a94e2aa5c1662e1.tmp
2017-08-28 12:35 - 2017-07-30 20:20 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw 858e2e990e87922.tmp
2017-08-28 09:30 - 2017-08-29 21:23 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-08-28 09:20 - 2017-08-28 09:20 - 000599324 _____ C:\WINDOWS\Minidump\082817-32953-01.dmp
2017-08-28 09:15 - 2017-08-28 09:15 - 000596028 _____ C:\WINDOWS\Minidump\082817-33156-01.dmp
2017-08-28 09:11 - 2017-08-28 09:12 - 000598884 _____ C:\WINDOWS\Minidump\082817-33218-01.dmp
2017-08-28 09:06 - 2017-08-28 09:08 - 000589644 _____ C:\WINDOWS\Minidump\082817-32234-01.dmp
2017-08-28 09:02 - 2017-08-28 09:04 - 000611420 _____ C:\WINDOWS\Minidump\082817-34187-01.dmp
2017-08-28 08:58 - 2017-08-28 08:58 - 000587244 _____ C:\WINDOWS\Minidump\082817-36250-01.dmp
2017-08-28 08:54 - 2017-08-28 08:55 - 000566868 _____ C:\WINDOWS\Minidump\082817-33265-01.dmp
2017-08-28 08:49 - 2017-08-28 08:49 - 000610500 _____ C:\WINDOWS\Minidump\082817-41484-01.dmp
2017-08-28 08:34 - 2017-09-05 19:19 - 000003664 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-08-28 08:18 - 2017-08-28 08:18 - 000000000 ____D C:\WINDOWS\pss
2017-08-28 08:08 - 2017-08-28 08:10 - 000594580 _____ C:\WINDOWS\Minidump\082817-27609-01.dmp
2017-08-27 23:46 - 2017-08-27 23:48 - 000615428 _____ C:\WINDOWS\Minidump\082717-38234-01.dmp
2017-08-27 23:42 - 2017-08-27 23:42 - 000000000 _____ C:\WINDOWS\Minidump\082717-42937-01.dmp
2017-08-27 23:06 - 2017-08-27 23:06 - 000000000 _____ C:\WINDOWS\Minidump\082717-35703-01.dmp
2017-08-27 22:59 - 2017-08-27 22:59 - 000000000 _____ C:\WINDOWS\Minidump\082717-34687-01.dmp
2017-08-27 22:44 - 2017-08-27 22:46 - 000618092 _____ C:\WINDOWS\Minidump\082717-35843-01.dmp
2017-08-27 22:40 - 2017-08-27 22:40 - 000000000 _____ C:\WINDOWS\Minidump\082717-37031-01.dmp
2017-08-27 22:38 - 2017-08-29 08:11 - 001847296 _____ C:\Users\Shawn Merklein\AppData\Local\po.db
2017-08-27 22:38 - 2017-08-27 22:38 - 000140800 _____ C:\Users\Shawn Merklein\AppData\Local\installer.dat
2017-08-27 22:36 - 2017-08-27 22:36 - 000000000 _____ C:\WINDOWS\Minidump\082717-39531-01.dmp
2017-08-27 21:55 - 2017-08-27 21:55 - 000000000 ____D C:\Program Files (x86)\HiJackThisz
2017-08-27 21:21 - 2017-08-27 21:22 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\Temp
2017-08-27 21:08 - 2017-08-27 21:08 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\Hide My IP 6.0.370 Premium VPN + Keys - AppzDam
2017-08-27 21:05 - 2017-08-27 21:05 - 002926208 _____ C:\Users\Shawn Merklein\Downloads\Hide My IP 6.0.370 Premium VPN + Keys - AppzDam.zip
2017-08-27 21:04 - 2017-08-27 21:04 - 002768896 ____N C:\WINDOWS\system32\msfgvtx.exe
2017-08-27 21:03 - 2017-08-27 21:03 - 000003844 _____ C:\WINDOWS\System32\Tasks\k78937424
2017-08-27 21:03 - 2017-08-27 21:03 - 000003726 _____ C:\WINDOWS\System32\Tasks\gak78937424k78937424
2017-08-27 21:03 - 2017-08-27 21:03 - 000000020 _____ C:\WINDOWS\b30366400
2017-08-27 21:03 - 2017-08-27 21:03 - 000000000 ___HD C:\Program Files (x86)\Mule
2017-08-27 21:03 - 2017-08-27 21:03 - 000000000 ___HD C:\Program Files (x86)\duchesse
2017-08-27 21:03 - 2017-08-27 21:03 - 000000000 ____D C:\Program Files (x86)\Salah
2017-08-27 21:03 - 2017-08-27 21:03 - 000000000 ____D C:\Program Files (x86)\krol
2017-08-27 19:57 - 2017-08-27 21:05 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\Hide My IP 9.0.377Multilingual Premium VPN + Key
2017-08-27 19:32 - 2017-08-27 19:32 - 000000000 ___HD C:\OneDriveTemp
2017-08-27 19:21 - 2017-08-27 20:01 - 000000000 ____D C:\Users\Shawn Merklein\AppData\LocalLow\Mozilla
2017-08-27 19:20 - 2017-08-27 19:25 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Local\Mozilla
2017-08-27 19:20 - 2017-08-27 19:21 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\Mozilla
2017-08-27 19:19 - 2017-08-29 19:45 - 158828506 _____ C:\Users\Shawn Merklein\Downloads\pml.17.08.17.madison.milstar.madison.and.the.27-year-old[tk][480p].mp4
2017-08-27 13:59 - 2017-09-06 17:57 - 000033094 _____ C:\Users\Shawn Merklein\Downloads\Addition.txt
2017-08-27 13:56 - 2017-09-06 17:58 - 000036769 _____ C:\Users\Shawn Merklein\Downloads\FRST.txt
2017-08-27 13:56 - 2017-09-06 17:58 - 000000000 ____D C:\FRST
2017-08-27 13:51 - 2017-08-29 00:55 - 000000000 ____D C:\zoek_backup
2017-08-27 01:49 - 2017-08-27 01:49 - 000011776 _____ (Paladino) C:\WINDOWS\goldstein.exe
2017-08-25 23:10 - 2017-08-25 23:10 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\French hairy amateur
2017-08-25 23:08 - 2017-08-25 23:18 - 342710539 _____ C:\Users\Shawn Merklein\Downloads\[LadyboyGold] Ning, Jonelle Brooks - Piss in Ass Threesome (11.04.2017) rq (720p).mp4
2017-08-25 07:34 - 2017-08-25 07:34 - 000051638 _____ C:\WINDOWS\uninstaller.dat
2017-08-23 17:14 - 2017-08-23 17:17 - 310757566 _____ C:\Users\Shawn Merklein\Downloads\Lana Rhoades.mp4
2017-08-22 21:34 - 2017-08-22 21:55 - 423593685 _____ C:\Users\Shawn Merklein\Downloads\[GFRevenge] Kimmy Fabel - Bikini Body (03.04.2017) rq.mp4
2017-08-20 10:37 - 2017-08-20 10:37 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\VA - The Hitman’s Bodyguard (OST) (2017) (Mp3 320kbps) [Hunter] SSEC
2017-08-17 23:40 - 2017-08-17 23:44 - 000831748 _____ C:\WINDOWS\Minidump\081717-40593-01.dmp
2017-08-16 23:59 - 2017-08-16 23:59 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\Sexy hot girl with creamy pussy pee after masturbating
2017-08-15 18:08 - 2017-08-15 18:13 - 428194619 _____ C:\Users\Shawn Merklein\Downloads\[MomsTeachSex] Alexis Fawx - Let Mommy Help You (08.08.2017) rq.mp4
2017-08-15 18:03 - 2017-08-15 18:16 - 246095609 _____ C:\Users\Shawn Merklein\Downloads\Curvy BBW.mp4
2017-08-15 17:57 - 2017-08-15 17:57 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\MomsBangTeens - Alyssa Cole, Savana Styles (All In Alyssa) 01.30.17
2017-08-11 18:27 - 2017-08-11 18:38 - 289153028 _____ C:\Users\Shawn Merklein\Downloads\[MomsBangTeens] Kendra Lynn, Mercedes Carrera - Helping Hand (07.08.2017) rq.mp4
2017-08-11 18:18 - 2017-08-11 18:45 - 413087930 _____ C:\Users\Shawn Merklein\Downloads\video-bagging-that-pee_720p.mp4
2017-08-10 19:52 - 2017-08-10 19:52 - 000000000 ____D C:\Users\Shawn Merklein\Documents\Garmin
2017-08-10 18:17 - 2017-08-10 18:18 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Local\Garmin_Ltd._or_its_subsid
2017-08-10 18:17 - 2017-08-10 18:17 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\Garmin
2017-08-10 18:17 - 2017-08-10 18:17 - 000000000 ____D C:\Program Files\DIFX
2017-08-10 18:16 - 2017-08-10 22:00 - 000000000 ____D C:\ProgramData\Garmin
2017-08-10 18:16 - 2017-08-10 18:17 - 000000000 ____D C:\Program Files (x86)\Garmin
2017-08-10 18:16 - 2017-08-10 18:16 - 000003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2017-08-10 18:16 - 2017-08-10 18:16 - 000001963 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2017-08-10 18:16 - 2017-08-10 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-08-09 11:44 - 2017-08-16 20:00 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\TeensLoveAnal - Alana Summers (The Passion Of The Poop Hole) NEW 10 January 2017
2017-08-09 10:44 - 2017-08-01 14:21 - 000857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 10:44 - 2017-08-01 14:20 - 000557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-08-09 10:44 - 2017-08-01 13:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-08-09 10:44 - 2017-08-01 13:43 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-08-09 10:44 - 2017-08-01 13:32 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 10:44 - 2017-08-01 13:27 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-08-09 10:44 - 2017-08-01 13:27 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-08-09 10:44 - 2017-08-01 12:20 - 002264344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 10:44 - 2017-08-01 12:20 - 001431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-08-09 10:44 - 2017-08-01 12:20 - 000781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 10:44 - 2017-08-01 12:20 - 000116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-08-09 10:44 - 2017-08-01 12:19 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-08-09 10:44 - 2017-08-01 12:19 - 000577976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 10:44 - 2017-08-01 12:19 - 000339896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 10:44 - 2017-08-01 12:19 - 000266080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 10:44 - 2017-08-01 12:19 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 10:44 - 2017-08-01 12:18 - 000139104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 10:44 - 2017-08-01 12:16 - 006665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 10:44 - 2017-08-01 12:16 - 004023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-08-09 10:44 - 2017-08-01 12:16 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 10:44 - 2017-08-01 12:15 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 10:44 - 2017-08-01 12:15 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-08-09 10:44 - 2017-08-01 12:15 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-08-09 10:44 - 2017-08-01 12:15 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-08-09 10:44 - 2017-08-01 12:10 - 000306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-08-09 10:44 - 2017-08-01 12:07 - 005686784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 10:44 - 2017-08-01 11:59 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 10:44 - 2017-08-01 11:58 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-08-09 10:44 - 2017-08-01 11:56 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-08-09 10:44 - 2017-08-01 11:56 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-08-09 10:44 - 2017-08-01 11:55 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-09 10:44 - 2017-08-01 11:54 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-08-09 10:44 - 2017-08-01 11:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-08-09 10:44 - 2017-08-01 11:54 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 10:44 - 2017-08-01 11:53 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-08-09 10:44 - 2017-08-01 11:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2017-08-09 10:44 - 2017-08-01 11:52 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-08-09 10:44 - 2017-08-01 11:51 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-08-09 10:44 - 2017-08-01 11:51 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-08-09 10:44 - 2017-08-01 11:51 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-08-09 10:44 - 2017-08-01 11:51 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 10:44 - 2017-08-01 11:51 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 10:44 - 2017-08-01 11:50 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-08-09 10:44 - 2017-08-01 11:50 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-08-09 10:44 - 2017-08-01 11:50 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-08-09 10:44 - 2017-08-01 11:50 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-08-09 10:44 - 2017-08-01 11:49 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 10:44 - 2017-08-01 11:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-08-09 10:44 - 2017-08-01 11:48 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 10:44 - 2017-08-01 11:47 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-08-09 10:44 - 2017-08-01 11:47 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-08-09 10:44 - 2017-08-01 11:47 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-08-09 10:44 - 2017-08-01 11:47 - 000396288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 10:44 - 2017-08-01 11:47 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-08-09 10:44 - 2017-08-01 11:45 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-08-09 10:44 - 2017-08-01 11:45 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certmgr.dll
2017-08-09 10:44 - 2017-08-01 11:41 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-08-09 10:44 - 2017-08-01 11:39 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 10:44 - 2017-08-01 11:39 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 10:44 - 2017-08-01 11:38 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-08-09 10:44 - 2017-08-01 11:37 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 10:44 - 2017-08-01 11:37 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll
2017-08-09 10:44 - 2017-08-01 11:37 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-08-09 10:44 - 2017-08-01 11:36 - 007468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-08-09 10:44 - 2017-08-01 11:35 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-08-09 10:44 - 2017-08-01 11:34 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-08-09 10:44 - 2017-08-01 11:34 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 10:44 - 2017-08-01 11:34 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-08-09 10:44 - 2017-08-01 11:33 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-08-09 10:44 - 2017-08-01 11:32 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-08-09 10:44 - 2017-08-01 11:32 - 002648576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-08-09 10:44 - 2017-08-01 11:31 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-09 10:44 - 2017-08-01 11:31 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-08-09 10:44 - 2017-08-01 11:31 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 10:44 - 2017-08-01 11:31 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-08-09 10:44 - 2017-08-01 11:31 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-08-09 10:44 - 2017-08-01 11:31 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-08-09 10:44 - 2017-08-01 11:30 - 002997248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 10:44 - 2017-08-01 11:30 - 002482688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-09 10:44 - 2017-08-01 11:30 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-08-09 10:44 - 2017-08-01 11:30 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 10:44 - 2017-08-01 11:30 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-08-09 10:44 - 2017-08-01 11:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-08-09 10:44 - 2017-08-01 11:30 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-08-09 10:44 - 2017-08-01 11:29 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-08-09 10:44 - 2017-08-01 11:28 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-08-09 10:44 - 2017-08-01 09:15 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 10:44 - 2017-08-01 09:15 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 10:44 - 2017-08-01 09:15 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 10:44 - 2017-08-01 09:15 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 10:44 - 2017-08-01 09:15 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 10:44 - 2017-08-01 09:15 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 10:44 - 2017-08-01 09:15 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 10:44 - 2017-08-01 09:15 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 10:44 - 2017-08-01 09:15 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 10:44 - 2017-08-01 09:15 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 10:44 - 2017-08-01 09:15 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 10:44 - 2017-08-01 09:15 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 10:44 - 2017-08-01 09:15 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 10:44 - 2017-08-01 09:15 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 10:44 - 2017-08-01 09:15 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 10:44 - 2017-07-12 01:17 - 000081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-08-09 10:44 - 2017-07-12 01:15 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-08-09 10:44 - 2017-07-12 01:12 - 001573280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-08-09 10:44 - 2017-07-12 01:01 - 000715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-08-09 10:44 - 2017-07-12 01:00 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2017-08-09 10:44 - 2017-07-12 00:56 - 000277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 10:44 - 2017-07-12 00:55 - 000607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-08-09 10:44 - 2017-07-12 00:55 - 000111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-08-09 10:44 - 2017-07-12 00:52 - 004312760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-08-09 10:44 - 2017-07-12 00:35 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll
2017-08-09 10:44 - 2017-07-12 00:32 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2017-08-09 10:44 - 2017-07-12 00:32 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\frprov.dll
2017-08-09 10:44 - 2017-07-12 00:31 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 10:44 - 2017-07-12 00:31 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2017-08-09 10:44 - 2017-07-12 00:30 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2017-08-09 10:44 - 2017-07-12 00:29 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-08-09 10:44 - 2017-07-12 00:29 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll
2017-08-09 10:44 - 2017-07-12 00:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-08-09 10:44 - 2017-07-12 00:24 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmdisk0101.sys
2017-08-09 10:44 - 2017-07-12 00:23 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 10:44 - 2017-07-12 00:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-08-09 10:44 - 2017-07-12 00:21 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 10:44 - 2017-07-12 00:19 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-08-09 10:44 - 2017-07-12 00:18 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-08-09 10:44 - 2017-07-12 00:15 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 10:44 - 2017-07-12 00:15 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll
2017-08-09 10:44 - 2017-07-12 00:14 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 10:44 - 2017-07-12 00:13 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 10:44 - 2017-07-12 00:12 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-08-09 10:44 - 2017-07-12 00:11 - 002154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-08-09 10:44 - 2017-07-12 00:10 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 10:44 - 2017-07-12 00:10 - 000546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-08-09 10:44 - 2017-07-12 00:09 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-08-09 10:44 - 2017-07-12 00:07 - 001572352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-08-09 10:44 - 2017-07-12 00:05 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 10:44 - 2017-03-04 01:05 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-08-09 10:43 - 2017-08-01 14:32 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-08-09 10:43 - 2017-08-01 14:29 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 10:43 - 2017-08-01 14:27 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 10:43 - 2017-08-01 14:22 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-08-09 10:43 - 2017-08-01 14:22 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-08-09 10:43 - 2017-08-01 14:18 - 008169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 10:43 - 2017-08-01 14:18 - 004260064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-08-09 10:43 - 2017-08-01 14:18 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 10:43 - 2017-08-01 14:18 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-08-09 10:43 - 2017-08-01 14:18 - 000092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-08-09 10:43 - 2017-08-01 14:17 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 10:43 - 2017-08-01 14:17 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-08-09 10:43 - 2017-08-01 14:17 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-08-09 10:43 - 2017-08-01 14:13 - 002532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 10:43 - 2017-08-01 14:13 - 000387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 10:43 - 2017-08-01 13:57 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-08-09 10:43 - 2017-08-01 13:53 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-08-09 10:43 - 2017-08-01 13:52 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-08-09 10:43 - 2017-08-01 13:51 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-09 10:43 - 2017-08-01 13:50 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 10:43 - 2017-08-01 13:48 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-08-09 10:43 - 2017-08-01 13:48 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 10:43 - 2017-08-01 13:47 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-08-09 10:43 - 2017-08-01 13:47 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 10:43 - 2017-08-01 13:46 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-08-09 10:43 - 2017-08-01 13:46 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-08-09 10:43 - 2017-08-01 13:46 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 10:43 - 2017-08-01 13:45 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 10:43 - 2017-08-01 13:45 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-08-09 10:43 - 2017-08-01 13:45 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-08-09 10:43 - 2017-08-01 13:44 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-08-09 10:43 - 2017-08-01 13:42 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 10:43 - 2017-08-01 13:38 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-08-09 10:43 - 2017-08-01 13:37 - 013091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 10:43 - 2017-08-01 13:35 - 001908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 10:43 - 2017-08-01 13:32 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 10:43 - 2017-08-01 13:32 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-08-09 10:43 - 2017-08-01 13:29 - 004743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 10:43 - 2017-08-01 13:29 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-08-09 10:43 - 2017-08-01 13:27 - 008076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-08-09 10:43 - 2017-08-01 13:27 - 004149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-08-09 10:43 - 2017-08-01 13:27 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 10:43 - 2017-08-01 13:27 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-08-09 10:43 - 2017-08-01 13:26 - 001513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 10:43 - 2017-08-01 13:26 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-08-09 10:43 - 2017-08-01 13:24 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-08-09 10:43 - 2017-08-01 13:24 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-08-09 10:43 - 2017-08-01 11:51 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 10:43 - 2017-08-01 11:42 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 10:43 - 2017-08-01 11:40 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 10:43 - 2017-08-01 11:40 - 012187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 10:43 - 2017-08-01 11:37 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-08-09 10:43 - 2017-08-01 11:37 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-08-09 10:43 - 2017-08-01 11:33 - 006031872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 10:43 - 2017-08-01 11:31 - 003664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 10:43 - 2017-07-12 01:15 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 10:43 - 2017-07-12 01:12 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 10:43 - 2017-07-12 01:09 - 001181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-08-09 10:43 - 2017-07-12 01:02 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-08-09 10:43 - 2017-07-12 01:01 - 000156000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2017-08-09 10:43 - 2017-07-12 01:00 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-08-09 10:43 - 2017-07-12 01:00 - 000160608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2017-08-09 10:43 - 2017-07-12 00:59 - 000857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-08-09 10:43 - 2017-07-12 00:59 - 000148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-08-09 10:43 - 2017-07-12 00:24 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2017-08-09 10:43 - 2017-07-12 00:23 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-08-09 10:43 - 2017-07-12 00:23 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-08-09 10:43 - 2017-07-12 00:23 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-08-09 10:43 - 2017-07-12 00:21 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2017-08-09 10:43 - 2017-07-12 00:17 - 000552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-08-09 10:43 - 2017-07-12 00:06 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-08-09 10:43 - 2017-07-12 00:01 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-08-09 10:43 - 2017-07-12 00:00 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-08-09 10:43 - 2017-07-11 23:58 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-08-09 10:43 - 2017-07-11 23:58 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 10:43 - 2017-07-11 21:49 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-08-09 10:43 - 2016-09-07 00:24 - 000057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-08-09 10:43 - 2016-08-02 03:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 10:42 - 2017-08-01 14:31 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 10:42 - 2017-08-01 14:25 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-08-09 10:42 - 2017-08-01 14:21 - 002759712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 10:42 - 2017-08-01 14:21 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-08-09 10:42 - 2017-08-01 14:21 - 000295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 10:42 - 2017-08-01 14:21 - 000146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-08-09 10:42 - 2017-08-01 14:21 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 10:42 - 2017-08-01 14:21 - 000026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-08-09 10:42 - 2017-08-01 14:20 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-08-09 10:42 - 2017-08-01 14:20 - 000684344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 10:42 - 2017-08-01 14:20 - 000383776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 10:42 - 2017-08-01 14:20 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 10:42 - 2017-08-01 14:20 - 000079712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 10:42 - 2017-08-01 14:17 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-08-09 10:42 - 2017-08-01 14:17 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-08-09 10:42 - 2017-08-01 14:13 - 001102176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-08-09 10:42 - 2017-08-01 14:01 - 007218176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 10:42 - 2017-08-01 13:54 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 10:42 - 2017-08-01 13:52 - 022569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 10:42 - 2017-08-01 13:52 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 10:42 - 2017-08-01 13:48 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-08-09 10:42 - 2017-08-01 13:47 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-08-09 10:42 - 2017-08-01 13:47 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-08-09 10:42 - 2017-08-01 13:47 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-08-09 10:42 - 2017-08-01 13:47 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-08-09 10:42 - 2017-08-01 13:46 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-08-09 10:42 - 2017-08-01 13:46 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-08-09 10:42 - 2017-08-01 13:46 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 10:42 - 2017-08-01 13:46 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 10:42 - 2017-08-01 13:46 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 10:42 - 2017-08-01 13:45 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-08-09 10:42 - 2017-08-01 13:45 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 10:42 - 2017-08-01 13:45 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 10:42 - 2017-08-01 13:45 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 10:42 - 2017-08-01 13:44 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 10:42 - 2017-08-01 13:43 - 000966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-08-09 10:42 - 2017-08-01 13:43 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-08-09 10:42 - 2017-08-01 13:43 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 10:42 - 2017-08-01 13:42 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 10:42 - 2017-08-01 13:41 - 002222080 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmgr.dll
2017-08-09 10:42 - 2017-08-01 13:40 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-08-09 10:42 - 2017-08-01 13:40 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 10:42 - 2017-08-01 13:40 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 10:42 - 2017-08-01 13:39 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 10:42 - 2017-08-01 13:39 - 001281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 10:42 - 2017-08-01 13:39 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-08-09 10:42 - 2017-08-01 13:39 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 10:42 - 2017-08-01 13:38 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-08-09 10:42 - 2017-08-01 13:36 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 10:42 - 2017-08-01 13:36 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-08-09 10:42 - 2017-08-01 13:34 - 001837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 10:42 - 2017-08-01 13:33 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 10:42 - 2017-08-01 13:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2017-08-09 10:42 - 2017-08-01 13:33 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-08-09 10:42 - 2017-08-01 13:32 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-08-09 10:42 - 2017-08-01 13:30 - 002916864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-08-09 10:42 - 2017-08-01 13:30 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-08-09 10:42 - 2017-08-01 13:30 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-08-09 10:42 - 2017-08-01 13:30 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 10:42 - 2017-08-01 13:29 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 10:42 - 2017-08-01 13:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-09 10:42 - 2017-08-01 13:28 - 001490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-08-09 10:42 - 2017-08-01 13:27 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-08-09 10:42 - 2017-08-01 13:27 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-08-09 10:42 - 2017-08-01 13:27 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-08-09 10:42 - 2017-08-01 13:25 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 10:42 - 2017-08-01 13:24 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 10:42 - 2017-08-01 13:24 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-08-09 10:42 - 2017-08-01 13:23 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 10:42 - 2017-08-01 13:23 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-08-09 10:42 - 2017-08-01 11:47 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 10:42 - 2017-07-12 01:16 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-08-09 10:42 - 2017-07-12 01:15 - 000101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2017-08-09 10:42 - 2017-07-12 01:14 - 001886896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-08-09 10:42 - 2017-07-12 01:13 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 10:42 - 2017-07-12 01:02 - 002186592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 10:42 - 2017-07-12 00:59 - 001100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-08-09 10:42 - 2017-07-12 00:59 - 000989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-08-09 10:42 - 2017-07-12 00:59 - 000947040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-08-09 10:42 - 2017-07-12 00:55 - 004674872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-08-09 10:42 - 2017-07-12 00:25 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2017-08-09 10:42 - 2017-07-12 00:24 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll
2017-08-09 10:42 - 2017-07-12 00:23 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2017-08-09 10:42 - 2017-07-12 00:23 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\frprov.dll
2017-08-09 10:42 - 2017-07-12 00:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2017-08-09 10:42 - 2017-07-12 00:21 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-08-09 10:42 - 2017-07-12 00:21 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-08-09 10:42 - 2017-07-12 00:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll
2017-08-09 10:42 - 2017-07-12 00:19 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-08-09 10:42 - 2017-07-12 00:19 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-08-09 10:42 - 2017-07-12 00:19 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 10:42 - 2017-07-12 00:17 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-08-09 10:42 - 2017-07-12 00:16 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-08-09 10:42 - 2017-07-12 00:16 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 10:42 - 2017-07-12 00:15 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-08-09 10:42 - 2017-07-12 00:13 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 10:42 - 2017-07-12 00:12 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 10:42 - 2017-07-12 00:12 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-08-09 10:42 - 2017-07-12 00:12 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2017-08-09 10:42 - 2017-07-12 00:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 10:42 - 2017-07-12 00:10 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 10:42 - 2017-07-12 00:09 - 003291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-08-09 10:42 - 2017-07-12 00:08 - 002861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-08-09 10:42 - 2017-07-12 00:07 - 000954880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 10:42 - 2017-07-12 00:07 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-08-09 10:42 - 2017-07-12 00:06 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 10:42 - 2017-07-12 00:06 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-08-09 10:42 - 2017-07-12 00:03 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 10:42 - 2017-07-12 00:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 10:42 - 2017-07-12 00:02 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 10:42 - 2017-07-12 00:01 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 10:42 - 2017-07-11 23:59 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-08-09 10:42 - 2017-07-11 23:59 - 002318336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 10:42 - 2017-07-11 23:59 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 10:42 - 2017-07-11 23:58 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 10:42 - 2017-07-11 23:57 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 10:42 - 2017-07-11 23:56 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-08-09 10:42 - 2017-03-04 01:57 - 000372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-08-09 10:42 - 2017-03-04 01:16 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-08-09 10:42 - 2017-03-04 01:14 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2017-08-09 10:42 - 2017-03-04 01:07 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-08-09 10:42 - 2017-03-04 01:05 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-08-09 08:15 - 2017-08-17 19:59 - 313533339 _____ C:\Users\Shawn Merklein\Downloads\AssParade - Katt, Alexa Pierce (Kat And Alexas Asstastic Afternoon)_480p.mp4
2017-08-08 21:59 - 2017-08-08 22:07 - 001275356 _____ C:\WINDOWS\Minidump\080817-28625-01.dmp
2017-08-08 19:30 - 2017-08-08 20:55 - 551264821 _____ C:\Users\Shawn Merklein\Downloads\horny_teens_big.mp4
2017-08-08 19:30 - 2017-08-08 19:43 - 694770673 _____ C:\Users\Shawn Merklein\Downloads\Brooklynn Rayne.mp4
2017-08-08 18:39 - 2017-08-08 18:42 - 000000826 _____ C:\Users\Shawn Merklein\Desktop\police report.txt
2017-08-08 10:59 - 2017-08-21 18:15 - 000000000 ____D C:\Users\Shawn Merklein\Downloads\Latin Mother Naughty Daughter 3
2017-08-07 23:27 - 2017-08-08 02:00 - 447744524 _____ C:\Users\Shawn Merklein\Downloads\Alana Summers.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-06 17:59 - 2016-07-19 17:10 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\uTorrent
2017-09-06 17:32 - 2016-07-16 06:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-06 17:32 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-06 17:10 - 2016-08-12 04:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-06 08:48 - 2016-08-12 04:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-06 08:48 - 2016-07-19 16:24 - 000000000 __SHD C:\Users\Shawn Merklein\IntelGraphicsProfiles
2017-09-06 08:47 - 2016-07-16 01:04 - 017563648 _____ C:\WINDOWS\system32\config\HARDWARE
2017-09-06 08:47 - 2016-07-16 01:04 - 001835008 _____ C:\WINDOWS\system32\config\BBI
2017-09-06 04:33 - 2016-08-06 12:12 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Local\Adobe
2017-09-04 20:03 - 2016-08-12 04:33 - 000000000 ____D C:\Users\Shawn Merklein
2017-09-04 19:23 - 2017-05-26 19:53 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-04 18:51 - 2016-07-19 17:39 - 011784192 _____ C:\Users\Shawn Merklein\Documents\shawn.mny
2017-09-03 19:17 - 2016-11-14 20:09 - 000000000 ____D C:\Users\Shawn Merklein\Desktop\New folder
2017-08-29 21:53 - 2016-07-19 17:24 - 000000000 ____D C:\Program Files (x86)\AVG
2017-08-29 21:53 - 2016-07-19 17:05 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Local\AvgSetupLog
2017-08-29 21:53 - 2016-07-19 17:05 - 000000000 ____D C:\ProgramData\Avg
2017-08-29 21:42 - 2017-08-04 21:03 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-29 21:33 - 2016-07-19 17:31 - 000000000 ____D C:\Users\Shawn Merklein\AppData\Roaming\AVG
2017-08-29 19:03 - 2016-08-04 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
2017-08-29 18:47 - 2015-10-30 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-08-29 17:17 - 2016-08-06 12:14 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 08:13 - 2017-01-02 12:42 - 611996339 _____ C:\WINDOWS\MEMORY.DMP
2017-08-29 08:13 - 2017-01-02 12:42 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-29 01:53 - 2016-07-16 06:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-27 21:00 - 2017-05-26 19:51 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-27 20:47 - 2016-07-19 16:03 - 000000000 ___RD C:\Users\Shawn Merklein\OneDrive
2017-08-27 18:59 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-17 23:46 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2017-08-17 23:00 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-13 20:36 - 2016-07-19 17:49 - 000005616 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-13 16:26 - 2017-07-29 20:42 - 1337322014 _____ C:\Users\Shawn Merklein\Downloads\Latin Mother Naughty Daughter 2.DVDRip.XxX.wmv
2017-08-12 17:15 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\rescache
2017-08-10 18:54 - 2016-08-12 04:44 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswf6a53c8c7ce70194.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswf65659399dd2717a.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswe80bbaf6ca16e0f5.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswe58f1d948b14f2a4.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswd191670c0e673052.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswc9e2c3d00983143d.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswc0660e352455a09a.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswc0571545ba90d2a7.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswb643507d7543be4c.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswa2f3f317b6a978af.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw83a45e668ee481d0.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw80c6db7d2c19d597.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw80433a0af0c118e5.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw7e8d42baa494e0c9.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw6fad27541bdcdf18.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw6c7f1f2021496837.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw61e1006120bf788e.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw5ae7514f86d4c591.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw4d9f898529694a0d.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw3a426747fcfb0839.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw3424b194175831e2.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw30ccf18fa1638451.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw2e15089f74fafd7a.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw2cfd54bb011c8ae8.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw203e77f77c51b19d.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw fa8ef7771aa3fbd.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw 59440a5d4fe4dfa.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswea6186fae33c564e.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswe61f8221aa444187.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswe0718b817aee919f.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswdbab60a50cccf3fc.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswdb9a2f9eeae2cdbf.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswc63c807b2d39c5be.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswbd4f4003242923de.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswb78834d84981ffab.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswb6aaf1803eb2419d.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswb5bd29f200810b97.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\aswac5814d2fb02f353.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw915ff72218b6756f.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw7fe36ef4f57a6ba3.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw7d1b71f5b1a6e464.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw7a3cf567d87f7497.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw6c05fdf9a32c8f44.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw6a4ce0c27f5bd0e9.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw5eef054429e09872.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw4cb40f969bf8b63a.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw44db18dcb478161d.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw4036c29282a5de3b.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw3f58b9bf75aca273.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw15d9f566bb4c01c4.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw149719bb5a7d4435.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw11cc05e78a174018.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw 8037d76782ad827.tmp
2017-08-09 20:24 - 2017-04-21 18:18 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\asw 1747e19b9c868e7.tmp
2017-08-09 20:15 - 2016-04-27 01:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-09 20:11 - 2016-08-12 04:27 - 000203200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-09 20:09 - 2016-07-16 06:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-09 20:09 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-09 20:09 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-09 20:09 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\Provisioning
2017-08-09 20:09 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-08-09 20:09 - 2016-07-16 06:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-09 20:09 - 2016-07-16 06:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-08-09 20:08 - 2016-07-16 06:47 - 000000000 ___RD C:\Program Files\Windows Defender
2017-08-09 20:08 - 2016-07-16 06:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-09 20:08 - 2016-07-16 06:47 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-08 19:29 - 2016-07-20 17:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-08 19:26 - 2016-07-20 17:17 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2017-08-27 22:38 - 2017-08-27 22:38 - 000140800 _____ () C:\Users\Shawn Merklein\AppData\Local\installer.dat
2017-08-27 22:38 - 2017-08-29 08:11 - 001847296 _____ () C:\Users\Shawn Merklein\AppData\Local\po.db

Some files in TEMP:
====================
2017-08-28 23:27 - 2017-08-28 23:48 - 000476672 _____ () C:\Users\Shawn Merklein\AppData\Local\Temp\7za.exe
2017-09-04 20:06 - 2017-09-04 20:06 - 000379776 _____ (Sysinternals - www.sysinternals.com) C:\Users\Shawn Merklein\AppData\Local\Temp\ATSXX.exe
2017-08-28 23:27 - 2017-08-28 23:48 - 000020480 _____ (E Dev) C:\Users\Shawn Merklein\AppData\Local\Temp\DaS_21.exe
2017-08-29 17:51 - 2017-07-12 01:14 - 001886896 _____ (Microsoft Corporation) C:\Users\Shawn Merklein\AppData\Local\Temp\dllnt_dump.dll
2017-08-28 23:27 - 2017-08-28 23:48 - 000388608 _____ (Trend Micro Inc.) C:\Users\Shawn Merklein\AppData\Local\Temp\hijackthis.exe
2017-08-28 23:07 - 2017-08-28 23:07 - 001559924 _____ (                                                            ) C:\Users\Shawn Merklein\AppData\Local\Temp\ICReinstall_FlashPlayerPro_3355519984.exe
2017-08-28 08:29 - 2017-08-28 23:48 - 000030720 _____ (NirSoft) C:\Users\Shawn Merklein\AppData\Local\Temp\NirCmd.exe
2017-08-28 18:44 - 2017-08-28 23:48 - 000256512 _____ () C:\Users\Shawn Merklein\AppData\Local\Temp\PEVZ.EXE
2017-08-28 23:27 - 2017-08-28 23:48 - 000069632 _____ () C:\Users\Shawn Merklein\AppData\Local\Temp\remove.exe
2017-08-28 23:27 - 2017-08-28 23:48 - 000098816 _____ () C:\Users\Shawn Merklein\AppData\Local\Temp\sed.exe
2017-08-26 22:23 - 2017-08-26 22:23 - 007605236 _____ () C:\Users\Shawn Merklein\AppData\Local\Temp\setup.dll
2017-08-28 23:27 - 2017-08-28 23:48 - 000161792 _____ (SteelWerX) C:\Users\Shawn Merklein\AppData\Local\Temp\swreg.exe
2017-08-28 23:27 - 2017-08-28 23:48 - 000217088 _____ (SteelWerX) C:\Users\Shawn Merklein\AppData\Local\Temp\swxcacls.exe
2017-09-04 22:04 - 2017-09-04 22:04 - 000371584 _____ (Sysinternals - www.sysinternals.com) C:\Users\Shawn Merklein\AppData\Local\Temp\VBVDEDC.exe
2017-08-28 23:27 - 2017-08-28 23:48 - 000154232 _____ (Noël Danjou) C:\Users\Shawn Merklein\AppData\Local\Temp\wget.exe
2017-09-04 22:04 - 2017-09-04 22:04 - 000494464 _____ (Sysinternals - www.sysinternals.com) C:\Users\Shawn Merklein\AppData\Local\Temp\ZE.exe
2017-08-28 23:27 - 2017-08-28 23:48 - 000024064 _____ () C:\Users\Shawn Merklein\AppData\Local\Temp\zoek-delete.exe
2017-09-04 20:06 - 2017-09-04 20:06 - 000539520 _____ (Sysinternals - www.sysinternals.com) C:\Users\Shawn Merklein\AppData\Local\Temp\ZVTBCV.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {05257ffe-6087-11e6-94b2-8825b534fd5e}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.exe
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {d2e21b24-6087-11e6-94b2-8825b534fd5e}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {05257ffe-6087-11e6-94b2-8825b534fd5e}
nx                      OptIn
bootmenupolicy          Standard
safebootalternateshell  No

Windows Boot Loader
-------------------
identifier              {0c44a044-4d6c-11e6-9580-e42d33bd4f90}
device                  ramdisk=[C:]\Recovery\0c44a044-4d6c-11e6-9580-e42d33bd4f90\Winre.wim,{0c44a045-4d6c-11e6-9580-e42d33bd4f90}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\0c44a044-4d6c-11e6-9580-e42d33bd4f90\Winre.wim,{0c44a045-4d6c-11e6-9580-e42d33bd4f90}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {d2e21b24-6087-11e6-94b2-8825b534fd5e}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{d2e21b25-6087-11e6-94b2-8825b534fd5e}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{d2e21b25-6087-11e6-94b2-8825b534fd5e}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {e12554f2-4e09-11e6-b627-8df57e4bf049}
device                  ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{e12554f3-4e09-11e6-b627-8df57e4bf049}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{e12554f3-4e09-11e6-b627-8df57e4bf049}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {05257ffe-6087-11e6-94b2-8825b534fd5e}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {d2e21b24-6087-11e6-94b2-8825b534fd5e}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {0c44a042-4d6c-11e6-9580-e42d33bd4f90}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {8e39c144-4e09-11e6-b627-8df57e4bf049}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {e12554f2-4e09-11e6-b627-8df57e4bf049}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {0c44a045-4d6c-11e6-9580-e42d33bd4f90}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\0c44a044-4d6c-11e6-9580-e42d33bd4f90\boot.sdi

Device options
--------------
identifier              {0c44a046-4d6c-11e6-9580-e42d33bd4f90}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {d2e21b25-6087-11e6-94b2-8825b534fd5e}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {f98cca14-606b-11e6-aa34-dc4a3edba6e1}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

LastRegBack: 2017-08-25 21:17

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 06 September 2017 - 06:15 PM

Hi balistic-1 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-DATE-(TIME).txt" log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 balistic-1

balistic-1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 06 September 2017 - 06:29 PM

FRST is the only thing I am able to run and get a full log mbar will not run due to the issue "the requested resource is in use" along with most other antivirus software as I said I have never had a issue cleaning a machine but this is the first win10 I have attempted to clean and I was able to clean the majority using unhack me but I'm just having the issue getting antivirus programs back up and of course task manager even in safe mode no hurry, I have been cleaning this up for over a week and this is the final stage just to get this one problem fixed and I should be good



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 06 September 2017 - 06:31 PM

I wasn't sure if you had tried the right version of MBAR, hence why I asked you to run the one in the thread I linked. No worries if you can't get it to work, Malwarebytes is aware of this. I'm just asking the user to try it anyway in case it works.

Do you have a USB Flash Drive? If so, how big is it?

Also, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 balistic-1

balistic-1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 06 September 2017 - 06:38 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Shawn Merklein (06-09-2017 18:36:38) Run:1
Running from C:\Users\Shawn Merklein\Downloads
Loaded Profiles: Shawn Merklein (Available Profiles: Shawn Merklein)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: dir C:\Windows\
CMD: dir C:\Windows\system32\drivers
*****************

========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========

========= dir C:\Windows\ =========

 Volume in drive C has no label.
 Volume Serial Number is 9C21-DDDD

 Directory of C:\Windows

09/06/2017  05:55 PM    <DIR>          .
09/06/2017  05:55 PM    <DIR>          ..
07/16/2016  06:47 AM    <DIR>          addins
08/13/2016  03:57 AM    <DIR>          appcompat
06/13/2017  11:18 PM    <DIR>          AppPatch
09/06/2017  05:32 PM    <DIR>          AppReadiness
02/05/2007  08:05 PM                38 AviSplitter.INI
08/27/2017  09:03 PM                20 b30366400
08/28/2017  11:29 PM                20 b82006397
08/09/2017  08:09 PM    <DIR>          bcastdvr
07/16/2016  06:42 AM            61,440 bfsvc.exe
07/16/2016  06:47 AM    <DIR>          Boot
07/16/2016  06:47 AM    <DIR>          Branding
08/29/2017  01:53 AM    <DIR>          CbsTemp
08/12/2016  04:50 AM             6,528 comsetup.log
07/16/2016  06:43 AM            33,498 Core.xml
07/16/2016  06:47 AM    <DIR>          Cursors
09/15/2016  03:44 PM    <DIR>          debug
08/12/2016  04:52 AM             7,623 diagerr.xml
07/16/2016  06:47 AM    <DIR>          diagnostics
08/12/2016  04:52 AM             7,623 diagwrn.xml
07/16/2016  09:14 AM    <DIR>          DigitalLocker
08/02/2017  12:06 AM             4,118 DPINST.LOG
08/12/2016  04:37 AM             4,176 DtcInstall.log
07/16/2016  09:14 AM    <DIR>          en-US
07/12/2017  12:55 AM         4,674,872 explorer.exe
07/16/2016  06:47 AM    <DIR>          GameBarPresenceWriter
07/16/2016  06:47 AM    <DIR>          Globalization
08/27/2017  01:49 AM            11,776 goldstein.exe
07/16/2016  09:14 AM    <DIR>          Help
06/03/2017  03:52 AM           975,872 HelpPane.exe
07/16/2016  06:42 AM            18,432 hh.exe
07/16/2016  09:14 AM    <DIR>          IME
08/09/2017  08:09 PM    <DIR>          ImmersiveControlPanel
08/17/2017  11:46 PM    <DIR>          INF
07/16/2016  06:47 AM    <DIR>          InfusedApps
07/16/2016  06:47 AM    <DIR>          InputMethod
07/16/2016  06:47 AM    <DIR>          L2Schemas
08/17/2017  11:00 PM    <DIR>          LiveKernelReports
08/24/2016  01:10 AM    <DIR>          Logs
08/29/2017  08:13 AM       611,996,339 MEMORY.DMP
07/16/2016  06:42 AM            43,131 mib.bin
08/27/2017  01:11 PM    <DIR>          Microsoft.NET
07/16/2016  06:47 AM    <DIR>          Migration
08/29/2017  08:13 AM    <DIR>          Minidump
08/12/2016  04:31 AM    <DIR>          MiracastView
07/16/2016  06:47 AM    <DIR>          ModemLogs
07/16/2016  06:43 AM           243,200 notepad.exe
07/16/2016  09:15 AM    <DIR>          OCR
07/16/2016  06:47 AM    <DIR>          Offline Web Pages
08/12/2016  04:53 AM    <DIR>          Panther
07/16/2016  06:47 AM    <DIR>          Performance
09/06/2017  08:48 AM           835,902 PFRO.log
07/16/2016  06:47 AM    <DIR>          PLA
05/10/2017  10:07 PM    <DIR>          PolicyDefinitions
09/06/2017  05:56 PM    <DIR>          Prefetch
03/15/2017  01:16 AM    <DIR>          PrintDialog
08/09/2017  08:09 PM    <DIR>          Provisioning
08/28/2017  08:18 AM    <DIR>          pss
03/04/2017  01:18 AM           320,512 regedit.exe
08/12/2016  04:50 AM    <DIR>          Registration
08/12/2017  05:15 PM    <DIR>          rescache
07/16/2016  06:47 AM    <DIR>          Resources
07/16/2016  06:47 AM    <DIR>          SchCache
07/16/2016  06:47 AM    <DIR>          schemas
07/16/2016  06:47 AM    <DIR>          security
08/12/2016  04:27 AM    <DIR>          ServiceProfiles
12/11/2016  12:05 AM    <DIR>          servicing
07/16/2016  06:49 AM    <DIR>          Setup
08/16/2017  06:54 PM            30,970 setupact.log
08/12/2016  04:28 AM                 0 setuperr.log
08/09/2017  08:09 PM    <DIR>          ShellExperiences
04/27/2016  01:20 AM    <DIR>          ShellNew
07/16/2016  09:14 AM    <DIR>          SKB
08/09/2017  08:33 PM    <DIR>          SoftwareDistribution
07/16/2016  06:47 AM    <DIR>          Speech
07/16/2016  06:47 AM    <DIR>          Speech_OneCore
10/14/2016  10:59 PM           130,560 splwow64.exe
08/01/2017  06:45 PM               528 Synaptics.log
08/01/2017  06:45 PM             1,590 Synaptics.PD.log
07/16/2016  06:47 AM    <DIR>          System
10/30/2015  02:21 AM               219 system.ini
09/06/2017  08:48 AM    <DIR>          System32
07/16/2016  09:29 AM    <DIR>          SystemApps
07/16/2016  06:47 AM    <DIR>          SystemResources
09/06/2017  08:48 AM    <DIR>          SysWOW64
07/16/2016  06:47 AM    <DIR>          TAPI
09/05/2017  07:19 PM    <DIR>          Tasks
09/06/2017  06:34 PM    <DIR>          Temp
07/16/2016  06:47 AM    <DIR>          tracing
07/16/2016  06:47 AM    <DIR>          twain_32
07/16/2016  06:43 AM            66,560 twain_32.dll
08/25/2017  07:34 AM            51,638 uninstaller.dat
07/16/2016  06:47 AM    <DIR>          Vss
08/28/2017  11:16 PM            11,776 wafting.exe
07/16/2016  06:47 AM    <DIR>          Web
10/30/2015  02:21 AM                92 win.ini
09/06/2017  06:23 PM               275 WindowsUpdate.log
07/16/2016  06:42 AM            10,240 winhlp32.exe
08/29/2017  01:53 AM    <DIR>          WinSxS
07/16/2016  06:43 AM           316,640 WMSysPr9.prx
07/16/2016  06:42 AM            11,264 write.exe
              33 File(s)    619,877,472 bytes
              69 Dir(s)  540,713,959,424 bytes free

========= End of CMD: =========

========= dir C:\Windows\system32\drivers =========

 Volume in drive C has no label.
 Volume Serial Number is 9C21-DDDD

 Directory of C:\Windows\system32\drivers

09/05/2017  08:16 PM    <DIR>          .
09/05/2017  08:16 PM    <DIR>          ..
07/16/2016  06:41 AM           235,520 1394ohci.sys
07/16/2016  06:41 AM           107,360 3ware.sys
03/09/2016  07:39 AM            56,160 Accelerometer.sys
07/16/2016  06:41 AM           705,888 acpi.sys
07/16/2016  06:41 AM            18,432 AcpiDev.sys
07/16/2016  06:42 AM           126,816 acpiex.sys
07/16/2016  06:41 AM            12,288 acpipagr.sys
07/16/2016  06:41 AM            14,336 acpipmi.sys
07/16/2016  06:41 AM            13,312 acpitime.sys
07/16/2016  06:41 AM         1,135,456 adp80xx.sys
10/14/2016  11:21 PM           584,032 afd.sys
07/16/2016  06:42 AM           107,520 agilevpn.sys
10/14/2016  10:31 PM           227,328 ahcache.sys
07/16/2016  06:41 AM           123,392 amdk8.sys
07/16/2016  06:41 AM           120,832 amdppm.sys
07/16/2016  06:41 AM            83,296 amdsata.sys
07/16/2016  06:41 AM           259,424 amdsbs.sys
07/16/2016  06:41 AM            26,976 amdxata.sys
07/16/2016  06:42 AM           172,896 appid.sys
07/16/2016  06:42 AM            15,360 applockerfltr.sys
07/16/2016  06:41 AM           131,936 arcsas.sys
07/30/2017  08:20 PM           313,616 asw  fd518f21578857.tmp
08/09/2017  08:24 PM           139,112 asw 1747e19b9c868e7.tmp
07/30/2017  08:21 PM            39,424 asw 21927da69d48e1f.tmp
07/30/2017  08:21 PM           578,048 asw 516c2d825557a52.tmp
08/09/2017  08:24 PM         1,008,288 asw 59440a5d4fe4dfa.tmp
07/30/2017  08:21 PM            76,832 asw 605be97d99ad602.tmp
07/30/2017  08:20 PM           313,616 asw 6ae82c28edcd2ae.tmp
07/30/2017  08:20 PM           313,616 asw 6ebea970b2696bc.tmp
08/09/2017  08:24 PM           139,112 asw 8037d76782ad827.tmp
07/30/2017  08:20 PM           166,624 asw 858e2e990e87922.tmp
07/30/2017  08:20 PM           166,624 asw 87dc56646022b5d.tmp
07/30/2017  08:20 PM           313,616 asw 886fb391a349a58.tmp
07/30/2017  08:20 PM           192,584 asw 9d0f69cdea12359.tmp
07/30/2017  08:21 PM           353,744 asw 9e552e32ebbc5ba.tmp
07/30/2017  08:21 PM            76,832 asw b81a85073f4cc9b.tmp
07/30/2017  08:20 PM           313,616 asw b8b745819c0f6eb.tmp
07/30/2017  08:21 PM           191,208 asw c0bcdba90e9fec0.tmp
07/30/2017  08:20 PM           192,584 asw cc378c5ca234154.tmp
07/30/2017  08:20 PM           336,896 asw d05f2b7bdab549e.tmp
07/30/2017  08:20 PM           313,616 asw d311f8297e256b2.tmp
07/30/2017  08:20 PM            51,336 asw f9ba9a10b19ec40.tmp
08/09/2017  08:24 PM         1,008,288 asw fa8ef7771aa3fbd.tmp
07/30/2017  08:21 PM           578,048 asw fcbcaa421316065.tmp
07/30/2017  08:20 PM           336,896 asw ff783b8d9041e82.tmp
07/30/2017  08:20 PM           313,616 asw10979ca92244cbc1.tmp
07/30/2017  08:21 PM           353,744 asw10dfdfa35ef4337a.tmp
07/30/2017  08:21 PM            76,832 asw111ae1e1a646e472.tmp
08/09/2017  08:24 PM           139,112 asw11cc05e78a174018.tmp
07/30/2017  08:20 PM            51,336 asw11e57827777031dc.tmp
07/30/2017  08:20 PM           192,584 asw147ffcd45e0bd3c5.tmp
08/09/2017  08:24 PM           139,112 asw149719bb5a7d4435.tmp
07/30/2017  08:21 PM           191,208 asw159c5dfaa5b9d0cb.tmp
08/09/2017  08:24 PM           139,112 asw15d9f566bb4c01c4.tmp
07/30/2017  08:20 PM           336,896 asw16ef379cd39b04e1.tmp
07/30/2017  08:21 PM            39,424 asw175e7c89e9fcd20e.tmp
07/30/2017  08:21 PM           191,208 asw176b0bf825a7415b.tmp
07/30/2017  08:21 PM            39,424 asw18379ca3e42e1065.tmp
07/30/2017  08:20 PM           313,616 asw183e5eb071d4dce1.tmp
07/30/2017  08:21 PM            39,424 asw18ac52abde908bae.tmp
07/30/2017  08:20 PM            51,336 asw191a177aea9b2ed0.tmp
07/30/2017  08:20 PM           166,624 asw1a94e2aa5c1662e1.tmp
07/30/2017  08:21 PM           191,208 asw1b8872d00b6771ec.tmp
07/30/2017  08:20 PM           313,616 asw1cc155280844d50d.tmp
07/30/2017  08:21 PM            76,832 asw1d75e3d9c7af6f01.tmp
07/30/2017  08:21 PM            39,424 asw1f7391bebfbbdc1c.tmp
08/09/2017  08:24 PM         1,008,288 asw203e77f77c51b19d.tmp
07/30/2017  08:21 PM           578,048 asw2063ea80f2722965.tmp
07/30/2017  08:21 PM           191,208 asw2139797fc7a747ac.tmp
07/30/2017  08:20 PM           166,624 asw225f15301aaf6218.tmp
07/30/2017  08:20 PM           336,896 asw24afc16c397e6edb.tmp
07/30/2017  08:20 PM            51,336 asw264031dc7566712f.tmp
07/30/2017  08:21 PM            39,424 asw267388247504a015.tmp
07/30/2017  08:20 PM            51,336 asw26db276a32400db2.tmp
07/30/2017  08:21 PM           578,048 asw275500f7c198fd69.tmp
07/30/2017  08:20 PM           166,624 asw2aa8d0873abd7a41.tmp
08/09/2017  08:24 PM         1,008,288 asw2cfd54bb011c8ae8.tmp
07/30/2017  08:20 PM           166,624 asw2d8c8ab913b75ea7.tmp
07/30/2017  08:21 PM            39,424 asw2dd6e03c33c0382f.tmp
08/09/2017  08:24 PM         1,008,288 asw2e15089f74fafd7a.tmp
07/30/2017  08:21 PM            39,424 asw2e1513c869600cdf.tmp
07/30/2017  08:20 PM            51,336 asw2ee733f8a547dcf7.tmp
07/30/2017  08:21 PM            76,832 asw2ef4fb5721e21a80.tmp
08/09/2017  08:24 PM         1,008,288 asw30ccf18fa1638451.tmp
07/30/2017  08:20 PM           166,624 asw30dc8647fe848bd3.tmp
07/30/2017  08:20 PM           313,616 asw30dfaa1068b12cc3.tmp
07/30/2017  08:20 PM           336,896 asw313bb6e8ca5030ef.tmp
07/30/2017  08:21 PM           578,048 asw321945d049d66fb5.tmp
07/30/2017  08:20 PM           166,624 asw3314a4e8edcc09ca.tmp
08/09/2017  08:24 PM         1,008,288 asw3424b194175831e2.tmp
07/30/2017  08:20 PM           166,624 asw34503c8216568305.tmp
07/30/2017  08:21 PM           578,048 asw348cfc219e7e8483.tmp
07/30/2017  08:21 PM           578,048 asw34d75daa16c8ca8f.tmp
07/30/2017  08:20 PM           313,616 asw35141483529b85d8.tmp
07/30/2017  08:20 PM           313,616 asw351654eb1462f546.tmp
07/30/2017  08:21 PM           578,048 asw353de83cffc7d016.tmp
07/30/2017  08:20 PM           166,624 asw3540a63467b9c64b.tmp
07/30/2017  08:21 PM           578,048 asw35444243e7b73e27.tmp
07/30/2017  08:20 PM           336,896 asw3547cf0271059f01.tmp
07/30/2017  08:21 PM           191,208 asw35483b3ff211aa1b.tmp
07/30/2017  08:21 PM            76,832 asw369344c9eae02501.tmp
07/30/2017  08:21 PM            76,832 asw36ccac40ba7d91c0.tmp
07/30/2017  08:21 PM           578,048 asw375b72dcf81efbcc.tmp
07/30/2017  08:21 PM           191,208 asw3872887dc8714e47.tmp
07/30/2017  08:21 PM            39,424 asw387992ffb0578f6a.tmp
07/30/2017  08:20 PM           192,584 asw38ffa4d217357e31.tmp
07/30/2017  08:20 PM           166,624 asw3910a6f4f8c7994b.tmp
08/09/2017  08:24 PM         1,008,288 asw3a426747fcfb0839.tmp
07/30/2017  08:20 PM           313,616 asw3a7804581cea2d13.tmp
07/30/2017  08:21 PM           191,208 asw3ad0d167efeddd85.tmp
07/30/2017  08:20 PM           313,616 asw3c0a51b376e8f819.tmp
08/09/2017  08:24 PM           139,112 asw3f58b9bf75aca273.tmp
07/30/2017  08:21 PM           578,048 asw3fef41b8adf42f29.tmp
07/30/2017  08:21 PM           191,208 asw4034623b00e21996.tmp
08/09/2017  08:24 PM           139,112 asw4036c29282a5de3b.tmp
07/30/2017  08:20 PM           166,624 asw404e12a2e30ec1b4.tmp
07/30/2017  08:21 PM            76,832 asw40ead44ae5f2a390.tmp
07/30/2017  08:21 PM           353,744 asw410f9c0fc53ef476.tmp
07/30/2017  08:20 PM           166,624 asw41128c9feed671f1.tmp
07/30/2017  08:21 PM            39,424 asw42eab7174527fb03.tmp
08/09/2017  08:24 PM           139,112 asw44db18dcb478161d.tmp
07/30/2017  08:20 PM           192,584 asw4519e22f3085e77f.tmp
07/30/2017  08:20 PM           192,584 asw45251959e4306ce7.tmp
07/30/2017  08:20 PM            51,336 asw45db726c9bb0b7f8.tmp
07/30/2017  08:20 PM           336,896 asw46eb8e33862675dc.tmp
07/30/2017  08:21 PM           102,792 asw49905cd2770c855d.tmp
07/30/2017  08:21 PM            76,832 asw4b85e2107fc02434.tmp
07/30/2017  08:20 PM           192,584 asw4ba446abd7f1bbaf.tmp
07/30/2017  08:20 PM            51,336 asw4c41cc5a9a138e53.tmp
08/09/2017  08:24 PM           139,112 asw4cb40f969bf8b63a.tmp
07/30/2017  08:20 PM           166,624 asw4cc021c02cefef7b.tmp
07/30/2017  08:21 PM            76,832 asw4d910461e7905b63.tmp
08/09/2017  08:24 PM         1,008,288 asw4d9f898529694a0d.tmp
07/30/2017  08:21 PM           353,744 asw4f3fac1cba831628.tmp
07/30/2017  08:21 PM           353,744 asw4f94071ced4f9df1.tmp
07/30/2017  08:21 PM           191,208 asw4fa358b521cef79e.tmp
07/30/2017  08:21 PM            76,832 asw5031aa715e6f6f3d.tmp
07/30/2017  08:21 PM            39,424 asw51dc4bb2f5d33a72.tmp
07/30/2017  08:21 PM           191,208 asw5244f82f7b80f99d.tmp
07/30/2017  08:21 PM            76,832 asw52486a7aa188f3aa.tmp
07/30/2017  08:21 PM           102,792 asw53303ce754d93e49.tmp
07/30/2017  08:21 PM            39,424 asw539e5d4c94882833.tmp
07/30/2017  08:20 PM           192,584 asw555081927cb34478.tmp
07/30/2017  08:21 PM            39,424 asw556fe7fda3c1ff16.tmp
07/30/2017  08:20 PM           192,584 asw5592d30b7d76d6cd.tmp
07/30/2017  08:20 PM           313,616 asw56cdb738597d8402.tmp
07/30/2017  08:21 PM           353,744 asw588df785fdf9255e.tmp
07/30/2017  08:21 PM           102,792 asw5a17c88546b4c50e.tmp
07/30/2017  08:21 PM           191,208 asw5a74eadfffaeead5.tmp
07/30/2017  08:21 PM           578,048 asw5aba012876a03213.tmp
08/09/2017  08:24 PM         1,008,288 asw5ae7514f86d4c591.tmp
07/30/2017  08:21 PM            76,832 asw5bea35e6e7d587a3.tmp
07/30/2017  08:21 PM           353,744 asw5c2ea94e91e74eb3.tmp
07/30/2017  08:21 PM           102,792 asw5c4348fd8e8b9830.tmp
07/30/2017  08:20 PM           192,584 asw5c763039d6be6d84.tmp
07/30/2017  08:20 PM           192,584 asw5d03d5a6e8bb6653.tmp
07/30/2017  08:20 PM           166,624 asw5d1658b1e69c3c48.tmp
07/30/2017  08:21 PM           102,792 asw5df22bbac0370463.tmp
07/30/2017  08:21 PM           191,208 asw5e98e79ced459b92.tmp
07/30/2017  08:20 PM           313,616 asw5eb8d0c99247bba7.tmp
07/30/2017  08:21 PM           353,744 asw5ec17fe9546378d0.tmp
08/09/2017  08:24 PM           139,112 asw5eef054429e09872.tmp
07/30/2017  08:21 PM           102,792 asw5f4e5c2fa9c30fe2.tmp
07/30/2017  08:21 PM           578,048 asw604125f068807784.tmp
07/30/2017  08:20 PM           336,896 asw608a27bb2eab6b5f.tmp
07/30/2017  08:21 PM           578,048 asw61a79aeb5c2b40b5.tmp
08/09/2017  08:24 PM         1,008,288 asw61e1006120bf788e.tmp
07/30/2017  08:21 PM           353,744 asw623c38b7a8e5ee17.tmp
07/30/2017  08:20 PM           336,896 asw62d83913c1b36092.tmp
07/30/2017  08:20 PM           336,896 asw631c861ca85be610.tmp
07/30/2017  08:20 PM           336,896 asw63adf55700cb87ce.tmp
07/30/2017  08:21 PM           578,048 asw641697fc8c64fcca.tmp
07/30/2017  08:21 PM           191,208 asw64302ae2e862e79d.tmp
07/30/2017  08:20 PM           313,616 asw64920304bb9384c4.tmp
07/30/2017  08:21 PM           353,744 asw64df0956463f26d6.tmp
07/30/2017  08:20 PM           192,584 asw650507f93735e8c2.tmp
07/30/2017  08:20 PM           313,616 asw654682fd90aa00a4.tmp
07/30/2017  08:21 PM           102,792 asw656a44860835cd40.tmp
07/30/2017  08:20 PM           166,624 asw6683406255101b30.tmp
07/30/2017  08:21 PM           578,048 asw66c495185cd5eab0.tmp
07/30/2017  08:20 PM            51,336 asw66ecc5bed0a8375e.tmp
07/30/2017  08:20 PM            51,336 asw670926d59f126044.tmp
07/30/2017  08:20 PM           166,624 asw68acee272c11dbba.tmp
07/30/2017  08:20 PM           336,896 asw68fd51fa5aa3ac4a.tmp
07/30/2017  08:21 PM           102,792 asw692ed2c6890d8fa2.tmp
08/09/2017  08:24 PM           139,112 asw6a4ce0c27f5bd0e9.tmp
07/30/2017  08:21 PM           353,744 asw6b3703bbf0d9f32e.tmp
07/30/2017  08:20 PM           192,584 asw6b80ac0bba4d2d0c.tmp
07/30/2017  08:20 PM           336,896 asw6ba28f8c9bebd5ec.tmp
07/30/2017  08:21 PM           191,208 asw6ba4c865f3247c27.tmp
08/09/2017  08:24 PM           139,112 asw6c05fdf9a32c8f44.tmp
08/09/2017  08:24 PM         1,008,288 asw6c7f1f2021496837.tmp
07/30/2017  08:20 PM           192,584 asw6cab2c2a67a3eaf0.tmp
07/30/2017  08:20 PM           313,616 asw6d32ad15d73ddbff.tmp
08/09/2017  08:24 PM         1,008,288 asw6fad27541bdcdf18.tmp
07/30/2017  08:20 PM           313,616 asw71c3c8134829ef49.tmp
07/30/2017  08:20 PM            51,336 asw735684e05a805ffe.tmp
07/30/2017  08:21 PM           102,792 asw73e9d647ac05007a.tmp
07/30/2017  08:21 PM           191,208 asw743a4d2639ecc8ef.tmp
07/30/2017  08:21 PM           578,048 asw74fdc941b66d51ea.tmp
07/30/2017  08:21 PM           102,792 asw75824ec2e412bcee.tmp
07/30/2017  08:21 PM            76,832 asw76bd58407da902a1.tmp
07/30/2017  08:21 PM            39,424 asw77fd1fec8f0ff013.tmp
07/30/2017  08:21 PM           102,792 asw78cf98da319d893d.tmp
08/09/2017  08:24 PM           139,112 asw7a3cf567d87f7497.tmp
07/30/2017  08:21 PM           353,744 asw7b45b480746bd499.tmp
07/30/2017  08:21 PM           102,792 asw7b58e1c1c1acfbb4.tmp
07/30/2017  08:21 PM           191,208 asw7b87ebd84d4972e6.tmp
07/30/2017  08:20 PM           192,584 asw7bce7b4ef22832a0.tmp
07/30/2017  08:20 PM           336,896 asw7c5c6e9860765c3f.tmp
08/09/2017  08:24 PM           139,112 asw7d1b71f5b1a6e464.tmp
07/30/2017  08:21 PM           578,048 asw7df9bbab5c8073b7.tmp
08/09/2017  08:24 PM         1,008,288 asw7e8d42baa494e0c9.tmp
07/30/2017  08:20 PM            51,336 asw7fb15ca62629e964.tmp
07/30/2017  08:21 PM           353,744 asw7fb4a796f9042dc1.tmp
08/09/2017  08:24 PM           139,112 asw7fe36ef4f57a6ba3.tmp
08/09/2017  08:24 PM         1,008,288 asw80433a0af0c118e5.tmp
08/09/2017  08:24 PM         1,008,288 asw80c6db7d2c19d597.tmp
07/30/2017  08:20 PM            51,336 asw80f8ba1dddd54c15.tmp
07/30/2017  08:21 PM            76,832 asw8220bbbc17c79a40.tmp
07/30/2017  08:21 PM           102,792 asw8347edfde9a75b25.tmp
08/09/2017  08:24 PM         1,008,288 asw83a45e668ee481d0.tmp
07/30/2017  08:21 PM           191,208 asw83f56dfe76536dc7.tmp
07/30/2017  08:20 PM           336,896 asw84dbe06b0eadfcd0.tmp
07/30/2017  08:21 PM           102,792 asw850946200d00280e.tmp
07/30/2017  08:21 PM           102,792 asw86c1726d56e749ec.tmp
07/30/2017  08:20 PM           192,584 asw8741b00264eaa1c9.tmp
07/30/2017  08:20 PM           166,624 asw87483b4899eac03f.tmp
07/30/2017  08:20 PM            51,336 asw87885cf0ebbb7124.tmp
07/30/2017  08:20 PM            51,336 asw87b98dc6207e4a58.tmp
07/30/2017  08:21 PM           102,792 asw880656ca8d2a48f6.tmp
07/30/2017  08:21 PM           578,048 asw88582cfee5135e05.tmp
07/30/2017  08:20 PM           166,624 asw88ac80f593979929.tmp
07/30/2017  08:21 PM           191,208 asw8910ea50af891857.tmp
07/30/2017  08:21 PM            76,832 asw89ddcd589b0ff286.tmp
07/30/2017  08:20 PM           192,584 asw8a0dc631bebeb176.tmp
07/30/2017  08:20 PM           192,584 asw8af2ac4d62b7e762.tmp
07/30/2017  08:20 PM           313,616 asw8ca1d587b5828dcb.tmp
07/30/2017  08:21 PM            39,424 asw8cbd2742d9995246.tmp
07/30/2017  08:21 PM           353,744 asw8d4815157fb7799d.tmp
07/30/2017  08:21 PM           353,744 asw8e4bdd568c0e3d96.tmp
07/30/2017  08:21 PM           191,208 asw8e5c93bd295b5e2a.tmp
07/30/2017  08:20 PM           166,624 asw8e8cc13f817e3241.tmp
07/30/2017  08:21 PM            39,424 asw8fc6e8048f6ad9ab.tmp
07/30/2017  08:20 PM           313,616 asw90fbe84029eebb8a.tmp
07/30/2017  08:21 PM           578,048 asw911ec221f098f43a.tmp
08/09/2017  08:24 PM           139,112 asw915ff72218b6756f.tmp
07/30/2017  08:21 PM           102,792 asw91929e06c1bcf2b7.tmp
07/30/2017  08:21 PM           191,208 asw9395c6f55a6a4c1e.tmp
07/30/2017  08:21 PM           578,048 asw963887fa18985dfa.tmp
07/30/2017  08:21 PM            39,424 asw97471908ea233d6d.tmp
07/30/2017  08:21 PM           191,208 asw98453b6d3817db02.tmp
07/30/2017  08:20 PM           336,896 asw99c19552aa63ccb4.tmp
07/30/2017  08:20 PM           336,896 asw9a7dbb57b81a4c64.tmp
07/30/2017  08:20 PM           166,624 asw9aaabc578475f20a.tmp
07/30/2017  08:21 PM           353,744 asw9caa4277b9a0297d.tmp
07/30/2017  08:21 PM            39,424 asw9cd0cb1d345ddd14.tmp
07/30/2017  08:21 PM           353,744 asw9cd935e8d51b566b.tmp
07/30/2017  08:20 PM           166,624 asw9d245e7785c972a5.tmp
07/30/2017  08:20 PM            51,336 asw9d6c15320822a6aa.tmp
07/30/2017  08:20 PM           166,624 asw9dfb93c4074b3e5f.tmp
07/30/2017  08:21 PM           578,048 asw9e6809aac59cf61b.tmp
07/30/2017  08:21 PM           578,048 aswa0013c50a6f7a27f.tmp
07/30/2017  08:21 PM           191,208 aswa29fabe13770f3ef.tmp
08/09/2017  08:24 PM         1,008,288 aswa2f3f317b6a978af.tmp
07/30/2017  08:21 PM           353,744 aswa33fb564211e09ef.tmp
07/30/2017  08:21 PM            76,832 aswa5d9329a723232e7.tmp
07/30/2017  08:21 PM            76,832 aswa69ba248685493d6.tmp
07/30/2017  08:21 PM            76,832 aswa6dee58629be8d33.tmp
07/30/2017  08:20 PM            51,336 aswa963ad6c67ba36cf.tmp
07/30/2017  08:21 PM            39,424 aswaab811d4ba658a10.tmp
07/30/2017  08:21 PM           353,744 aswab175d04dbf06be4.tmp
08/09/2017  08:24 PM           139,112 aswac5814d2fb02f353.tmp
07/30/2017  08:20 PM           192,584 aswad02600d546b7bf9.tmp
07/30/2017  08:20 PM            51,336 aswaea01014c0875482.tmp
07/30/2017  08:20 PM            51,336 aswb00f2e8111e82c1f.tmp
07/30/2017  08:20 PM           336,896 aswb1c17b2e61bb888a.tmp
07/30/2017  08:21 PM           102,792 aswb2084e82287b61b7.tmp
07/30/2017  08:20 PM           166,624 aswb2f36dd1fb0556e9.tmp
07/30/2017  08:20 PM           336,896 aswb40dd6b6c90fb84e.tmp
07/30/2017  08:21 PM            39,424 aswb5585aa9d768bca9.tmp
08/09/2017  08:24 PM           139,112 aswb5bd29f200810b97.tmp
08/09/2017  08:24 PM         1,008,288 aswb643507d7543be4c.tmp
08/09/2017  08:24 PM           139,112 aswb6aaf1803eb2419d.tmp
07/30/2017  08:20 PM           192,584 aswb73d6f7391f65c47.tmp
08/09/2017  08:24 PM           139,112 aswb78834d84981ffab.tmp
07/30/2017  08:20 PM           313,616 aswb7ea88d9b47d0d45.tmp
07/30/2017  08:20 PM           313,616 aswb99fc1f5c22d634a.tmp
07/30/2017  08:21 PM           353,744 aswba2ef0ddbde9d8b3.tmp
07/30/2017  08:21 PM           191,208 aswbac312f69ba81bd6.tmp
07/30/2017  08:20 PM            51,336 aswbc44f551fcf76c5e.tmp
07/30/2017  08:21 PM            39,424 aswbc4b949325b31c5f.tmp
08/09/2017  08:24 PM           139,112 aswbd4f4003242923de.tmp
07/30/2017  08:20 PM            51,336 aswbfb05df49d03394d.tmp
07/30/2017  08:20 PM           192,584 aswc05171dbe040ada9.tmp
08/09/2017  08:24 PM         1,008,288 aswc0571545ba90d2a7.tmp
08/09/2017  08:24 PM         1,008,288 aswc0660e352455a09a.tmp
07/30/2017  08:21 PM            76,832 aswc2b5efa3d2784867.tmp
07/30/2017  08:21 PM           102,792 aswc4406ac58de6e24a.tmp
07/30/2017  08:21 PM           191,208 aswc4c51974ffdaa030.tmp
07/30/2017  08:21 PM            76,832 aswc4d8e46a5c66914e.tmp
07/30/2017  08:21 PM           353,744 aswc559a25e564ce9d7.tmp
07/30/2017  08:20 PM           336,896 aswc5ba6a4e9b2de20e.tmp
07/30/2017  08:20 PM            51,336 aswc5f3623041a36d97.tmp
08/09/2017  08:24 PM           139,112 aswc63c807b2d39c5be.tmp
07/30/2017  08:21 PM            39,424 aswc65de6c0771c8dba.tmp
07/30/2017  08:21 PM           353,744 aswc71efd9c907f08bf.tmp
07/30/2017  08:21 PM           102,792 aswc743c439e325d320.tmp
08/09/2017  08:24 PM         1,008,288 aswc9e2c3d00983143d.tmp
07/30/2017  08:20 PM           336,896 aswca2ff41cae8db65c.tmp
07/30/2017  08:21 PM           102,792 aswcda7b336ed5773fc.tmp
07/30/2017  08:21 PM           578,048 aswce2555ddd1bcc855.tmp
07/30/2017  08:21 PM            76,832 aswce73c5b1f1df465f.tmp
07/30/2017  08:21 PM           578,048 aswcf64706528bc786f.tmp
07/30/2017  08:20 PM           313,616 aswcf6b6317a3f04465.tmp
08/09/2017  08:24 PM         1,008,288 aswd191670c0e673052.tmp
07/30/2017  08:21 PM            39,424 aswd4ec07859ab58f07.tmp
07/30/2017  08:20 PM           336,896 aswd58bfb6efbd395e2.tmp
07/30/2017  08:21 PM            76,832 aswd72834603a49e8e7.tmp
07/30/2017  08:21 PM           102,792 aswd75d33a52030fa54.tmp
07/30/2017  08:20 PM           192,584 aswd81e2235ef94247d.tmp
07/30/2017  08:21 PM            76,832 aswd952effc33704376.tmp
07/30/2017  08:20 PM           166,624 aswd9b2a8847b978f96.tmp
07/30/2017  08:20 PM           192,584 aswd9e1f2a22e1bb419.tmp
07/30/2017  08:20 PM           166,624 aswda7a6a0575ea2bd5.tmp
08/09/2017  08:24 PM           139,112 aswdb9a2f9eeae2cdbf.tmp
08/09/2017  08:24 PM           139,112 aswdbab60a50cccf3fc.tmp
07/30/2017  08:20 PM           313,616 aswdc52c94830f88dba.tmp
07/30/2017  08:21 PM           578,048 aswddca8856ac7c24f5.tmp
07/30/2017  08:20 PM           336,896 aswde0b3b8139bc8e43.tmp
07/30/2017  08:21 PM           102,792 aswdfbf597eef66a8e9.tmp
07/30/2017  08:20 PM           313,616 aswdff4b7ebd2e6044c.tmp
08/09/2017  08:24 PM           139,112 aswe0718b817aee919f.tmp
07/30/2017  08:20 PM            51,336 aswe0cdca2d425e7e52.tmp
07/30/2017  08:21 PM            76,832 aswe32dfebd38caa18d.tmp
07/30/2017  08:20 PM           192,584 aswe3979128dcf85ed9.tmp
07/30/2017  08:20 PM           336,896 aswe3ad287a7c0002ca.tmp
07/30/2017  08:20 PM            51,336 aswe3c3566eb9a0280a.tmp
07/30/2017  08:21 PM            39,424 aswe4b29193c2f96b9c.tmp
08/09/2017  08:24 PM         1,008,288 aswe58f1d948b14f2a4.tmp
08/09/2017  08:24 PM           139,112 aswe61f8221aa444187.tmp
07/30/2017  08:21 PM           353,744 aswe65dddcc3fff1188.tmp
07/30/2017  08:20 PM           336,896 aswe6ef9935aa8e9fac.tmp
07/30/2017  08:20 PM            51,336 aswe78a9cd604b4ff57.tmp
07/30/2017  08:21 PM           353,744 aswe7bbfe71de547b1a.tmp
08/09/2017  08:24 PM         1,008,288 aswe80bbaf6ca16e0f5.tmp
08/09/2017  08:24 PM           139,112 aswea6186fae33c564e.tmp
07/30/2017  08:21 PM           191,208 aswf1d39ba1a606befb.tmp
07/30/2017  08:21 PM            76,832 aswf21afe86f2cf0ca1.tmp
07/30/2017  08:21 PM           102,792 aswf2368a1a138fc451.tmp
07/30/2017  08:20 PM           192,584 aswf3833090da23ceb5.tmp
07/30/2017  08:21 PM           353,744 aswf407fc871d4b8466.tmp
07/30/2017  08:21 PM           353,744 aswf5547bf245e73936.tmp
07/30/2017  08:21 PM           102,792 aswf5558b2c44828b14.tmp
08/09/2017  08:24 PM         1,008,288 aswf65659399dd2717a.tmp
08/09/2017  08:24 PM         1,008,288 aswf6a53c8c7ce70194.tmp
07/30/2017  08:21 PM           102,792 aswf6acb38c09702a6f.tmp
07/30/2017  08:21 PM           578,048 aswf7079f37784dd676.tmp
07/30/2017  08:20 PM           336,896 aswf71cf9b4952b4626.tmp
07/30/2017  08:20 PM           192,584 aswf734220980c8b527.tmp
07/30/2017  08:20 PM           166,624 aswf87fa4e061f18de4.tmp
07/30/2017  08:20 PM           336,896 aswf903471c249f4b8b.tmp
07/30/2017  08:21 PM            39,424 aswf9366a7e54f04598.tmp
07/30/2017  08:20 PM           192,584 aswf9a597b9a8df622d.tmp
07/30/2017  08:21 PM            39,424 aswfa8558d9e4e2c284.tmp
07/30/2017  08:21 PM           353,744 aswfad06fd5fc7c5a94.tmp
07/30/2017  08:21 PM           102,792 aswfb43f6a0be8d2d4b.tmp
07/30/2017  08:20 PM            51,336 aswfbfb4484cc48fc4d.tmp
07/30/2017  08:21 PM           191,208 aswfc6f4c6a04302b0e.tmp
07/30/2017  08:21 PM            76,832 aswfcfaf1f25b021a52.tmp
07/30/2017  08:21 PM            39,424 aswfd20192e85e22219.tmp
07/30/2017  08:20 PM            51,336 aswff9bdd772cf2586d.tmp
07/16/2016  06:42 AM            28,160 asyncmac.sys
07/16/2016  06:41 AM            28,512 atapi.sys
07/16/2016  06:41 AM           191,840 ataport.sys
07/30/2017  08:21 PM           139,112 avgmonflt.sys.150146419923401
05/24/2017  10:09 PM           159,496 avgstm.sys.149568180476501
03/28/2017  12:36 AM            56,320 BasicDisplay.sys
06/03/2017  04:15 AM            41,472 BasicRender.sys
07/16/2016  06:41 AM            36,192 battc.sys
07/16/2016  06:41 AM             9,728 bcmfn.sys
07/16/2016  06:41 AM             9,728 bcmfn2.sys
07/16/2016  06:42 AM             9,728 beep.sys
11/02/2016  05:23 AM           101,888 bowser.sys
07/07/2017  01:49 AM           115,200 bridge.sys
07/16/2016  06:41 AM            22,016 BtaMPM.sys
07/16/2016  06:41 AM            43,008 BthAvrcpTg.sys
07/16/2016  06:41 AM            65,536 bthhfenum.sys
07/16/2016  06:41 AM            31,232 BthhfHid.sys
07/16/2016  06:41 AM            66,048 bthmodem.sys
07/16/2016  06:41 AM            38,912 buttonconverter.sys
07/16/2016  06:41 AM           533,856 bxvbda.sys
09/10/2016  08:21 AM           118,272 capimg.sys
07/16/2016  06:42 AM            92,160 cdfs.sys
07/16/2016  06:41 AM           173,056 cdrom.sys
07/16/2016  06:42 AM            76,640 CEA.sys
07/16/2016  06:41 AM           102,752 cht4dx64.sys
07/16/2016  06:41 AM           346,976 cht4sx64.sys
07/16/2016  06:41 AM         2,104,160 cht4vx64.sys
07/16/2016  06:41 AM            48,640 circlass.sys
03/04/2017  02:20 AM           379,744 Classpnp.sys
08/01/2017  02:29 PM           376,672 clfs.sys
09/07/2016  12:33 AM           681,304 ClipSp.sys
07/16/2016  06:41 AM            29,696 CmBatt.sys
09/15/2016  12:29 PM            23,392 cmimcext.sys
08/01/2017  02:21 PM           624,048 cng.sys
07/16/2016  06:42 AM            38,752 cnghwassist.sys
07/16/2016  06:42 AM            53,088 condrv.sys
10/14/2016  11:29 PM            79,200 crashdmp.sys
03/04/2017  02:15 AM            63,328 dam.sys
07/16/2016  06:41 AM            44,032 devauthe.sys
06/21/2017  01:58 AM           144,896 dfsc.sys
07/16/2016  06:41 AM           101,720 disk.sys
07/16/2016  06:42 AM            38,240 Diskdump.sys
07/16/2016  06:42 AM            14,336 Dmpusbstor.sys
07/16/2016  06:41 AM            35,840 dmvsc.sys
06/04/2013  10:42 AM           146,856 Dot4.sys
06/04/2013  10:42 AM            21,928 Dot4Prt.sys
06/04/2013  10:42 AM            43,944 Dot4usb.sys
08/12/2015  11:54 PM            53,752 dptf_cpu.sys
07/16/2016  06:41 AM            97,280 drmk.sys
07/16/2016  06:41 AM            16,168 drmkaud.sys
07/16/2016  06:42 AM            35,680 Dumpata.sys
07/16/2016  06:44 AM            89,560 dumpfve.sys
06/03/2017  04:54 AM           187,232 dumpsd.sys
07/16/2016  06:42 AM            31,744 dumpsdport.sys
07/12/2017  01:02 AM         2,186,592 dxgkrnl.sys
07/12/2017  01:02 AM           402,776 dxgmms1.sys
03/04/2017  02:09 AM           658,784 dxgmms2.sys
07/16/2016  06:42 AM            88,416 EhStorClass.sys
09/07/2016  12:29 AM           118,112 EhStorTcgDrv.sys
08/09/2017  08:09 PM    <DIR>          en-US
07/16/2016  06:41 AM            13,312 errdev.sys
08/12/2015  11:54 PM           261,624 esif_lf.sys
08/12/2016  04:43 AM    <DIR>          etc
07/16/2016  06:41 AM         3,418,976 evbda.sys
07/16/2016  06:42 AM           334,848 exfat.sys
11/11/2016  05:13 AM           352,096 fastfat.sys
07/16/2016  06:41 AM            32,256 fdc.sys
07/16/2016  06:42 AM            88,576 filecrypt.sys
07/16/2016  06:42 AM            85,344 fileinfo.sys
07/16/2016  06:42 AM            35,840 filetrace.sys
07/16/2016  06:41 AM            26,112 flpydisk.sys
07/16/2016  06:42 AM           377,696 fltMgr.sys
04/27/2017  07:44 PM            62,816 fsdepends.sys
07/16/2016  06:42 AM            31,584 fs_rec.sys
09/15/2016  12:15 PM           649,568 fvevol.sys
03/04/2017  02:17 AM           409,952 FWPKCLNT.SYS
07/16/2016  06:41 AM            20,480 genericusbfn.sys
07/16/2016  06:42 AM         3,440,660 gm.dls
07/16/2016  06:42 AM               646 gmreadme.txt
07/16/2016  06:42 AM             8,192 gpuenergydrv.sys
07/16/2016  06:41 AM            83,456 hdaudbus.sys
07/16/2016  06:41 AM            36,704 hidbatt.sys
07/16/2016  06:41 AM           108,032 hidbth.sys
10/14/2016  10:55 PM           156,672 hidclass.sys
07/16/2016  06:41 AM            51,200 hidi2c.sys
07/16/2016  06:41 AM            50,016 hidinterrupt.sys
07/16/2016  06:41 AM            46,592 hidir.sys
08/05/2016  10:46 PM            40,960 hidparse.sys
08/05/2016  10:47 PM            38,400 hidusb.sys
03/09/2016  07:39 AM            42,336 hpdskflt.sys
07/16/2016  06:41 AM            64,352 HpSAMD.sys
08/01/2017  02:13 PM         1,102,176 http.sys
08/05/2016  11:16 PM            73,568 hvservice.sys
03/04/2017  02:07 AM           110,944 hvsocket.sys
07/16/2016  06:42 AM            29,536 hwpolicy.sys
07/16/2016  06:41 AM            16,384 hyperkbd.sys
07/16/2016  06:41 AM           114,176 i8042prt.sys
07/16/2016  06:41 AM            33,280 iagpio.sys
07/16/2016  06:41 AM            81,408 iai2c.sys
07/16/2016  06:41 AM            64,512 iaLPSS2i_GPIO2.sys
07/16/2016  06:41 AM           176,384 iaLPSS2i_I2C.sys
07/16/2016  06:41 AM            38,128 iaLPSSi_GPIO.sys
07/16/2016  06:41 AM           113,152 iaLPSSi_I2C.sys
07/16/2016  06:41 AM           673,120 iaStorAV.sys
07/16/2016  06:41 AM           412,000 iaStorV.sys
07/16/2016  06:41 AM           526,176 ibbus.sys
01/13/2017  08:37 PM         7,969,752 igdkmd64.sys
07/16/2016  06:42 AM            35,840 IndirectKmd.sys
05/12/2016  06:32 AM           481,768 IntcDAud.sys
07/16/2016  06:41 AM            19,296 intelide.sys
06/09/2015  10:36 PM            88,256 IntelPcc.sys
07/16/2016  06:41 AM            48,152 intelpep.sys
07/16/2016  06:41 AM           134,144 intelppm.sys
11/02/2016  05:55 AM            48,992 iorate.sys
07/16/2016  06:42 AM            85,504 ipfltdrv.sys
03/04/2017  02:24 AM            90,976 IPMIDrv.sys
07/16/2016  06:42 AM           212,480 ipnat.sys
07/16/2016  06:42 AM           120,320 irda.sys
07/16/2016  06:42 AM            19,456 irenum.sys
07/16/2016  06:41 AM            22,880 isapnp.sys
07/16/2016  06:41 AM            62,304 kbdclass.sys
09/15/2016  11:43 AM            39,424 kbdhid.sys
07/16/2016  06:41 AM            25,088 kdnic.sys
03/04/2017  01:28 AM           394,752 ks.sys
08/01/2017  02:32 PM           133,984 ksecdd.sys
08/01/2017  02:25 PM           168,800 ksecpkg.sys
07/16/2016  06:42 AM            26,112 ksthunk.sys
07/16/2016  06:42 AM            66,048 lltdio.sys
07/16/2016  06:41 AM           108,896 lsi_sas.sys
07/16/2016  06:41 AM           105,824 lsi_sas2i.sys
07/16/2016  06:41 AM           101,216 lsi_sas3i.sys
07/16/2016  06:41 AM            82,776 lsi_sss.sys
07/16/2016  06:42 AM           125,952 luafv.sys
06/27/2017  12:06 PM            77,376 mbae64.sys
07/16/2016  06:42 AM            22,528 mcd.sys
07/16/2016  06:41 AM            59,744 megasas.sys
10/05/2016  05:09 AM            64,352 MegaSas2i.sys
07/16/2016  06:41 AM           575,840 megasr.sys
07/16/2016  06:41 AM           842,584 mlx4_bus.sys
07/16/2016  06:42 AM            48,128 mmcss.sys
11/11/2016  04:26 AM            42,496 modem.sys
07/16/2016  06:41 AM            38,400 monitor.sys
07/16/2016  06:41 AM            59,232 mouclass.sys
07/16/2016  06:41 AM            32,256 mouhid.sys
07/16/2016  06:42 AM           104,800 mountmgr.sys
07/16/2016  06:42 AM            75,776 mpsdrv.sys
10/05/2016  04:20 AM           143,872 mrxdav.sys
03/04/2017  02:08 AM           450,400 mrxsmb.sys
07/07/2017  01:39 AM           282,624 mrxsmb10.sys
07/12/2017  01:00 AM           223,072 mrxsmb20.sys
07/16/2016  06:42 AM            31,232 msfs.sys
10/30/2015  02:18 AM                 3 MsftWdf_Kernel_01017_Inbox_Critical.Wdf
07/16/2016  06:42 AM                 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
07/16/2016  06:42 AM                 3 MsftWdf_User_01_11_00_Inbox_Critical.Wdf
07/16/2016  06:42 AM           168,800 msgpioclx.sys
07/16/2016  06:41 AM            50,528 msgpiowin32.sys
07/16/2016  06:42 AM             8,704 mshidkmdf.sys
07/16/2016  06:42 AM            11,776 mshidumdf.sys
07/16/2016  06:41 AM            18,784 msisadrv.sys
07/12/2017  12:56 AM           277,856 msiscsi.sys
03/04/2017  01:36 AM            27,136 mskssrv.sys
07/16/2016  06:42 AM            78,336 mslldp.sys
07/16/2016  06:42 AM            10,752 mspclock.sys
07/16/2016  06:42 AM            10,752 mspqm.sys
07/16/2016  06:42 AM           361,312 msrpc.sys
07/16/2016  06:41 AM            43,360 mssmbios.sys
07/16/2016  06:42 AM            12,800 mstee.sys
07/16/2016  06:41 AM            15,872 MTConfig.sys
06/21/2017  02:50 AM           126,304 mup.sys
07/16/2016  06:41 AM            63,840 mvumis.sys
07/16/2016  06:41 AM           108,896 ndfltr.sys
07/12/2017  01:09 AM         1,181,024 ndis.sys
07/16/2016  06:42 AM            50,176 ndiscap.sys
07/16/2016  06:42 AM           126,464 NdisImPlatform.sys
07/16/2016  06:42 AM            26,112 ndistapi.sys
07/16/2016  06:42 AM            63,488 ndisuio.sys
07/16/2016  06:42 AM            20,480 NdisVirtualBus.sys
07/16/2016  06:42 AM           189,440 ndiswan.sys
07/16/2016  06:42 AM            60,928 ndproxy.sys
07/16/2016  06:42 AM           125,440 Ndu.sys
07/16/2016  06:42 AM            90,624 NetAdapterCx.sys
07/16/2016  06:42 AM            57,184 netbios.sys
07/16/2016  06:42 AM           279,040 netbt.sys
07/07/2017  02:37 AM           468,320 netio.sys
07/16/2016  06:42 AM            68,608 npfs.sys
07/16/2016  06:41 AM            26,624 npsvctrig.sys
07/16/2016  06:42 AM            41,984 nsiproxy.sys
07/12/2017  01:13 AM         2,253,664 ntfs.sys
07/16/2016  06:43 AM            19,296 ntosext.sys
07/16/2016  06:42 AM             7,168 null.sys
07/16/2016  06:41 AM           150,368 nvraid.sys
07/16/2016  06:41 AM           166,240 nvstor.sys
03/04/2017  01:30 AM           535,552 nwifi.sys
07/12/2017  01:00 AM           160,608 pacer.sys
07/16/2016  06:41 AM            96,768 parport.sys
03/04/2017  02:20 AM           128,352 partmgr.sys
07/28/2013  01:24 PM           104,736 parzbhnh.sys
12/14/2016  12:18 AM           335,712 pci.sys
07/16/2016  06:41 AM            16,224 pciide.sys
07/16/2016  06:41 AM            52,576 pciidex.sys
07/16/2016  06:41 AM           118,112 pcmcia.sys
07/16/2016  06:42 AM            51,552 pcw.sys
07/07/2017  02:44 AM           108,896 pdc.sys
07/16/2016  06:42 AM           723,968 PEAuth.sys
07/16/2016  06:41 AM            58,720 percsas2i.sys
07/16/2016  06:41 AM            61,792 percsas3i.sys
07/16/2016  06:41 AM           366,592 portcls.sys
07/16/2016  06:41 AM           119,808 processr.sys
07/16/2016  06:42 AM            48,640 qwavedrv.sys
07/16/2016  06:42 AM            17,408 rasacd.sys
07/16/2016  06:42 AM           104,960 rasl2tp.sys
04/27/2017  07:03 PM            81,408 raspppoe.sys
07/16/2016  06:42 AM            96,256 raspptp.sys
07/16/2016  06:42 AM            77,824 rassstp.sys
04/27/2017  07:38 PM           431,968 rdbss.sys
07/16/2016  09:27 AM            26,112 rdpbus.sys
07/16/2016  09:27 AM           177,152 rdpdr.sys
07/16/2016  09:27 AM            29,536 rdpvideominiport.sys
07/16/2016  06:42 AM           267,104 rdyboost.sys
07/16/2016  06:42 AM           928,608 refsv1.sys
07/16/2016  06:42 AM            70,144 registry.sys
07/16/2016  06:41 AM            39,936 RfxVmt.sys
07/16/2016  06:42 AM           147,968 rmcast.sys
07/16/2016  06:42 AM            34,304 RNDISMP.sys
06/21/2017  02:03 AM            13,312 rootmdm.sys
07/16/2016  06:42 AM            81,408 rspndr.sys
07/16/2016  06:41 AM           589,824 rt640x64.sys
11/19/2015  10:38 AM         4,277,945 RTAIODAT.DAT
08/12/2016  04:30 AM            21,635 rtkhdasetting.zip
11/19/2015  01:23 PM         4,664,064 RTKVHD64.sys
05/03/2017  01:24 AM            40,263 rtldata.txt
05/03/2017  04:27 AM         6,804,480 rtwlane.sys
07/16/2016  06:41 AM           110,432 sbp2port.sys
07/16/2016  06:42 AM            43,008 scfilter.sys
06/21/2017  02:52 AM            88,416 scmbus.sys
07/12/2017  12:24 AM           124,928 scmdisk0101.sys
07/16/2016  06:42 AM           173,408 scsiport.sys
06/03/2017  05:16 AM           279,904 sdbus.sys
07/16/2016  06:42 AM            95,584 sdport.sys
07/12/2017  01:00 AM            95,584 sdstor.sys
07/16/2016  06:42 AM            74,592 SerCx.sys
07/16/2016  06:42 AM           151,904 SerCx2.sys
07/16/2016  06:41 AM            25,088 serenum.sys
07/16/2016  06:41 AM            83,968 serial.sys
07/16/2016  06:41 AM            27,648 sermouse.sys
08/04/2016  06:52 AM           313,096 SET9A17.tmp
07/16/2016  06:41 AM            18,432 sfloppy.sys
07/16/2016  06:41 AM            44,896 sisraid2.sys
07/16/2016  06:41 AM            81,760 sisraid4.sys
12/27/2016  03:38 AM            68,704 Smb_driver_AMDASF_Aux.sys
12/27/2016  03:38 AM            72,792 Smb_driver_Intel.sys
12/27/2016  03:38 AM            72,792 Smb_driver_Intel_Aux.sys
07/16/2016  06:42 AM            22,016 smclib.sys
08/01/2017  02:20 PM           557,408 spaceport.sys
07/16/2016  06:42 AM            79,200 SpbCx.sys
04/27/2017  06:51 PM           409,600 srv.sys
04/27/2017  06:51 PM           713,216 srv2.sys
09/06/2016  11:45 PM           248,320 srvnet.sys
07/16/2016  06:41 AM            31,072 stexstor.sys
03/04/2017  02:08 AM           130,912 storahci.sys
07/12/2017  01:17 AM            81,760 stornvme.sys
06/03/2017  04:49 AM           509,280 storport.sys
07/16/2016  06:42 AM            78,336 storqosflt.sys
07/16/2016  06:41 AM            32,096 storufs.sys
07/16/2016  06:41 AM            36,192 storvsc.sys
07/16/2016  06:42 AM            74,240 stream.sys
07/16/2016  06:41 AM            17,760 swenum.sys
12/27/2016  03:38 AM            66,144 SynRMIHID_Aux.sys
07/16/2016  06:41 AM            64,000 Synth3dVsc.sys
12/27/2016  03:38 AM           910,944 SynTP.sys
07/16/2016  06:42 AM            30,720 tape.sys
07/16/2016  06:42 AM            26,976 tbs.sys
08/01/2017  02:13 PM         2,532,192 tcpip.sys
07/07/2017  01:46 AM            52,224 tcpipreg.sys
07/16/2016  06:42 AM            40,288 tdi.sys
08/01/2017  02:27 PM           118,112 tdx.sys
12/19/2013  11:18 PM            99,288 TeeDriverx64.sys
07/16/2016  09:27 AM            38,752 terminpt.sys
06/03/2017  05:11 AM           128,864 tm.sys
11/11/2016  05:00 AM           219,488 tpm.sys
08/29/2017  11:22 PM            28,272 TrueSight.sys
07/16/2016  06:42 AM            61,440 TsUsbFlt.sys
07/16/2016  06:41 AM            34,304 TsUsbGD.sys
07/16/2016  06:42 AM           158,208 tunnel.sys
07/16/2016  06:41 AM            77,152 uaspstor.sys
07/16/2016  06:42 AM            95,744 UcmCx.sys
07/16/2016  06:42 AM           108,544 UcmTcpciCx.sys
07/16/2016  06:41 AM            50,688 UcmUcsi.sys
07/16/2016  06:42 AM           210,272 Ucx01000.sys
07/16/2016  06:42 AM            45,568 Udecx.sys
07/16/2016  06:42 AM           320,000 udfs.sys
07/16/2016  06:41 AM            28,512 uefi.sys
07/16/2016  06:42 AM           263,008 ufx01000.sys
07/16/2016  06:41 AM            96,608 UfxChipidea.sys
07/16/2016  06:41 AM           137,056 ufxsynopsys.sys
07/16/2016  06:41 AM            56,832 umbus.sys
11/05/2016  07:42 PM    <DIR>          UMDF
07/16/2016  06:41 AM            13,824 umpass.sys
07/16/2016  06:41 AM            28,512 urschipidea.sys
07/16/2016  06:42 AM            57,696 urscx01000.sys
07/16/2016  06:41 AM            27,488 urssynopsys.sys
07/16/2016  06:42 AM            23,040 usb8023.sys
07/16/2016  06:42 AM            36,864 USBCAMD2.sys
07/16/2016  06:41 AM           169,312 usbccgp.sys
07/16/2016  06:41 AM           102,400 usbcir.sys
07/16/2016  06:41 AM            32,608 usbd.sys
07/16/2016  06:41 AM            96,096 usbehci.sys
07/16/2016  06:41 AM           501,088 usbhub.sys
07/16/2016  06:41 AM           535,904 USBHUB3.SYS
07/16/2016  06:41 AM            30,208 usbohci.sys
07/16/2016  06:41 AM           455,520 usbport.sys
07/16/2016  06:41 AM            27,648 usbprint.sys
07/16/2016  06:43 AM            32,256 usbrpm.sys
07/16/2016  06:41 AM            69,120 usbser.sys
06/21/2017  02:36 AM           129,888 USBSTOR.SYS
07/16/2016  06:41 AM            35,328 usbuhci.sys
08/05/2016  10:44 PM           226,816 usbvideo.sys
06/03/2017  04:50 AM           381,792 USBXHCI.SYS
07/16/2016  06:41 AM            53,088 vdrvroot.sys
07/16/2016  06:42 AM           201,056 VerifierExt.sys
07/12/2017  01:01 AM           715,104 vhdmp.sys
07/16/2016  06:42 AM            32,256 vhf.sys
07/16/2016  06:42 AM            50,176 videoprt.sys
08/01/2017  02:20 PM            79,712 vmbkmcl.sys
08/01/2017  01:52 PM            80,896 vmbkmclr.sys
07/16/2016  06:41 AM           104,288 vmbus.sys
07/16/2016  06:41 AM            25,088 VMBusHID.sys
07/16/2016  06:41 AM            13,312 vmgencounter.sys
07/16/2016  06:41 AM            10,240 vmgid.sys
07/16/2016  06:41 AM             9,216 vms3cap.sys
07/16/2016  06:41 AM            46,944 vmstorfl.sys
07/16/2016  06:41 AM            80,224 volmgr.sys
07/16/2016  06:42 AM           367,456 volmgrx.sys
07/16/2016  06:42 AM           391,520 volsnap.sys
07/16/2016  06:41 AM            16,224 volume.sys
09/15/2016  12:29 PM            74,080 vpci.sys
07/16/2016  06:41 AM           166,752 vsmraid.sys
07/16/2016  06:41 AM           305,504 VSTXRAID.SYS
07/16/2016  06:42 AM            26,624 vwifibus.sys
07/16/2016  06:42 AM            73,216 vwififlt.sys
04/27/2017  07:02 PM            40,448 vwifimp.sys
07/16/2016  06:41 AM            30,208 wacompen.sys
07/16/2016  06:42 AM            79,872 wanarp.sys
07/16/2016  06:42 AM            56,320 watchdog.sys
09/15/2016  12:14 PM           119,648 wcifs.sys
07/12/2017  12:25 AM            66,560 wcnfs.sys
07/16/2016  06:43 AM            44,056 WdBoot.sys
07/16/2016  06:42 AM           861,296 Wdf01000.sys
08/12/2015  11:54 PM         1,807,544 WdfCoInstaller01011.dll
07/16/2016  06:43 AM           290,144 WdFilter.sys
07/16/2016  06:42 AM            61,040 WdfLdr.sys
06/21/2017  01:56 AM           719,872 WdiWiFi.sys
07/16/2016  06:43 AM           123,232 WdNisDrv.sys
07/16/2016  06:42 AM            39,776 werkernel.sys
07/12/2017  01:01 AM           156,000 wfplwfs.sys
07/16/2016  06:42 AM            35,680 wimmount.sys
07/16/2016  06:42 AM           107,032 WindowsTrustedRT.sys
07/16/2016  06:41 AM            17,944 WindowsTrustedRTProxy.sys
07/16/2016  06:42 AM            31,584 winhv.sys
09/15/2016  11:42 AM            51,712 winhvr.sys
07/16/2016  06:41 AM            32,096 winmad.sys
07/16/2016  06:41 AM            89,088 winusb.sys
07/16/2016  06:41 AM            64,864 winverbs.sys
04/14/2016  06:34 AM            31,656 WirelessButtonDriver64.sys
07/16/2016  06:41 AM            18,432 wmiacpi.sys
07/16/2016  06:42 AM            20,320 wmilib.sys
08/05/2016  11:29 PM           199,008 wof.sys
07/16/2016  06:44 AM            30,560 WpdUpFltr.sys
07/16/2016  06:42 AM            31,584 WppRecorder.sys
07/16/2016  06:42 AM            22,528 ws2ifsl.sys
07/16/2016  06:42 AM            99,328 WUDFPf.sys
07/16/2016  06:42 AM           216,064 WUDFRd.sys
03/04/2017  01:34 AM           258,560 xboxgip.sys
08/20/2016  12:20 AM            43,520 xinputhid.sys
             743 File(s)    191,751,086 bytes
               5 Dir(s)  540,713,914,368 bytes free

========= End of CMD: =========

==== End of Fixlog 18:36:42 ====



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 06 September 2017 - 06:50 PM

And now for the fun part.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well
Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 09 September 2017 - 09:47 AM

Hi balistic-1,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 11 September 2017 - 07:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 11 September 2017 - 07:29 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 11 September 2017 - 07:29 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users