Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad certs, Hijack, Shell Worm Etc. My Gaming rig is BIOS/Boot kit.


  • This topic is locked This topic is locked
13 replies to this topic

#1 SomeTiredPerson

SomeTiredPerson

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 20 January 2018 - 11:50 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.01.2018 01
Ran by Someone (administrator) on DESKTOP-J4K9RUG (20-01-2018 20:25:46)
Running from C:\New folder
Loaded Profiles: Someone (Available Profiles: Someone)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Windows\System32\Windows.WARP.JITService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 216.165.129.158 216.170.153.146
Tcpip\..\Interfaces\{1bdeb332-65c6-40e7-b41c-2796eb94d08a}: [DhcpNameServer] 216.165.129.158 216.170.153.146
Internet Explorer:
==================
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373696 2017-05-15] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2017-11-09] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-20] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7407040 2017-05-15] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7647232 2017-10-17] (Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [328920 2016-01-05] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [53848 2017-08-18] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-20] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-20] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-20] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
========================== Drivers MD5 =======================
C:\WINDOWS\System32\drivers\1394ohci.sys 08312DEEF0D3F8647AA53AD90A69094E
C:\WINDOWS\System32\drivers\3ware.sys 645009E711BBF117CCEE917A03FB0CDD
C:\WINDOWS\System32\drivers\ACPI.sys 69481E5474C7E61CDB3FE6A8A0F3B1B4
C:\WINDOWS\System32\drivers\AcpiDev.sys 44EA35A4B397898A83BF1B9B4B8DAE35
C:\WINDOWS\System32\Drivers\acpiex.sys 91D113A1532B8AB1E25B7DE5AB3C2F83
C:\WINDOWS\System32\drivers\acpipagr.sys 620BB2682BA625DF037072D89F44F6EE
C:\WINDOWS\System32\drivers\acpipmi.sys B9805A3C479390CEAEA5AEF5E4A90A2E
C:\WINDOWS\System32\drivers\acpitime.sys ABD4EB55C661143B015BD0B9B47B235C
C:\WINDOWS\System32\drivers\ADP80XX.SYS 8C58BD711FAD5F11E8CFDBC5CED973A5
C:\WINDOWS\system32\drivers\afd.sys 7AE4EBDC221235BF9E1008B515C0B8DB
C:\WINDOWS\System32\DRIVERS\ahcache.sys 56166D110D3ECFFC595E5FA02D9BA491
C:\WINDOWS\System32\drivers\amdk8.sys 62619E31AFF88F906A7E793AC4A9FF51
C:\WINDOWS\System32\drivers\amdppm.sys 735142DD039BEB35632765C41FC6E397
C:\WINDOWS\System32\drivers\amdsata.sys F1C16AABA27E9E153AEC7BD2AB853F30
C:\WINDOWS\System32\drivers\amdsbs.sys C834D0F1ECB8473E9E6D18EE1BCEECB2
C:\WINDOWS\System32\drivers\amdxata.sys 49203D2FFE30CBB36BE66A0E70F3D954
C:\WINDOWS\System32\drivers\appid.sys 3692C75C47285D388C886D162F54C430
C:\WINDOWS\System32\drivers\applockerfltr.sys 1E085E2302D568F0CE041732B3E887B0
C:\WINDOWS\System32\drivers\arcsas.sys B42C83DE28776B80DBA1310C56DD4F74
C:\WINDOWS\System32\drivers\asyncmac.sys C2151380227CD1F7DDA2401C1F151367
C:\WINDOWS\System32\drivers\atapi.sys 6191B9B2EE0E8CB957C683B9B341CC86
C:\WINDOWS\System32\drivers\bxvbda.sys A921805C1ED3253DF48FCA4D724173EB
C:\WINDOWS\System32\drivers\bam.sys 763CF81762483E244BAEB83DEFFC53F3
C:\WINDOWS\System32\drivers\BasicDisplay.sys 2A7267AA15E508F6D05A5B562F1FD1CE
C:\WINDOWS\System32\drivers\BasicRender.sys 2E1EE0F10FAF1250D1AC05BFB0E6BD3D
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys EDDAA3A563E7EB71C991FE91249C7D81
C:\WINDOWS\System32\DRIVERS\bowser.sys D030A1203680D66716F4E74053468627
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys A4863B7B1F0DB513D6E34547BACC211A
C:\WINDOWS\System32\drivers\BthEnum.sys 82BD96D56574231AD0E9BBF293EA2E7F
C:\WINDOWS\System32\drivers\bthhfenum.sys 9C9EE272C11252C651C5DE6A1AC1EDAA
C:\WINDOWS\System32\drivers\BthHFHid.sys 69734E386826ED857C889330F35B4D9C
C:\WINDOWS\system32\DRIVERS\bthl2cap.sys 338B8D45C7DFB03DB7957188E16C9661
C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 47BF82E2A6D11279C8501E08518AB835
C:\WINDOWS\System32\drivers\bthmodem.sys A94AFAEA86F5F792BB4ECA095B231464
C:\WINDOWS\System32\drivers\bthpan.sys 4F58D8C265FFA943878CF7F922432847
C:\WINDOWS\system32\DRIVERS\BTHport.sys D970480A59C314CC344118D7B185D7E6
C:\WINDOWS\system32\DRIVERS\BTHUSB.sys 55C836530A9602255BFB4F5D9DA2B737
C:\WINDOWS\System32\drivers\bttflt.sys 39E7437FC59CDD7A303ABD514E462E8B
C:\WINDOWS\System32\drivers\buttonconverter.sys 522888590B0C19BC8128119060AE7901
C:\WINDOWS\System32\drivers\CAD.sys 2AB01CE5E233A6FBA3E91BD57772AA4B
C:\WINDOWS\System32\drivers\capimg.sys F6F97879F53AD57194C6BC8272FD73EA
C:\WINDOWS\System32\DRIVERS\cdfs.sys 9E82A95D77AC78C84BA75FF896B060BF
C:\WINDOWS\System32\drivers\cdrom.sys 6D83565C1652E80447EDEA6947FA89D7
C:\WINDOWS\System32\drivers\cht4sx64.sys D81954CE5E016FD716EDDB2B2FD9BA58
C:\WINDOWS\System32\drivers\cht4vx64.sys F9A8570805807FFD66488F0A858E1308
C:\WINDOWS\System32\drivers\circlass.sys 9798D58461706930190F1F2F6BF21D80
C:\WINDOWS\System32\drivers\cldflt.sys 3B5973C9D50DE90CEB6D7DC85216AA86
C:\WINDOWS\System32\drivers\CLFS.sys 59D46CE57A49353A733D162DBA65A4FA
C:\WINDOWS\System32\drivers\CmBatt.sys 2BA3BA38B5A6A667B0EAEC477276707B
C:\WINDOWS\System32\Drivers\cng.sys B3CC988A9D8B8EC66ED2B7B7B3413652
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys C65AF00EF12A1755E7CA370B0C71935D
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys A50300498D56B2448F3593D25478D508
C:\WINDOWS\System32\drivers\condrv.sys 65602B0DB49199647FECB2D1212147BE
C:\WINDOWS\System32\drivers\dam.sys 72BE43ABD786E86AAE7EA2193201E100
C:\WINDOWS\System32\Drivers\dfsc.sys 9910E9CFF5ECDCB225F82E72CE9DE459
C:\WINDOWS\System32\drivers\disk.sys 811173C821171BB910219E53C7FD97AD
C:\WINDOWS\System32\drivers\dmvsc.sys 569FE16775E15A49DC904DE20BF8CAA0
C:\WINDOWS\System32\drivers\dptf_acpi.sys 225C4E9280B2AE38DCAA5E2FEFC437C2
C:\WINDOWS\System32\drivers\dptf_cpu.sys 4DD17AA07FA0A75E79B47E5B7F18964D
C:\WINDOWS\System32\drivers\drmkaud.sys F4800922F4ABA619585CE320A72E6389
C:\WINDOWS\System32\drivers\dxgkrnl.sys 0DF6B436F579E1DD23C8EBD61EE749E8
C:\WINDOWS\System32\drivers\evbda.sys C99D40C97841E0A7F0F90B8629593A97
C:\WINDOWS\System32\drivers\EhStorClass.sys 260BBD6B1ED06298E509B452354EDB91
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys F3BEBDC1B9DBA32F183079EAE6244837
C:\WINDOWS\System32\drivers\errdev.sys 1B63CA857FD03FD0A5A1379F2996784F
C:\WINDOWS\system32\DRIVERS\esif_lf.sys A63C10A6A6B09FED00046DDD313C2CC1
C:\Windows\System32\Drivers\exfat.sys F1ACA42D448E3986565EA54275EEEA65
C:\Windows\System32\Drivers\fastfat.sys 0AF4B36754A6EAE794EE4398E219A9E1
C:\WINDOWS\System32\drivers\fdc.sys 7CD8426A33F06EB72BFEC51F7C264AF8
C:\WINDOWS\System32\drivers\filecrypt.sys DE51BBBCF358188F9736F031546F9908
C:\WINDOWS\System32\drivers\fileinfo.sys 822F664952B0F8D11BB6BD2F11779602
C:\WINDOWS\System32\drivers\filetrace.sys 5A4935682A0D47A4EAC4BE3C2ACF74D6
C:\WINDOWS\System32\drivers\flpydisk.sys 60641F22D1D38EAD197C25F0339C9712
C:\WINDOWS\System32\drivers\fltmgr.sys 56F9EAA7099159759B2F6C523007A13F
C:\WINDOWS\System32\drivers\FsDepends.sys 5D8A0E58E3F82583697E3F07052435AA
C:\Windows\System32\Drivers\Fs_Rec.sys BB82CC2F51F7C3D5DCD13FA3B040D8F8
C:\WINDOWS\System32\DRIVERS\fvevol.sys 69C669540A850553AF9589DB05A2A7D0
C:\WINDOWS\gdrv.sys 9AB9F3B75A2EB87FAFB1B7361BE9DFB3
C:\WINDOWS\System32\drivers\vmgencounter.sys 3B5DDF1061930A0A891FA63DB0CB878B
C:\WINDOWS\System32\drivers\genericusbfn.sys 8B34E3F794F652082D7E8AF112F71681
C:\WINDOWS\System32\Drivers\msgpioclx.sys 127C23F4720C8902A3AB0FEE12205317
C:\WINDOWS\System32\drivers\gpuenergydrv.sys C7DEA3458E50B691E69EFF0B47CBCCDB
C:\WINDOWS\System32\drivers\HDAudBus.sys 99A34FD1F6431A10D8C3BB50E170D0F2
C:\WINDOWS\System32\drivers\HidBatt.sys 2443FC6EEB9CF092B62127D867901B02
C:\WINDOWS\System32\drivers\hidbth.sys 205043CDC16ADE85E252DD54AE925161
C:\WINDOWS\System32\drivers\hidi2c.sys B521DDDC9038C066B1B957BF063A531A
C:\WINDOWS\System32\drivers\hidinterrupt.sys 5AC0EBFA76E93273A806176D3178E986
C:\WINDOWS\System32\drivers\hidir.sys 366AC0E05EBF5D5C375F65CD8BC7F0DF
C:\WINDOWS\System32\drivers\hidusb.sys 7CB54D02746024648FCE184FC3F941FF
C:\WINDOWS\System32\drivers\HpSAMD.sys 835FB95D85D362057A72D21A48C2C7F8
C:\WINDOWS\System32\drivers\HTTP.sys 717D6E92D0143BCC4C36976BFFD94753
C:\WINDOWS\System32\drivers\hvservice.sys 9F2CFC90306532866C62BDCDFD2532AA
C:\WINDOWS\System32\Drivers\mshwnclx.sys 3737FE486929AFC48F1D10677B698E52
C:\WINDOWS\System32\drivers\hwpolicy.sys 3C65EBF7F1BFD98426C355D66876ECEE
C:\WINDOWS\System32\drivers\hyperkbd.sys 7E00234C67A322988AFEA717D5609C9E
C:\WINDOWS\System32\drivers\HyperVideo.sys FBF5BB641DE99AE1DF4835E88D4F8993
C:\WINDOWS\System32\drivers\i8042prt.sys 56FF074E50F9042FD2856AB3418F4B18
C:\WINDOWS\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7
C:\WINDOWS\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys 435883A27A376B125BD4DF888417C85F
C:\WINDOWS\System32\drivers\iaStorV.sys 7118E4390C4ACDE61E280CE52BCAF44E
C:\WINDOWS\System32\drivers\ibbus.sys 9DBE8C359ABACE1BE1BBAB687D114506
C:\WINDOWS\system32\DRIVERS\ibtusb.sys 18F7B1E3C5DE1CC8B3D2BBF90F7350EF
C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys 254233E3FC59503A4B616A7ED47EAB3F
C:\WINDOWS\System32\drivers\IndirectKmd.sys 42CAF6216A6E516DC56BA319ACC7EEC5
C:\WINDOWS\system32\drivers\RTKVHD64.sys F36520B0C0832D8A9E04C3443468BD2B
C:\WINDOWS\system32\DRIVERS\IntcDAud.sys E300D1E37B737ED14F7A08CD5604E5D9
C:\WINDOWS\System32\drivers\intelide.sys 40943C1CD031ACE06A8374AD56B9E5EA
C:\WINDOWS\System32\drivers\intelpep.sys 327D9CCF5492543AEF3979F9EEAD02BE
C:\WINDOWS\System32\drivers\intelppm.sys 10F2757836F41BFAEA2AE19F6FE869B2
C:\WINDOWS\System32\drivers\invdimm.sys 8387E90B551B9B7F32EDC69909591E9E
C:\WINDOWS\System32\drivers\iorate.sys E207078E0E1BB3524277DB9077E4148E
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys FD8F64B7B345E539F2EA7F72846F83B4
C:\WINDOWS\System32\drivers\IPMIDrv.sys 8AAB863E72A4F9C578FED2EE3541545B
C:\WINDOWS\System32\drivers\ipnat.sys 7BEC2AF23F586EFF0DB4DBF4331B0C70
C:\WINDOWS\System32\drivers\ipt.sys 35A54F19E703D4FE5919F812F6CC5D0A
C:\WINDOWS\system32\drivers\irda.sys 359CDDBC825959DA28FA886B3C271B53
C:\WINDOWS\System32\drivers\irenum.sys F88664A2A82DDA456180FFF95A771765
C:\WINDOWS\System32\drivers\isapnp.sys 2296B158C43C306B0AC5B4D57EA9F0E1
C:\WINDOWS\System32\drivers\msiscsi.sys 2DC0765992CFECE3B13F3BFD20E69DCC
C:\WINDOWS\System32\drivers\kbdclass.sys E320F986BBE0CD9324EA0A193EBF29B1
C:\WINDOWS\System32\drivers\kbdhid.sys AFF5DDCC1A79217C9526FF5E01A69E89
C:\WINDOWS\System32\drivers\kdnic.sys 916E62AF3386F7A74603E5C545F6FF2D
C:\WINDOWS\System32\Drivers\ksecdd.sys 69FA8BEBADF807089FEFCD3F59CFAC1E
C:\WINDOWS\System32\Drivers\ksecpkg.sys C1081E2B36F77781167FD9401119B98E
C:\WINDOWS\system32\drivers\ksthunk.sys DD8C4726127CFE313233372D70787C37
C:\WINDOWS\System32\drivers\lltdio.sys CB5A6E117502156794F0DA9E61506006
C:\WINDOWS\System32\drivers\lsi_sas.sys 20048BEE892138A745B1C23EBB0E069F
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 9EAB16572B576979D585DDEDB12417CD
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 3B7B359C0870317106DF3438D4FF491D
C:\WINDOWS\System32\drivers\lsi_sss.sys 2DE03BA338A4B0ACDB416A30F1C7D56F
C:\WINDOWS\system32\drivers\luafv.sys 9A497169E145FCE2D8AA7DBC67377F64
C:\WINDOWS\System32\drivers\mausbhost.sys BF56CB9D02DEE8CA9CBA50220BE16F15
C:\WINDOWS\System32\drivers\mausbip.sys 01BDEE1FFF6D2216797DFEE4ABD937D9
C:\WINDOWS\System32\drivers\megasas.sys C7B8B5053D646CBD30BE1BA6B487D396
C:\WINDOWS\System32\drivers\MegaSas2i.sys EB8ED3204499DDB2D3BA094A4563EE3E
C:\WINDOWS\System32\drivers\megasr.sys F1C1D4E752DE1D58295040E5BE8813AF
C:\WINDOWS\System32\drivers\mlx4_bus.sys 16B078D1089FEA98710C9D07C152DCEE
C:\WINDOWS\system32\drivers\mmcss.sys 20C57CE47B1A877C48A4B68E9A4E21FA
C:\WINDOWS\System32\drivers\modem.sys A4467A5C080318F0CCCF5ED463821F8B
C:\WINDOWS\System32\drivers\monitor.sys 78BE85C1F1C7F3AF6C87BCE127007D5A
C:\WINDOWS\System32\drivers\mouclass.sys 8E262B34A8BD184B4B3025AA8C396B00
C:\WINDOWS\System32\drivers\mouhid.sys C094A555F148495EA130D3BBC5232D5E
C:\WINDOWS\System32\drivers\mountmgr.sys 6434BC884502E95EEA2379C92DD22B60
C:\WINDOWS\System32\drivers\mpsdrv.sys F36E4074C66DD31855A8D79EF0AE8066
C:\WINDOWS\system32\drivers\mrxdav.sys 215D672CB71987CD98EB2298EFB84DDC
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 34898F29BF0E9A84E183046318D17814
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys 6537678DEEA2A5B079052D75E21E46DA
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 87FF93E7420C9068C0D5B2F3109809F4
C:\WINDOWS\System32\drivers\bridge.sys 167408B38458ECAE545C57527BC99024
C:\Windows\System32\Drivers\Msfs.sys AE111778CA6AC08862B3C713F0413333
C:\WINDOWS\System32\drivers\msgpiowin32.sys 6DDDFCAB646BBBCFC583135C4430E10F
C:\WINDOWS\System32\drivers\mshidkmdf.sys 01C6A86BEA8279E557A5056148F068BF
C:\WINDOWS\System32\drivers\mshidumdf.sys F65ABC7DE945047147F17330F79732CB
C:\WINDOWS\System32\drivers\msisadrv.sys 05B23012427801E710BDD12720B9020B
C:\WINDOWS\System32\drivers\MSKSSRV.sys B25B2CD3E052D68075A3814AAA0C6421
C:\WINDOWS\System32\drivers\mslldp.sys C3F5EA6B9041A30B4F11BE2E7863E487
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 601D666820F0408B896791D19BE6D258
C:\WINDOWS\System32\drivers\MSPQM.sys 46E61FBA0097E48E5628C74A3F72233A
C:\Windows\System32\Drivers\MsRPC.sys 4EB9B77179BDEE89C496E60D4BF85CC1
C:\WINDOWS\System32\drivers\mssmbios.sys CBD56E0B55FB3672BA80382EC2F8835C
C:\WINDOWS\System32\drivers\MSTEE.sys 5734B2A36D3BB13A638E5305EEEC582D
C:\WINDOWS\System32\drivers\MTConfig.sys 85270E0DC6907C6B99F72A36F17AED34
C:\WINDOWS\System32\Drivers\mup.sys DB5B1539F5EBB3DD3A7ED25ADBC4D6D9
C:\WINDOWS\System32\drivers\mvumis.sys 3C57FF3BCF496D24C39C2198158864BB
C:\WINDOWS\System32\DRIVERS\nwifi.sys 8A9CD53B0FBE679116638120CCBB201E
C:\WINDOWS\System32\drivers\ndfltr.sys 77B047B109CE758A017F58FAE5038D0D
C:\WINDOWS\System32\drivers\ndis.sys 7FF306C78B0DC31192657B47539D5688
C:\WINDOWS\System32\drivers\ndiscap.sys 067AE5BA349CC35AF8975D22DC483DDF
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 6FC4D7EB5D38CFB7966405036116F065
C:\WINDOWS\System32\DRIVERS\ndistapi.sys ED7CC4E16B76B2603C9F827188EA63B4
C:\WINDOWS\System32\drivers\ndisuio.sys 8D977AFC195A3F4B15B05D02B2BD0292
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys DC1D26D62F40B7552BCF49D92774F0C5
C:\WINDOWS\System32\drivers\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\NDProxy.sys 8ABF5B8D5839F8DAE2E0D3165AE732F6
C:\WINDOWS\System32\drivers\Ndu.sys A791792DC412CCD83DA0AF6871682552
C:\WINDOWS\System32\drivers\NetAdapterCx.sys BE79982A50AC88BC0765F3AFECFCB596
C:\WINDOWS\System32\drivers\netbios.sys E899D26A0C2555AC30ACDD526056E51F
C:\WINDOWS\System32\DRIVERS\netbt.sys 7FC54F2AF5EC52C7AC05AD90FFC757E6
C:\WINDOWS\System32\drivers\netvsc.sys 680EB4AEA08EAC80C384E90E430DF16D
C:\WINDOWS\System32\drivers\Netwtw04.sys 117446A20C33D5AF536D9F08907FBBB3
C:\Windows\System32\Drivers\Npfs.sys 84EB8F01B140618518AFF30B9951F132
C:\WINDOWS\System32\drivers\npsvctrig.sys 5CB8082E51DE7D19042F0FF8C517CB0D
C:\WINDOWS\System32\drivers\nsiproxy.sys 958921BB7AE2671983743FDA0DD587C4
C:\Windows\System32\Drivers\NTFS.sys E20EC8E25969ABD9F5FED6EDEA57EC0C
C:\Windows\System32\Drivers\Null.sys 0D1E03A5F87F4DE04D97622C686910A2
C:\WINDOWS\System32\drivers\nvdimmn.sys 532F27A2B62D70C327E763F035AED6C1
C:\WINDOWS\System32\drivers\nvraid.sys 7E04652EB1A476BC0A72ECDC613AF0C5
C:\WINDOWS\System32\drivers\nvstor.sys 880B3E874914DAEF97119876543AE117
C:\WINDOWS\System32\drivers\parport.sys 2E07EC2C1622F5E7B535D62DCD61F3AB
C:\WINDOWS\System32\drivers\partmgr.sys 023DDF9DE429B2E6F0BADA72AA98EF8B
C:\WINDOWS\System32\drivers\pci.sys 9BF965EE361849567DB1664BEDFA9569
C:\WINDOWS\System32\drivers\pciide.sys E5AF806815ED797086629741F29E4156
C:\WINDOWS\System32\drivers\pcmcia.sys 2A631D447B988AFBE847CBAA8E5CC298
C:\WINDOWS\System32\drivers\pcw.sys ACD510CF2B631A2D36B2CFB7D31E22FD
C:\WINDOWS\System32\drivers\pdc.sys 1796112EB89559910BC18865A29C8894
C:\WINDOWS\System32\drivers\peauth.sys F21127EDE5D72090A1B029AFF4AFFD17
C:\WINDOWS\System32\drivers\percsas2i.sys 35FD028E4323018202C0B7D115FD3AEF
C:\WINDOWS\System32\drivers\percsas3i.sys F9F3D8BE9BC9241CC726197261362AC4
C:\WINDOWS\System32\drivers\pmem.sys 36D43EA5517F3F4AAAC8EE061C957EF1
C:\WINDOWS\System32\drivers\pnpmem.sys 59048555B59FD69287CFAB6022B5CC86
C:\WINDOWS\System32\drivers\raspptp.sys AACA74DEF7BE3DED322411787494878B
C:\WINDOWS\System32\drivers\processr.sys B1111C47F128C946BDC87A18E44007EB
C:\WINDOWS\System32\drivers\pacer.sys 5818FE76C3C6AE0CA723EBE483BF447F
C:\WINDOWS\system32\drivers\qwavedrv.sys 16F9A6B593B52EB18F7ECB9D251BDF7A
C:\WINDOWS\System32\DRIVERS\ramdisk.sys 13600C467512147E99052806F2C1307A
C:\WINDOWS\System32\DRIVERS\rasacd.sys F57D1DE0C9522BCD590A69D044641B5A
C:\WINDOWS\System32\drivers\AgileVpn.sys ED0EE10911C16AD8B21B9003C90E968F
C:\WINDOWS\System32\drivers\rasl2tp.sys E0220BB6580D34001D4D1D133052DAA4
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 12EE1D92F4E5FAE4B6F65195A2016CE5
C:\WINDOWS\System32\drivers\rassstp.sys 91CE469015979E5B3C3DBC2C41A476E8
C:\WINDOWS\System32\DRIVERS\rdbss.sys 4525664EFB5EB71D4B155405F78D93DB
C:\WINDOWS\System32\drivers\rdpbus.sys 8A5285B38A203D15110E142DE68406DD
C:\WINDOWS\System32\drivers\rdpdr.sys DF83769C92527DB50653F8FB57D001FF
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 4D1A63ACEC42A88E52AFC4E84A8CE9EE
C:\WINDOWS\System32\drivers\rdyboost.sys 12AF835862F2B6B2FB9DEA8BA2288587
C:\Windows\System32\Drivers\ReFS.sys FB0577F6BC9E07549CEACF5224327499
C:\Windows\System32\Drivers\ReFSv1.sys 4136BCA61BCDCC79DCE145F9CB639CD6
C:\WINDOWS\System32\drivers\rfcomm.sys 5BF7698021DB13B55753FD921BEBE318
C:\WINDOWS\System32\drivers\rhproxy.sys BBC228CA2F96B784B01FE7F1C5E3CFBB
C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys CA864D504A5E56AF84A491B4AA1F8A98
C:\WINDOWS\System32\drivers\rspndr.sys 27B80E5766B114621980F82FB78E912A
C:\WINDOWS\System32\drivers\vms3cap.sys F0FA6B67B16EEFDEF8E8AFAD47A4F9B8
C:\WINDOWS\System32\drivers\sbp2port.sys 324FA3C337EB54B43448F7B08444DC8D
C:\WINDOWS\System32\DRIVERS\scfilter.sys 62A33CE69DB508BCEC63F4D3BFF400CE
C:\WINDOWS\System32\drivers\scmbus.sys 7B057373146CC4E5A1F1DA665EA55DC7
C:\WINDOWS\System32\drivers\sdbus.sys 0FB6CCFA52FE5AD0B8D86E8AB370EF34
C:\WINDOWS\System32\drivers\SDFRd.sys 6D3853838864886B4F10B074282772E0
C:\WINDOWS\System32\drivers\sdstor.sys C289832A3174DC9D393C7603C511DF79
C:\WINDOWS\System32\drivers\SerCx.sys 75A27472AFD009255DBDE52038E3BDB5
C:\WINDOWS\System32\drivers\SerCx2.sys 84005F54308109A022413D628E966412
C:\WINDOWS\System32\drivers\serenum.sys 40384793F74CFFA45BCC38DF65E978EC
C:\WINDOWS\System32\drivers\serial.sys 699470AD24D67908991A777716A352FD
C:\WINDOWS\System32\drivers\sermouse.sys 92453F065F52A8EF0328A926B2C9502F
C:\WINDOWS\System32\drivers\sfloppy.sys 1D8920C40F19B5FBA5F4897779840AD1
C:\WINDOWS\System32\drivers\SiSRaid2.sys A871F9CC9CF388DC7193D22EF8D8C8DF
C:\WINDOWS\System32\drivers\sisraid4.sys D30FC341550CC364880950152AE8B1C5
C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys 0AB5FBC526DC0CBE9033CE78284C7201
C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys ADFE78C4F1A328EC5BEC6EB4BC41EF06
C:\WINDOWS\System32\drivers\spaceport.sys B2ABF0F8A49752B5CD9DEE2EADF7416A
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys CCECE7E96B4F7B0E9F0FC82F6DADA917
C:\WINDOWS\System32\drivers\SpbCx.sys 545507AF670BC88B89200A118513ED9A
C:\WINDOWS\System32\DRIVERS\srv2.sys 41181D890542EB0E8D9822F73F9FD5D7
C:\WINDOWS\System32\DRIVERS\srvnet.sys 43480B3EE4D23F5AA8EE7C6D83B09487
C:\WINDOWS\System32\drivers\stexstor.sys 162A805E13B3C0DD06AE8B6FC1900156
C:\WINDOWS\System32\drivers\storahci.sys DD1F00B80DDD12252B7B228ABCE181A9
C:\WINDOWS\System32\drivers\vmstorfl.sys A12CFAAA0F113A25D8CEFE58B1CBB207
C:\WINDOWS\System32\drivers\stornvme.sys B6F8D1FA73F6E102AEA60D2BBD1DDF78
C:\WINDOWS\System32\drivers\storqosflt.sys 57377953F5688158054BC8CB5A243115
C:\WINDOWS\System32\drivers\storufs.sys B59D29E535AF7E82717C2AD2C57EEC67
C:\WINDOWS\System32\drivers\storvsc.sys 9B431079624306B5659B3B7208A71C75
C:\WINDOWS\System32\drivers\swenum.sys 027B27E4B9DB3931D64159B81BD915A0
C:\WINDOWS\System32\drivers\Synth3dVsc.sys AB15F9FDCD11D5283891BC956E8C5C95
C:\WINDOWS\System32\drivers\SynTP.sys 347F4B8DC1CAA234474AE79BF5207E2B
C:\WINDOWS\System32\drivers\tcpip.sys 9900BD38D592CF4EE6F2EAE3847A24D8
C:\WINDOWS\System32\drivers\tcpip.sys 9900BD38D592CF4EE6F2EAE3847A24D8
C:\WINDOWS\System32\drivers\tcpipreg.sys 74A1BF4093FA7B7D6C9366A39911A78E
C:\WINDOWS\system32\DRIVERS\tdx.sys 571D82ABAC428D902ACA0CF60373C039
C:\WINDOWS\System32\drivers\terminpt.sys B4B68E1DB59456419D9E49645729502A
C:\WINDOWS\System32\drivers\tpm.sys 1658D060057C85DEC82BFCB018C4C22F
C:\WINDOWS\System32\drivers\tsusbflt.sys 8D811209E34358EAD3FD8E40F657E59C
C:\WINDOWS\System32\drivers\TsUsbGD.sys 68DE1735FB020AE8948BD7B60F2EBD3B
C:\WINDOWS\System32\drivers\tunnel.sys ACD39B0E5CFDA7B1AB7DF33FC5CC0E46
C:\WINDOWS\System32\drivers\TXEIx64.sys 2CC59847A4E1B1829114C2607BA38794
C:\WINDOWS\System32\drivers\uaspstor.sys 04FC2C7F73AE58BF0DD674164E28A6DF
C:\WINDOWS\System32\Drivers\UcmCx.sys E437FC4B1833F6B745184F78C4921FB8
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 950A3E42167904CAB9AA64863C31CEB5
C:\WINDOWS\System32\drivers\UcmUcsi.sys 149CBBB74DFC3E52F242029A27B0F8EB
C:\WINDOWS\System32\drivers\ucx01000.sys E6E91B3980A495D2A9D28A09580EA993
C:\WINDOWS\System32\drivers\udecx.sys DACA289DFFA7658C04FEF6DCFA2AA9CE
C:\WINDOWS\System32\DRIVERS\udfs.sys 12383D410AEF99AD6979A8EFD3D61888
C:\WINDOWS\System32\drivers\UEFI.sys AB7FE51D818B6059C2F56FA62268CCAC
C:\WINDOWS\System32\drivers\ufx01000.sys 58447F28E697A93521DD20530A8D50ED
C:\WINDOWS\System32\drivers\UfxChipidea.sys 69ED2D00A7787D9D84E6C90CE0B02B2D
C:\WINDOWS\System32\drivers\ufxsynopsys.sys F061EC57330FBC597A4E7298BE667780
C:\WINDOWS\System32\drivers\umbus.sys D40BCED160D332005AF612E1228825E6
C:\WINDOWS\System32\drivers\umpass.sys 64CF24D7B1FA4975C52A31BF4C82EB73
C:\WINDOWS\System32\drivers\urschipidea.sys ACE4C3B4C7D17B154FFC5BBE5F7A9835
C:\WINDOWS\System32\drivers\urscx01000.sys ECE40EB976A5ACB366808AECF6B235BA
C:\WINDOWS\System32\drivers\urssynopsys.sys EB738F830D3E7EA62A218F101EF91FD4
C:\WINDOWS\System32\drivers\usbccgp.sys B43E28E5CF868517EEC0923AB2BC366B
C:\WINDOWS\System32\drivers\usbcir.sys 1080D80B5F6D249F23BAE1C0C36233A4
C:\WINDOWS\System32\drivers\usbehci.sys EE162DA2C92026A5B96ED89737975AA8
C:\WINDOWS\System32\drivers\usbhub.sys C27FEE9758E3BEDE4D48B5EDBE1122CF
C:\WINDOWS\System32\drivers\UsbHub3.sys 4FA9C956E569D0D380C2859542361780
C:\WINDOWS\System32\drivers\usbohci.sys 44B954306BB2B311E070EDA276FECAB1
C:\WINDOWS\System32\drivers\usbprint.sys EEF26F9034F0608B93D4D239534BB0BA
C:\WINDOWS\System32\drivers\usbser.sys 913CFF365DB1803525DBD2AA8B8188B4
C:\WINDOWS\System32\drivers\USBSTOR.SYS 441CAE778B6A1FF6E618E37814A7A52A
C:\WINDOWS\System32\drivers\usbuhci.sys 2D6BB2157B37B2D9DABF8C218F2A805B
C:\WINDOWS\System32\Drivers\usbvideo.sys 68788AE61B2E6A7D97CAD73B632F5BF5
C:\WINDOWS\System32\drivers\USBXHCI.SYS 41E5A6188180DC72BCECA999ED2532D4
C:\WINDOWS\System32\drivers\vdrvroot.sys C77C537077822D8EA529AD4EBFD971D6
C:\WINDOWS\System32\drivers\VerifierExt.sys 9D4EEE333603F3675685F644053499D5
C:\WINDOWS\System32\drivers\vhdmp.sys 9240C24121E3A581F8BC198413AEA06E
C:\WINDOWS\System32\drivers\vhf.sys E10FEBB566E1F0A3936AB304F338637E
C:\WINDOWS\System32\drivers\vmbus.sys 079B4378614A40A308F9C721A50C7B87
C:\WINDOWS\System32\drivers\VMBusHID.sys DC9E0600B356258E31403789119C78A9
C:\WINDOWS\System32\drivers\vmgid.sys B24F74B2710B66F647419697BDB9E163
C:\WINDOWS\System32\drivers\vnvdimm.sys D81F6B790519A60F3D1788B45D04B749
C:\WINDOWS\System32\drivers\volmgr.sys C9052650BBF2124CD525A26D5C2A6671
C:\WINDOWS\System32\drivers\volmgrx.sys 6D6CACED512C1EF1FEAC215E37E3A9BC
C:\WINDOWS\System32\drivers\volsnap.sys 5B27846CF4B1C21AFB3A35A8336BA02F
C:\WINDOWS\System32\drivers\volume.sys 72A95A844D6BAF2924A4C15BEDFD6BCA
C:\WINDOWS\System32\drivers\vpci.sys 702273C7C1BE9D366BAF1305D382F03C
C:\WINDOWS\System32\drivers\vsmraid.sys 075CE3C9E77D2666AFA888951E5F07A9
C:\WINDOWS\System32\drivers\vstxraid.sys 26D00E85BE4726B114335250FCDEDA89
C:\WINDOWS\System32\drivers\vwifibus.sys 3DFDB573E4D49EA8F416B573525B7A86
C:\WINDOWS\System32\drivers\vwififlt.sys A40FA64655AB5B8773A96A821616C5FC
C:\WINDOWS\System32\drivers\vwifimp.sys 0D34F98DBDF09D239533AC345C360F03
C:\WINDOWS\System32\drivers\wacompen.sys 5B5430522E0BDF2A753D758710BE7C5E
C:\WINDOWS\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\WINDOWS\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\WINDOWS\system32\drivers\wcifs.sys 520E4FD6B5BF5349DD1499F2AEFB7C50
C:\WINDOWS\system32\drivers\wcnfs.sys 9DE3FDFF295F2534DF0A8B6FC4F06355
C:\WINDOWS\System32\drivers\wd\WdBoot.sys 16D3F1C6CB3D6BBFDF4893C7A14D6F12
C:\WINDOWS\System32\drivers\Wdf01000.sys FCC960498E3CD899F0A429F7CF9E77AD
C:\WINDOWS\System32\drivers\wd\WdFilter.sys 64EB43131121ADD90A061A75C8ADE9E6
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 2D50C46EFE924BC24F63A45D2DB1AA3A
C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys BE3C9DF77543C78004C400B1CAFCAB49
C:\WINDOWS\System32\drivers\wdnsfltr.sys DF58AA71FBA55E15F572C93447696DEC
C:\WINDOWS\System32\drivers\wfplwfs.sys 8E101DF42D36E04EC610581BA478B38F
C:\WINDOWS\System32\drivers\wimmount.sys C8D3FC38426E990E2787771678B19C6D
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys 0484B0D01EA6F7017519EBDDBADE759D
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 813EE0F4D4B8D599DB1968682D080732
C:\WINDOWS\System32\drivers\winmad.sys E23475E9150E6A50B12DB176EA5CDD56
C:\WINDOWS\System32\drivers\winnat.sys EABEF39BBEEDB3845C36893931DADCD1
C:\WINDOWS\System32\drivers\WinUSB.SYS E92F3539C4758F6A9F4B80CBAC75B3E6
C:\WINDOWS\System32\drivers\winverbs.sys 59126AFCC64270747B5CC9B44A4A48F4
C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys 569FB3D619213F226CBB60F9CB8FE1BD
C:\WINDOWS\System32\drivers\wmiacpi.sys E8C793ED028E132771988760819E3754
C:\Windows\System32\Drivers\Wof.sys 8D6E6F6C233AF450C50FA615530B44D2
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 9EAE1EF282864674355B4B81DF6AE935
C:\WINDOWS\system32\drivers\ws2ifsl.sys 367B3ED0C688AFE28C376B0230814567
C:\WINDOWS\System32\drivers\WudfPf.sys BD5E68B369DF3453A0A87663C6C5476D
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\System32\drivers\xboxgip.sys 2244A4CEFE8F9C74091369ACE2E9EBC6
C:\WINDOWS\System32\drivers\xinputhid.sys 4A91B49C6B1E41151D47CB919ADF013A
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-20 20:25 - 2018-01-20 20:25 - 000000000 ____D C:\FRST
2018-01-20 20:24 - 2018-01-20 20:25 - 000000000 ____D C:\New folder
2018-01-20 20:05 - 2018-01-20 20:05 - 000001872 _____ C:\Users\Someone\Desktop\Rkill.txt
2018-01-20 19:49 - 2018-01-20 19:52 - 000000000 ____D C:\AdwCleaner
2018-01-20 19:48 - 2018-01-20 19:48 - 008206624 _____ (Malwarebytes) C:\Users\Someone\Downloads\AdwCleaner.exe
2018-01-20 19:36 - 2018-01-20 19:36 - 000003786 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2018-01-20 19:35 - 2018-01-20 19:35 - 000000000 ____D C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-01-20 19:35 - 2018-01-20 19:35 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-01-20 19:34 - 2018-01-20 19:36 - 000194667 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2018-01-20 18:09 - 2018-01-20 18:09 - 000000000 ____D C:\Users\Someone\AppData\Roaming\Macromedia
2018-01-20 17:31 - 2018-01-20 17:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-20 16:03 - 2018-01-20 16:03 - 000000000 ____D C:\Users\Someone\AppData\Local\DBG
2018-01-20 14:15 - 2018-01-20 14:15 - 000000000 ____D C:\Users\Someone\AppData\Local\Microsoft_Corporation
2018-01-20 12:53 - 2018-01-20 12:53 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-01-20 11:56 - 2018-01-20 11:52 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-20 11:53 - 2018-01-20 11:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-20 11:53 - 2018-01-20 11:53 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-20 11:53 - 2018-01-20 11:53 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-20 11:47 - 2018-01-20 17:26 - 000026192 ____N (Windows ® Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2018-01-20 11:41 - 2018-01-20 11:41 - 000000000 ____D C:\Users\Someone\AppData\Local\Downloaded Installations
2018-01-20 11:40 - 2018-01-20 17:29 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2018-01-20 11:40 - 2018-01-20 17:28 - 000000000 ____D C:\Program Files (x86)\GIGABYTE
2018-01-20 11:40 - 2015-06-02 10:50 - 000005120 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\acpimof_ocpanel.dll
2018-01-20 10:51 - 2018-01-20 10:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-912802712-2140372985-3276877459-1001
2018-01-20 10:14 - 2018-01-20 10:27 - 000000000 ____D C:\Users\Someone\AppData\Local\PlaceholderTileLogoFolder
2018-01-20 10:13 - 2018-01-20 10:13 - 000000000 ____D C:\Users\Someone\AppData\Local\Comms
2018-01-20 10:01 - 2018-01-20 10:01 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-912802712-2140372985-3276877459-1001
2018-01-20 09:59 - 2018-01-20 17:34 - 000000000 ___RD C:\Users\Someone\OneDrive
2018-01-20 09:59 - 2018-01-20 10:01 - 000002369 _____ C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-20 09:58 - 2018-01-20 09:58 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-01-20 09:56 - 2018-01-20 11:12 - 000000000 ____D C:\Users\Someone\AppData\Local\Packages
2018-01-20 09:56 - 2018-01-20 10:21 - 000000000 ____D C:\Users\Someone\AppData\Local\Publishers
2018-01-20 09:56 - 2018-01-20 09:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-20 09:56 - 2018-01-20 09:56 - 000000000 ___RD C:\Users\Someone\3D Objects
2018-01-20 09:56 - 2018-01-20 09:56 - 000000000 ___HD C:\Users\Someone\MicrosoftEdgeBackups
2018-01-20 09:56 - 2018-01-20 09:56 - 000000000 ____D C:\Users\Someone\AppData\Roaming\Synaptics
2018-01-20 09:56 - 2018-01-20 09:56 - 000000000 ____D C:\Users\Someone\AppData\Roaming\Adobe
2018-01-20 09:56 - 2018-01-20 09:56 - 000000000 ____D C:\Users\Someone\AppData\Local\VirtualStore
2018-01-20 09:56 - 2018-01-20 09:56 - 000000000 ____D C:\Users\Someone\AppData\Local\MicrosoftEdge
2018-01-20 09:56 - 2018-01-20 09:56 - 000000000 ____D C:\Users\Someone\AppData\Local\ConnectedDevicesPlatform
2018-01-20 09:55 - 2018-01-20 09:59 - 000000000 ____D C:\Users\Someone
2018-01-20 09:55 - 2018-01-20 09:55 - 000000020 ___SH C:\Users\Someone\ntuser.ini
2018-01-20 08:45 - 2018-01-20 08:45 - 000000000 ____D C:\ProgramData\USOShared
2018-01-20 08:39 - 2018-01-20 17:30 - 000883434 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-20 08:36 - 2018-01-20 08:36 - 000000000 ____D C:\ProgramData\Synaptics
2018-01-20 08:36 - 2017-09-29 05:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-01-20 08:35 - 2018-01-20 08:35 - 000000000 _SHDL C:\Users\Default User
2018-01-20 08:35 - 2018-01-20 08:35 - 000000000 _SHDL C:\Users\All Users
2018-01-20 08:35 - 2018-01-20 08:35 - 000000000 _SHDL C:\Documents and Settings
2018-01-20 08:31 - 2018-01-20 08:31 - 000003222 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_Session
2018-01-20 08:31 - 2018-01-20 08:31 - 000002058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2018-01-20 08:30 - 2018-01-20 17:25 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-01-20 08:30 - 2018-01-20 12:53 - 000000000 ____D C:\Intel
2018-01-20 08:30 - 2018-01-20 08:30 - 000077175 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-01-20 08:30 - 2018-01-20 08:30 - 000003194 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-01-20 08:30 - 2018-01-20 08:30 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2018-01-20 08:30 - 2018-01-20 08:30 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-01-20 08:30 - 2018-01-20 08:30 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-01-20 08:30 - 2018-01-20 08:30 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2018-01-20 08:30 - 2018-01-20 08:30 - 000000000 ____D C:\ProgramData\SRS Labs
2018-01-20 08:30 - 2018-01-20 08:30 - 000000000 ____D C:\Program Files\Realtek
2018-01-20 08:30 - 2018-01-20 08:30 - 000000000 ____D C:\Program Files\Intel
2018-01-20 08:30 - 2018-01-20 08:30 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2018-01-20 08:30 - 2017-05-15 00:55 - 000103912 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-01-20 08:30 - 2017-05-15 00:55 - 000099816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-01-20 08:29 - 2018-01-20 17:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-20 08:29 - 2018-01-20 14:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-20 08:29 - 2018-01-20 11:40 - 000000000 ____D C:\Program Files (x86)\Intel
2018-01-20 08:29 - 2018-01-20 08:29 - 000222832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-20 08:29 - 2018-01-20 08:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2018-01-20 08:29 - 2018-01-20 08:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2018-01-20 08:29 - 2018-01-20 08:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2018-01-20 08:29 - 2018-01-20 08:29 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-01-20 08:18 - 2018-01-20 08:18 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-01-20 08:17 - 2018-01-20 08:18 - 000000000 ____D C:\Windows.old
2018-01-20 08:17 - 2018-01-20 08:17 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-01-20 08:16 - 2018-01-20 08:16 - 000000000 ____D C:\Program Files\Synaptics
2018-01-20 08:14 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\Setup
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-01-20 08:11 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-01-20 08:11 - 2018-01-20 08:11 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-01-20 08:11 - 2018-01-20 08:11 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-01-20 08:11 - 2018-01-20 08:11 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-01-20 08:11 - 2018-01-20 08:11 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-01-20 08:11 - 2018-01-20 08:11 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-01-20 08:11 - 2018-01-20 08:11 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-01-20 08:11 - 2018-01-20 08:11 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-01-20 08:11 - 2018-01-20 08:11 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-01-20 08:11 - 2018-01-20 08:11 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-01-20 08:11 - 2018-01-20 08:11 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-01-20 08:11 - 2018-01-20 08:11 - 000000000 ____D C:\WINDOWS\OCR
2018-01-20 08:10 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-01-20 08:10 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-01-20 08:10 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-01-20 08:10 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-01-20 08:10 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-01-20 08:10 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2018-01-20 08:10 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-01-20 08:10 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-01-20 08:10 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-01-20 08:10 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-01-20 08:10 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\system32\0409
2018-01-20 08:10 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\DigitalLocker
2018-01-20 08:08 - 2017-12-22 05:45 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-01-20 08:08 - 2017-12-22 05:45 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-20 08:04 - 2018-01-20 19:35 - 000000000 ___RD C:\Program Files (x86)
2018-01-20 08:04 - 2018-01-20 17:32 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-20 08:04 - 2018-01-20 11:12 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-20 08:04 - 2018-01-20 11:12 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-20 08:04 - 2018-01-20 08:45 - 000000000 ____D C:\ProgramData\USOPrivate
2018-01-20 08:04 - 2018-01-20 08:36 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-01-20 08:04 - 2018-01-20 08:36 - 000000000 ____D C:\WINDOWS\system32\spool
2018-01-20 08:04 - 2018-01-20 08:36 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-01-20 08:04 - 2018-01-20 08:33 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-01-20 08:04 - 2018-01-20 08:31 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-01-20 08:04 - 2018-01-20 08:31 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-01-20 08:04 - 2018-01-20 08:18 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-01-20 08:04 - 2018-01-20 08:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-20 08:04 - 2018-01-20 08:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-20 08:04 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-20 08:04 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-01-20 08:04 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-20 08:04 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-01-20 08:04 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-01-20 08:04 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-20 08:04 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-20 08:04 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-20 08:04 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-20 08:04 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-01-20 08:04 - 2018-01-20 08:14 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-20 08:04 - 2018-01-20 08:14 - 000000000 ____D C:\Program Files\Windows Defender
2018-01-20 08:04 - 2018-01-20 08:11 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\system32\setup
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\system32\com
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\IME
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\Help
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ____D C:\Program Files\Common Files\system
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-01-20 08:04 - 2018-01-20 08:10 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 __RSD C:\WINDOWS\media
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 __RHD C:\Users\Public\Libraries
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\Web
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\Vss
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\tracing
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\TAPI
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SystemResources
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SystemApps
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\winevt
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\ras
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\IME
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\ias
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\System
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SKB
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\security
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\schemas
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\SchCache
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\Resources
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\rescache
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\Registration
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\PLA
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\Performance
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\InputMethod
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\Globalization
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\Cursors
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\Branding
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\appcompat
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\addins
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\Program Files\Windows Security
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\Program Files\windows nt
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\Program Files\Common Files\Services
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-01-20 08:04 - 2018-01-20 08:04 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-01-20 08:04 - 2018-01-20 08:01 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2018-01-20 08:04 - 2018-01-20 08:01 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2018-01-20 08:04 - 2018-01-20 08:01 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2018-01-20 08:04 - 2018-01-20 08:01 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2018-01-20 08:04 - 2018-01-20 08:01 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2018-01-20 08:04 - 2018-01-20 08:01 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2018-01-20 08:04 - 2018-01-20 08:01 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2018-01-20 08:04 - 2018-01-20 08:01 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2018-01-20 08:04 - 2018-01-20 08:01 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2018-01-20 08:04 - 2018-01-20 08:01 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2018-01-20 08:04 - 2018-01-20 08:01 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2018-01-20 08:04 - 2018-01-20 08:01 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2018-01-20 08:04 - 2018-01-20 08:01 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2018-01-20 08:04 - 2018-01-20 08:01 - 000000219 _____ C:\WINDOWS\system.ini
2018-01-20 08:04 - 2018-01-20 08:01 - 000000092 _____ C:\WINDOWS\win.ini
2018-01-20 08:01 - 2018-01-20 12:53 - 000000000 ____D C:\WINDOWS\INF
2018-01-20 07:56 - 2018-01-20 08:55 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-20 07:55 - 2018-01-20 17:24 - 080478208 _____ C:\WINDOWS\system32\config\SYSTEM
2018-01-20 07:55 - 2018-01-20 17:24 - 069992448 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-01-20 07:55 - 2018-01-20 17:24 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2018-01-20 07:55 - 2018-01-20 17:24 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-20 07:55 - 2018-01-20 17:24 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2018-01-20 07:55 - 2018-01-20 08:35 - 000000000 ____D C:\WINDOWS\Panther
2018-01-20 07:55 - 2018-01-20 08:29 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-20 07:55 - 2018-01-20 08:10 - 000000000 ____D C:\WINDOWS\servicing
2018-01-20 07:55 - 2018-01-20 08:08 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2018-01-20 07:55 - 2018-01-20 08:04 - 000000000 ____D C:\WINDOWS\system32\SMI
2018-01-20 07:45 - 2018-01-20 08:18 - 000000000 ___HD C:\$SysReset
2018-01-16 14:11 - 2017-08-18 02:23 - 000055384 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2018-01-16 14:11 - 2017-08-18 02:23 - 000053848 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF.sys
2018-01-16 13:59 - 2018-01-01 04:50 - 005905752 ____N (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-16 13:59 - 2018-01-01 04:49 - 008605080 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-16 13:59 - 2018-01-01 04:48 - 007831760 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-16 13:59 - 2018-01-01 04:41 - 007676296 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-16 13:59 - 2018-01-01 04:38 - 003904808 ____N (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-16 13:59 - 2018-01-01 04:34 - 007385088 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-16 13:59 - 2018-01-01 04:23 - 021352144 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-16 13:59 - 2018-01-01 03:45 - 006092152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-16 13:59 - 2018-01-01 03:42 - 006479552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-16 13:59 - 2018-01-01 03:37 - 025247232 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-16 13:59 - 2018-01-01 03:24 - 003668480 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-16 13:59 - 2018-01-01 03:20 - 019337216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-16 13:59 - 2018-01-01 03:20 - 018917888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-16 13:59 - 2018-01-01 03:19 - 008014848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-16 13:59 - 2018-01-01 03:17 - 011923968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-16 13:59 - 2018-01-01 03:15 - 012687872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-16 13:59 - 2018-01-01 03:15 - 006029312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-16 13:59 - 2018-01-01 03:14 - 023655936 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-16 13:59 - 2018-01-01 03:13 - 013657600 ____N (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-16 13:59 - 2018-01-01 03:13 - 012830208 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-16 13:59 - 2018-01-01 03:11 - 008108544 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-16 13:59 - 2018-01-01 03:11 - 004748288 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-16 13:59 - 2018-01-01 03:11 - 003165696 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-16 13:59 - 2017-12-07 14:10 - 006466048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-01-16 13:59 - 2017-12-07 14:02 - 007545344 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-01-16 13:59 - 2017-11-26 12:35 - 017084416 ____N (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-01-16 13:59 - 2017-11-26 12:32 - 021754368 ____N (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-01-16 13:59 - 2017-11-26 05:29 - 003010720 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-01-16 13:59 - 2017-11-26 05:29 - 002573208 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-01-16 13:59 - 2017-11-26 05:27 - 002446744 ____N (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-01-16 13:59 - 2017-11-26 05:23 - 001694224 ____N (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-01-16 13:59 - 2017-11-26 04:18 - 003186688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-01-16 13:59 - 2017-11-26 04:08 - 017159680 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-01-16 13:59 - 2017-11-26 04:04 - 002596352 ____N (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-01-16 13:59 - 2017-11-26 04:03 - 002783744 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-01-16 13:59 - 2017-11-26 03:59 - 004814848 ____N (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-01-16 13:59 - 2017-11-26 03:01 - 002339296 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-01-16 13:59 - 2017-11-26 02:36 - 013703168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-01-16 13:59 - 2017-11-26 02:28 - 004249600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-01-16 13:59 - 2017-11-18 23:35 - 003331520 ____N C:\WINDOWS\system32\Windows.Mirage.dll
2018-01-16 13:59 - 2017-11-18 18:20 - 002491112 ____N C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-01-16 13:59 - 2017-10-24 20:27 - 006791472 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-01-16 13:59 - 2017-10-24 20:20 - 002717392 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-01-16 13:59 - 2017-10-24 19:22 - 006015200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-01-16 13:59 - 2017-10-24 19:22 - 002465848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-01-16 13:59 - 2017-10-24 19:13 - 002972672 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-01-16 13:59 - 2017-10-09 22:49 - 001554216 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-01-16 13:58 - 2018-01-01 09:15 - 000956416 ____N (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-16 13:58 - 2018-01-01 04:54 - 000924648 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-16 13:58 - 2018-01-01 04:53 - 001090984 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-16 13:58 - 2018-01-01 04:52 - 000066712 ____N (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-16 13:58 - 2018-01-01 04:51 - 001414784 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-16 13:58 - 2018-01-01 04:51 - 001209240 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-16 13:58 - 2018-01-01 04:51 - 001055128 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-16 13:58 - 2018-01-01 04:51 - 000191816 ____N (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-16 13:58 - 2018-01-01 04:51 - 000059800 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-16 13:58 - 2018-01-01 04:50 - 000780464 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-16 13:58 - 2018-01-01 04:50 - 000479912 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-16 13:58 - 2018-01-01 04:50 - 000077208 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-16 13:58 - 2018-01-01 04:49 - 000599448 ____N (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-16 13:58 - 2018-01-01 04:49 - 000319352 ____N (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-16 13:58 - 2018-01-01 04:49 - 000292376 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-16 13:58 - 2018-01-01 04:48 - 001954048 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-16 13:58 - 2018-01-01 04:48 - 000382360 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-16 13:58 - 2018-01-01 04:47 - 000649304 ____N (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-16 13:58 - 2018-01-01 04:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-16 13:58 - 2018-01-01 04:46 - 002709704 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-16 13:58 - 2018-01-01 04:46 - 000898216 ____N (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-16 13:58 - 2018-01-01 04:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-16 13:58 - 2018-01-01 04:46 - 000471960 ____N (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-16 13:58 - 2018-01-01 04:45 - 002395032 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-16 13:58 - 2018-01-01 04:45 - 001277848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-16 13:58 - 2018-01-01 04:45 - 000398744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-16 13:58 - 2018-01-01 04:43 - 001173576 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-16 13:58 - 2018-01-01 04:43 - 000367336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-16 13:58 - 2018-01-01 04:43 - 000062872 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-16 13:58 - 2018-01-01 04:42 - 001029016 ____N (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-16 13:58 - 2018-01-01 04:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-16 13:58 - 2018-01-01 04:42 - 000494488 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-16 13:58 - 2018-01-01 04:42 - 000184984 ____N (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-16 13:58 - 2018-01-01 04:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-16 13:58 - 2018-01-01 04:41 - 000559512 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-16 13:58 - 2018-01-01 04:41 - 000549552 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-16 13:58 - 2018-01-01 04:40 - 001206680 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-16 13:58 - 2018-01-01 04:39 - 000902416 ____N (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-16 13:58 - 2018-01-01 04:39 - 000677784 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-16 13:58 - 2018-01-01 04:39 - 000508264 ____N (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-16 13:58 - 2018-01-01 04:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-16 13:58 - 2018-01-01 04:39 - 000129432 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-16 13:58 - 2018-01-01 04:38 - 000727448 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-16 13:58 - 2018-01-01 04:38 - 000519152 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-16 13:58 - 2018-01-01 04:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-16 13:58 - 2018-01-01 04:38 - 000038808 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-16 13:58 - 2018-01-01 04:37 - 001426664 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-16 13:58 - 2018-01-01 04:37 - 000461720 ____N (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-16 13:58 - 2018-01-01 04:36 - 000413888 ____N (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-16 13:58 - 2018-01-01 04:36 - 000374032 ____N (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-16 13:58 - 2018-01-01 04:36 - 000166296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-16 13:58 - 2018-01-01 04:36 - 000113560 ____N (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-16 13:58 - 2018-01-01 04:36 - 000057752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-16 13:58 - 2018-01-01 04:35 - 001170008 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-16 13:58 - 2018-01-01 04:35 - 000075160 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-16 13:58 - 2018-01-01 04:34 - 001336344 ____N (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-16 13:58 - 2018-01-01 04:34 - 000260896 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-16 13:58 - 2018-01-01 04:34 - 000087384 ____N (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-16 13:58 - 2018-01-01 04:33 - 002773400 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-16 13:58 - 2018-01-01 04:33 - 000603920 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-16 13:58 - 2018-01-01 04:32 - 004481240 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-16 13:58 - 2018-01-01 04:32 - 000617304 ____N (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-16 13:58 - 2018-01-01 04:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-16 13:58 - 2018-01-01 04:27 - 000163736 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-16 13:58 - 2018-01-01 04:26 - 000428952 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-16 13:58 - 2018-01-01 04:26 - 000081304 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-16 13:58 - 2018-01-01 04:25 - 000615768 ____N (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-16 13:58 - 2018-01-01 04:25 - 000147864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-16 13:58 - 2018-01-01 04:21 - 001103768 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-16 13:58 - 2018-01-01 04:21 - 000614296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-16 13:58 - 2018-01-01 04:06 - 000311192 ____N (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-16 13:58 - 2018-01-01 04:03 - 000777904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-16 13:58 - 2018-01-01 04:03 - 000650328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-16 13:58 - 2018-01-01 04:03 - 000566664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-16 13:58 - 2018-01-01 04:03 - 000123512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-16 13:58 - 2018-01-01 03:53 - 001615712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-16 13:58 - 2018-01-01 03:49 - 000481464 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-16 13:58 - 2018-01-01 03:49 - 000258808 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-16 13:58 - 2018-01-01 03:46 - 003485392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-16 13:58 - 2018-01-01 03:46 - 000289816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-16 13:58 - 2018-01-01 03:45 - 005615968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-16 13:58 - 2018-01-01 03:45 - 002192624 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-16 13:58 - 2018-01-01 03:45 - 000450928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-16 13:58 - 2018-01-01 03:43 - 020286120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 004644912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 001246432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 001003152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000982528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000386424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000129184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000074992 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-16 13:58 - 2018-01-01 03:34 - 000703568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 002905600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-16 13:58 - 2018-01-01 03:25 - 001008640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 000475648 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 000344576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 000097792 ____N C:\WINDOWS\system32\runexehelper.exe
2018-01-16 13:58 - 2018-01-01 03:24 - 000240640 ____N (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-16 13:58 - 2018-01-01 03:24 - 000202240 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-16 13:58 - 2018-01-01 03:24 - 000096256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-16 13:58 - 2018-01-01 03:24 - 000038912 ____N (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 001313792 ____N (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000561152 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000536576 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-16 13:58 - 2018-01-01 03:23 - 000250368 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000232960 ____N (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-16 13:58 - 2018-01-01 03:23 - 000121344 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000080384 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-16 13:58 - 2018-01-01 03:23 - 000047104 ____N (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-16 13:58 - 2018-01-01 03:22 - 000031744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-16 13:58 - 2018-01-01 03:22 - 000025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-16 13:58 - 2018-01-01 03:22 - 000017408 ____N (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000268288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000233984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-16 13:58 - 2018-01-01 03:21 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000097280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000097280 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-16 13:58 - 2018-01-01 03:21 - 000080896 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-16 13:58 - 2018-01-01 03:21 - 000062976 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-16 13:58 - 2018-01-01 03:20 - 000524288 ____N (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000459776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000397824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000225792 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-16 13:58 - 2018-01-01 03:20 - 000215552 ____N (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000212992 ____N (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000204288 ____N (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000186368 ____N (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000175616 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000134656 ____N (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000104960 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000082432 ____N (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-16 13:58 - 2018-01-01 03:20 - 000035328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000795136 ____N (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000675328 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000461312 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000450048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000430080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000416768 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-16 13:58 - 2018-01-01 03:19 - 000369152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000366080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000365568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000340480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-16 13:58 - 2018-01-01 03:19 - 000334848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000316928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-16 13:58 - 2018-01-01 03:19 - 000188416 ____N (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000174592 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000149504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000142848 ____N (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000097792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000093696 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000079872 ____N (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000073216 ____N (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-16 13:58 - 2018-01-01 03:19 - 000063488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000043008 ____N (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000748032 ____N (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000699904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000588800 ____N (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000465920 ____N (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000436224 ____N (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000432640 ____N (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000431616 ____N (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000427008 ____N (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000425984 ____N (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000391168 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000380928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000374784 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000369664 ____N (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000343040 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000336896 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000276480 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000261632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000259072 ____N (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000210944 ____N (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000144896 ____N (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000082944 ____N (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 006564864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 001485312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000791552 ____N (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000708096 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000616960 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000594432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000568832 ____N (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000559104 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000555520 ____N (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000542208 ____N (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000456704 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000423936 ____N (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000341504 ____N (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000228352 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-16 13:58 - 2018-01-01 03:17 - 000112640 ____N (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 005833216 ____N (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 004839424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 003676672 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000966656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000956928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000831488 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000815616 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000812544 ____N (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000720896 ____N (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000668160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000664576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000624128 ____N (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000594944 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000463360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000401920 ____N (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000235008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000086528 ____N (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000076288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 002349568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 001657856 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 001245184 ____N (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000970240 ____N (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000951808 ____N (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000756736 ____N (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000588800 ____N (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000434176 ____N (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000366080 ____N (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000258560 ____N (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 002465280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 001495040 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 001097728 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 001003008 ____N (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 000985600 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 000917504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 000870912 ____N (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 003121664 ____N (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 002869760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 002013184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-16 13:58 - 2018-01-01 03:13 - 001559552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 001474560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 000897024 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 002633216 ____N (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 002208768 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 001573376 ____N (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 001547776 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 001424896 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 000760320 ____N (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-16 13:58 - 2018-01-01 03:12 - 000464384 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 003334144 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 002859520 ____N (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 002082304 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-16 13:58 - 2018-01-01 03:11 - 001822208 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001816576 ____N (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001597952 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001343488 ____N (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001231872 ____N (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 000880640 ____N (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 000812032 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 000715776 ____N (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-16 13:58 - 2018-01-01 03:10 - 003126272 ____N (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-16 13:58 - 2018-01-01 03:10 - 002528256 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-16 13:58 - 2018-01-01 03:10 - 000012800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 001487872 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 000925184 ____N (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 000666624 ____N (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 000599552 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-16 13:58 - 2018-01-01 03:08 - 000963072 ____N (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-16 13:58 - 2018-01-01 03:08 - 000726016 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-16 13:58 - 2018-01-01 03:08 - 000685056 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-16 13:58 - 2018-01-01 03:08 - 000505344 ____N (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-16 13:58 - 2018-01-01 03:06 - 000018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-16 13:58 - 2018-01-01 03:05 - 002510848 ____N (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-16 13:58 - 2018-01-01 03:05 - 001160704 ____N (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-16 13:58 - 2018-01-01 03:05 - 000050176 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-16 13:58 - 2017-12-07 22:52 - 000666112 ____N (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-01-16 13:58 - 2017-12-07 15:34 - 001925296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-01-16 13:58 - 2017-12-07 15:34 - 001634288 ____N (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-01-16 13:58 - 2017-12-07 15:28 - 000710912 ____N (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-01-16 13:58 - 2017-12-07 15:28 - 000630752 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2018-01-16 13:58 - 2017-12-07 15:27 - 004504456 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-01-16 13:58 - 2017-12-07 15:26 - 000525208 ____N (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-01-16 13:58 - 2017-12-07 15:24 - 000705944 ____N (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-01-16 13:58 - 2017-12-07 15:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-01-16 13:58 - 2017-12-07 15:24 - 000246168 ____N (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-01-16 13:58 - 2017-12-07 15:22 - 001003104 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-01-16 13:58 - 2017-12-07 15:22 - 000979352 ____N (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-01-16 13:58 - 2017-12-07 15:22 - 000137544 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-01-16 13:58 - 2017-12-07 15:16 - 001776272 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-01-16 13:58 - 2017-12-07 15:15 - 000721592 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-01-16 13:58 - 2017-12-07 15:12 - 000401304 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2018-01-16 13:58 - 2017-12-07 14:56 - 001528904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-01-16 13:58 - 2017-12-07 14:55 - 001490328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-01-16 13:58 - 2017-12-07 14:55 - 000097144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-01-16 13:58 - 2017-12-07 14:37 - 001145104 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-01-16 13:58 - 2017-12-07 14:36 - 000769096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2018-01-16 13:58 - 2017-12-07 14:33 - 000747416 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-01-16 13:58 - 2017-12-07 14:33 - 000592280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-01-16 13:58 - 2017-12-07 14:31 - 001522176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-01-16 13:58 - 2017-12-07 14:12 - 000101376 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2018-01-16 13:58 - 2017-12-07 14:10 - 000150528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-01-16 13:58 - 2017-12-07 14:10 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-01-16 13:58 - 2017-12-07 14:09 - 001663488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2018-01-16 13:58 - 2017-12-07 14:09 - 000235520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-01-16 13:58 - 2017-12-07 14:09 - 000147456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2018-01-16 13:58 - 2017-12-07 14:09 - 000143360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2018-01-16 13:58 - 2017-12-07 14:09 - 000136704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2018-01-16 13:58 - 2017-12-07 14:08 - 000514560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2018-01-16 13:58 - 2017-12-07 14:08 - 000206336 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2018-01-16 13:58 - 2017-12-07 14:08 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000254976 ____N (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000246272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000172544 ____N (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-01-16 13:58 - 2017-12-07 14:06 - 000676352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-01-16 13:58 - 2017-12-07 14:06 - 000174080 ____N (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2018-01-16 13:58 - 2017-12-07 14:06 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2018-01-16 13:58 - 2017-12-07 14:05 - 001670656 ____N (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000559616 ____N (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000539136 ____N (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000481792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000363008 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000306688 ____N (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000222208 ____N (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2018-01-16 13:58 - 2017-12-07 14:05 - 000019456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2018-01-16 13:58 - 2017-12-07 14:04 - 001498112 ____N (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-01-16 13:58 - 2017-12-07 14:04 - 001321472 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 001230848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000841728 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000708096 ____N (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000308736 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000085504 ____N (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2018-01-16 13:58 - 2017-12-07 14:02 - 002864640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2018-01-16 13:58 - 2017-12-07 14:02 - 002117632 ____N (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2018-01-16 13:58 - 2017-12-07 14:02 - 000496640 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 004592640 ____N (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 001980928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 000601088 ____N (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 000021504 ____N (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2018-01-16 13:58 - 2017-12-07 14:00 - 001509888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-01-16 13:58 - 2017-12-07 13:59 - 002105856 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-01-16 13:58 - 2017-12-07 13:59 - 001666048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-01-16 13:58 - 2017-12-07 13:59 - 001058304 ____N (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-01-16 13:58 - 2017-12-07 13:58 - 003478016 ____N (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2018-01-16 13:58 - 2017-12-07 13:58 - 003211776 ____N (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-01-16 13:58 - 2017-12-07 13:58 - 001353728 ____N (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-01-16 13:58 - 2017-12-07 13:56 - 002666496 ____N (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2018-01-16 13:58 - 2017-12-07 13:56 - 001739264 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-01-16 13:58 - 2017-12-07 13:54 - 001570816 ____N (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-01-16 13:58 - 2017-11-26 12:15 - 000882688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-01-16 13:58 - 2017-11-26 08:43 - 000618496 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-01-16 13:58 - 2017-11-26 05:45 - 001642520 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-01-16 13:58 - 2017-11-26 05:45 - 000264040 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-01-16 13:58 - 2017-11-26 05:45 - 000198888 ____N (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-01-16 13:58 - 2017-11-26 05:41 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-01-16 13:58 - 2017-11-26 05:38 - 001636376 ____N (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-01-16 13:58 - 2017-11-26 05:32 - 000373656 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-01-16 13:58 - 2017-11-26 05:31 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-01-16 13:58 - 2017-11-26 05:30 - 001488792 ____N (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-01-16 13:58 - 2017-11-26 05:29 - 000891800 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-01-16 13:58 - 2017-11-26 05:29 - 000840440 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2018-01-16 13:58 - 2017-11-26 05:29 - 000749976 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-01-16 13:58 - 2017-11-26 05:29 - 000703536 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-01-16 13:58 - 2017-11-26 05:29 - 000436120 ____N (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-01-16 13:58 - 2017-11-26 05:28 - 001259344 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-01-16 13:58 - 2017-11-26 05:28 - 001012120 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2018-01-16 13:58 - 2017-11-26 05:28 - 000495000 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-01-16 13:58 - 2017-11-26 05:28 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-01-16 13:58 - 2017-11-26 05:27 - 002412168 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-01-16 13:58 - 2017-11-26 05:27 - 000464408 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-01-16 13:58 - 2017-11-26 05:27 - 000230296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-01-16 13:58 - 2017-11-26 05:26 - 000048112 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-01-16 13:58 - 2017-11-26 05:23 - 001054280 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-01-16 13:58 - 2017-11-26 05:23 - 000754688 ____N (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-01-16 13:58 - 2017-11-26 05:22 - 000404888 ____N (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-01-16 13:58 - 2017-11-26 05:21 - 001585376 ____N (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-01-16 13:58 - 2017-11-26 05:21 - 000654048 ____N (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-01-16 13:58 - 2017-11-26 04:57 - 001664000 ____N (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 001289216 ____N (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000329728 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000301056 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000211456 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-01-16 13:58 - 2017-11-26 04:55 - 000175104 ____N (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000084992 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-01-16 13:58 - 2017-11-26 04:54 - 000327680 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-01-16 13:58 - 2017-11-26 04:54 - 000092160 ____N (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-01-16 13:58 - 2017-11-26 04:47 - 002890240 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-01-16 13:58 - 2017-11-26 04:43 - 000239104 ____N (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-01-16 13:58 - 2017-11-26 04:36 - 000169472 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-01-16 13:58 - 2017-11-26 04:36 - 000168448 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2018-01-16 13:58 - 2017-11-26 04:36 - 000041472 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2018-01-16 13:58 - 2017-11-26 04:35 - 000170496 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2018-01-16 13:58 - 2017-11-26 04:35 - 000057856 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-01-16 13:58 - 2017-11-26 04:34 - 000126464 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2018-01-16 13:58 - 2017-11-26 04:33 - 000361984 ____N (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2018-01-16 13:58 - 2017-11-26 04:31 - 000529408 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-01-16 13:58 - 2017-11-26 04:31 - 000115200 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-01-16 13:58 - 2017-11-26 04:29 - 000474112 ____N (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2018-01-16 13:58 - 2017-11-26 04:29 - 000238080 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-01-16 13:58 - 2017-11-26 04:28 - 000394752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-01-16 13:58 - 2017-11-26 04:26 - 000830464 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2018-01-16 13:58 - 2017-11-26 04:26 - 000770048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-01-16 13:58 - 2017-11-26 04:26 - 000432640 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 001425408 ____N (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000516096 ____N (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000354304 ____N (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000292864 ____N (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000266752 ____N (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-01-16 13:58 - 2017-11-26 04:19 - 001167360 ____N (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-01-16 13:58 - 2017-11-26 04:19 - 000887296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-01-16 13:58 - 2017-11-26 04:19 - 000059392 ____N (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2018-01-16 13:58 - 2017-11-26 04:18 - 000556544 ____N (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-01-16 13:58 - 2017-11-26 04:17 - 001054720 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-01-16 13:58 - 2017-11-26 04:05 - 000462336 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-01-16 13:58 - 2017-11-26 04:04 - 003578368 ____N (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-01-16 13:58 - 2017-11-26 04:03 - 004772352 ____N (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-01-16 13:58 - 2017-11-26 04:00 - 000899584 ____N (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-01-16 13:58 - 2017-11-26 03:59 - 000259072 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-01-16 13:58 - 2017-11-26 03:58 - 000151040 ____N (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2018-01-16 13:58 - 2017-11-26 03:48 - 000534528 ____N (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2018-01-16 13:58 - 2017-11-26 03:48 - 000079360 ____N (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2018-01-16 13:58 - 2017-11-26 03:21 - 001474680 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-01-16 13:58 - 2017-11-26 03:21 - 001432816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-01-16 13:58 - 2017-11-26 03:02 - 001124760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000791960 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-01-16 13:58 - 2017-11-26 03:01 - 000746904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000590944 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000506256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000354200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-01-16 13:58 - 2017-11-26 03:00 - 001990160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-01-16 13:58 - 2017-11-26 03:00 - 000353848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-01-16 13:58 - 2017-11-26 02:58 - 001148216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-01-16 13:58 - 2017-11-26 02:58 - 001057824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-01-16 13:58 - 2017-11-26 02:51 - 001558856 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-01-16 13:58 - 2017-11-26 02:51 - 000661664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 002393600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 001470976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 000372224 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 000065536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-01-16 13:58 - 2017-11-26 02:40 - 000160256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-01-16 13:58 - 2017-11-26 02:38 - 000271872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2018-01-16 13:58 - 2017-11-26 02:37 - 000098304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-01-16 13:58 - 2017-11-26 02:36 - 000444928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-01-16 13:58 - 2017-11-26 02:36 - 000351232 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2018-01-16 13:58 - 2017-11-26 02:36 - 000315392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2018-01-16 13:58 - 2017-11-26 02:35 - 000557056 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2018-01-16 13:58 - 2017-11-26 02:35 - 000293888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2018-01-16 13:58 - 2017-11-26 02:35 - 000242176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-01-16 13:58 - 2017-11-26 02:31 - 000660480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-01-16 13:58 - 2017-11-26 02:31 - 000456704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-01-16 13:58 - 2017-11-26 02:30 - 004385280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-01-16 13:58 - 2017-11-26 02:30 - 002859520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2018-01-16 13:58 - 2017-11-26 02:29 - 000823808 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-01-16 13:58 - 2017-11-26 02:24 - 000614912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2018-01-16 13:58 - 2017-11-26 02:24 - 000068096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2018-01-16 13:58 - 2017-10-25 01:11 - 000336896 ____N (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2018-01-16 13:58 - 2017-10-24 20:41 - 000362176 ____N (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2018-01-16 13:58 - 2017-10-24 20:40 - 000612760 ____N (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-01-16 13:58 - 2017-10-24 20:40 - 000269696 ____N C:\WINDOWS\system32\FaceProcessorCore.dll
2018-01-16 13:58 - 2017-10-24 20:39 - 000479912 ____N (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2018-01-16 13:58 - 2017-10-24 20:37 - 000610712 ____N (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-01-16 13:58 - 2017-10-24 20:31 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-01-16 13:58 - 2017-10-24 20:30 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-01-16 13:58 - 2017-10-24 20:29 - 002269080 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 20:29 - 001507736 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-01-16 13:58 - 2017-10-24 20:27 - 001970520 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:27 - 001454568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:27 - 001377080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:27 - 001015008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000975872 ____N C:\WINDOWS\system32\FaceProcessor.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000135168 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000095744 ____N (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000056320 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-01-16 13:58 - 2017-10-24 19:16 - 000227328 ____N (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-01-16 13:58 - 2017-10-24 19:16 - 000114688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2018-01-16 13:58 - 2017-10-24 19:14 - 000046080 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2018-01-16 13:58 - 2017-10-24 19:12 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-01-16 13:58 - 2017-10-24 19:11 - 000768512 ____N (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-01-16 13:58 - 2017-10-24 19:09 - 001806336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2018-01-16 13:58 - 2017-10-24 19:08 - 000654848 ____N (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2018-01-16 13:58 - 2017-10-24 19:08 - 000487424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-01-16 13:58 - 2017-10-24 19:07 - 000064512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2018-01-16 13:58 - 2017-10-24 19:05 - 000022528 ____N (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2018-01-16 13:58 - 2017-10-24 19:04 - 000124928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2018-01-16 13:58 - 2017-10-24 19:04 - 000041984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2018-01-16 13:58 - 2017-10-24 19:02 - 000591872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-01-16 13:58 - 2017-10-24 18:58 - 001280000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2018-01-16 13:58 - 2017-10-24 18:54 - 000022528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2018-01-16 13:58 - 2017-10-19 21:08 - 000339968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-01-16 13:58 - 2017-10-09 23:11 - 000739696 ____N (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-01-16 13:58 - 2017-10-09 22:54 - 001463856 ____N (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-01-16 13:58 - 2017-10-09 22:49 - 000060824 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2018-01-16 13:58 - 2017-10-09 22:43 - 000418712 ____N (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2018-01-16 13:58 - 2017-10-09 22:31 - 001323840 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-01-16 13:58 - 2017-10-09 22:11 - 000597160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-01-16 13:58 - 2017-10-09 22:07 - 001261864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-01-16 13:58 - 2017-10-09 22:06 - 000353688 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2018-01-16 13:58 - 2017-10-09 21:43 - 000566272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2018-01-16 13:58 - 2017-10-09 21:43 - 000070656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2018-01-16 13:58 - 2017-10-09 21:42 - 000326144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2018-01-16 13:58 - 2017-10-09 21:34 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-01-16 13:58 - 2017-10-09 21:34 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-01-16 13:58 - 2017-10-09 21:33 - 000086016 ____N (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2018-01-16 13:58 - 2017-10-09 21:33 - 000058880 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2018-01-16 13:58 - 2017-10-09 21:31 - 000665088 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2018-01-16 13:58 - 2017-10-09 21:31 - 000478208 ____N (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2018-01-16 13:58 - 2017-10-09 21:30 - 000442880 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2018-01-16 13:58 - 2017-10-09 21:24 - 000285696 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-01-16 13:58 - 2017-10-03 14:42 - 000640512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2018-01-16 13:58 - 2017-10-03 14:42 - 000008704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2018-01-16 12:47 - 2016-01-05 17:50 - 000328920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsP2Stor.sys
2018-01-16 12:47 - 2015-12-18 10:06 - 004330200 _____ (TODO: <Company name>) C:\WINDOWS\RtCRU64.exe
2018-01-16 12:47 - 2014-10-20 17:50 - 000083160 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
2018-01-16 12:47 - 2014-01-27 13:39 - 009890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 001804688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01011.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 001392792 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\esif_uf.exe
2018-01-16 12:42 - 2015-10-30 02:32 - 000971944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 000668840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 000260072 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\esif_lf.sys
2018-01-16 12:42 - 2015-10-30 02:31 - 000055784 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\dptf_acpi.sys
2018-01-16 12:42 - 2015-10-30 02:31 - 000052200 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\dptf_cpu.sys
2017-11-09 01:55 - 2017-11-09 01:55 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-11-09 01:55 - 2017-11-09 01:55 - 000532368 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-11-09 01:55 - 2017-11-09 01:55 - 000381400 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-11-09 01:55 - 2017-11-09 01:55 - 000166192 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 003410320 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 003121112 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000986992 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-11-09 01:45 - 2017-11-09 01:45 - 000866632 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 003562432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 003509192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 001351232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 001016920 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000877424 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000868176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000737960 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000691672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000526280 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000387304 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000321704 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000088336 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-11-09 01:34 - 2017-11-09 01:34 - 001617728 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-11-09 01:34 - 2017-11-09 01:34 - 001529128 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-11-09 01:33 - 2017-11-09 01:33 - 000609384 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2017-11-09 01:33 - 2017-11-09 01:33 - 000115120 _____ (Conexant System, Inc.) C:\WINDOWS\system32\Caf64api.dll
2017-11-09 01:27 - 2017-11-09 01:27 - 003677152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-11-09 01:27 - 2017-11-09 01:27 - 003205592 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-11-09 01:27 - 2017-11-09 01:27 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-11-09 01:26 - 2017-11-09 01:26 - 072520704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-11-09 01:26 - 2017-11-09 01:26 - 006033832 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-11-09 01:26 - 2017-11-09 01:26 - 002922976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-11-09 01:26 - 2017-11-09 01:26 - 000023680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-11-09 01:25 - 2017-11-09 01:25 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-11-09 01:01 - 2017-11-09 01:01 - 014848602 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-11-09 01:01 - 2017-11-09 01:01 - 000005604 _____ C:\WINDOWS\system32\cxapo.lncs
2017-11-09 01:01 - 2017-11-09 01:01 - 000003780 _____ C:\WINDOWS\system32\cxapo.prop
==================== Three Months Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)

Some files in TEMP:
====================
2018-01-20 11:41 - 2016-10-06 00:02 - 000023472 _____ () C:\Users\Someone\AppData\Local\Temp\InstUpd.exe
2018-01-20 11:41 - 2016-11-16 02:56 - 001729080 _____ (GIGABYTE) C:\Users\Someone\AppData\Local\Temp\setup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {4a678cf4-fb02-11e7-95eb-806e6f6e6963}
                        {4a678cf3-fb02-11e7-95eb-806e6f6e6963}
timeout                 20
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {79eb2a3b-fdfd-11e7-ba67-cdaa986dae52}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 0
Firmware Application (101fffff)
-------------------------------
identifier              {4a678cf3-fb02-11e7-95eb-806e6f6e6963}
description             EFI USB Device
Firmware Application (101fffff)
-------------------------------
identifier              {4a678cf4-fb02-11e7-95eb-806e6f6e6963}
description             Internal Hard Disk or Solid State Disk
Windows Boot Loader
-------------------
identifier              {254aa7c9-f984-11e7-b26a-ce11479db281}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{254aa7ca-f984-11e7-b26a-ce11479db281}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  PushButtonReset
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{254aa7ca-f984-11e7-b26a-ce11479db281}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {254aa7c9-f984-11e7-b26a-ce11479db281}
displaymessageoverride  Recovery
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {79eb2a3b-fdfd-11e7-ba67-cdaa986dae52}
nx                      OptIn
bootmenupolicy          Standard
Resume from Hibernate
---------------------
identifier              {79eb2a3b-fdfd-11e7-ba67-cdaa986dae52}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {254aa7c9-f984-11e7-b26a-ce11479db281}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
EMS Settings
------------
identifier              {emssettings}
bootems                 No
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Local
RAM Defects
-----------
identifier              {badmemory}
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
Device options
--------------
identifier              {254aa7ca-f984-11e7-b26a-ce11479db281}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

LastRegBack: 2018-01-20 08:29
==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

 

Users shortcut scan result (x64) Version: 17.01.2018 01
Ran by Someone (20-01-2018 20:28:41)
Running from C:\New folder
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\Someone\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\Someone\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\Someone\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\Someone\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\Someone\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\Someone ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\Links\Desktop.lnk -> C:\Users\Someone\Desktop ()
Shortcut: C:\Users\Someone\Links\Downloads.lnk -> C:\Users\Someone\Downloads ()
Shortcut: C:\Users\Someone\Links\Home Cloud.lnk -> C:\Program Files (x86)\GIGABYTE\CloudStation_Server\HomeCloud\ShareFolder\Short ()
Shortcut: C:\Users\Someone\Links\OneDrive.lnk -> C:\Users\Someone\OneDrive ()
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Someone\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Open Windows Repair (WR) Tray Icon.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Tweaking.com)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Registry Backup.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\registry_backup_tool\TweakingRegistryBackup.exe (Tweaking.com)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Windows Repair.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking.com)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Windows Repair Help.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\help\windows_repair.chm ()
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) ->  /LAUNCH_BY_STARTMENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Uninstall Tweaking.com - Windows Repair.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe (Indigo Rose Corporation) -> "/U:C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\Users\Someone\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Someone\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

InternetURL: C:\Users\Someone\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
==================== End of Shortcut.txt =============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by Someone (20-01-2018 20:28:00)
Running from C:\New folder
Windows 10 Home Version 1709 16299.192 (X64) (2018-01-20 16:35:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-912802712-2140372985-3276877459-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-912802712-2140372985-3276877459-503 - Limited - Disabled)
Guest (S-1-5-21-912802712-2140372985-3276877459-501 - Limited - Enabled)
Someone (S-1-5-21-912802712-2140372985-3276877459-1001 - Administrator - Enabled) => C:\Users\Someone
WDAGUtilityAccount (S-1-5-21-912802712-2140372985-3276877459-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Microsoft OneDrive (HKU\S-1-5-21-912802712-2140372985-3276877459-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.29092 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8295 - Realtek Semiconductor Corp.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.12 - Tweaking.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {24715694-D349-4391-8E4A-18198E5B600E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {4DFE3645-7865-49E0-9DB8-D4E2C749E31B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {64B733E3-CC74-4DAD-840C-47691FD2C633} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {7D1D8518-6EB9-4412-B90B-ABFD866D598F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {B5ECA21C-4B27-4DCD-A009-D9EB18E1E75E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2017-11-09] (Realtek Semiconductor)
Task: {BCBA83B3-7C2A-4CC6-A58C-95FD36CDB909} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {C109907E-2D6E-4036-BBD2-6FAD358DAD1F} - System32\Tasks\S-1-5-21-912802712-2140372985-3276877459-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {F5768C84-713A-43F1-9846-6B675C64999C} - System32\Tasks\RtHDVBg_Session => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-11-09] (Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-01-16 13:59 - 2017-11-26 04:23 - 011044864 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-01-16 13:59 - 2017-11-26 04:01 - 001804288 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-29 05:41 - 2017-09-29 05:41 - 000030208 ____N () C:\WINDOWS\system32\Windows.WARP.JITService.exe
2018-01-20 10:00 - 2018-01-20 10:00 - 000102088 _____ () C:\Users\Someone\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-01-20 08:04 - 2018-01-20 08:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-912802712-2140372985-3276877459-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 216.165.129.158 - 216.170.153.146
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{E90CDB9C-3F87-45BC-9B88-67BE617C7EC6}] => (Allow) LPort=9009
FirewallRules: [{4BEB1127-935C-4C03-B6C7-41E97CEE3891}] => (Allow) LPort=9009
FirewallRules: [{EA63073C-1117-4B82-8B2A-7A8E6870E2A6}] => (Allow) LPort=9009
FirewallRules: [{14CA7948-A4AD-402D-A1AB-B5FB33870764}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation_Server\HomeCloud\HCLOUD.exe
FirewallRules: [{114E4413-883C-4EE9-A369-3DDCB4BD0183}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation_Server\RemoteOC\ubssrv_oc_only.exe
FirewallRules: [{09BA811D-0DA0-4D72-88CC-D05B439220B9}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation_Server\RemoteControl\grckm.exe
FirewallRules: [{D40CCBBE-00E5-4226-8A65-98F00F31A612}] => (Allow) LPort=1980
FirewallRules: [{CA4AAD35-E7BB-4FBB-9C20-02300384ADE3}] => (Allow) LPort=1900
FirewallRules: [{DC2A04B2-D56A-41E8-BD3B-2B2B8F7423B2}] => (Allow) LPort=1900
FirewallRules: [{9235936F-8322-478C-88FB-58018512C738}] => (Allow) LPort=8989
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2018 05:27:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasyTuneEngineService.exe, version: 8.0.8.0, time stamp: 0x592fe6bc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x03168925
Faulting process id: 0x1894
Faulting application start time: 0x01d39257050fa952
Faulting application path: C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
Faulting module path: unknown
Report Id: 8e83a22c-9500-4ab0-ad20-744a6957918c
Faulting package full name:
Faulting package-relative application ID:
Error: (01/20/2018 05:27:40 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: EasyTuneEngineService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctions.BdrAid.SearchKeyword(UInt64, UInt64, System.String, UInt64 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctions.BdrAid.RetrieveBaseOffset4ReverseDirection(Int64, UInt64, UInt64, UInt64 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctions.BdrAid..ctor(Boolean)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctions.EasyFunctionHeader.RetrieveSmiPort(Int32 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctions.EasyHealthHeader..ctor(Boolean)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctions.EasyTableComWrapper.UpdateFile()
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctionAddressManagement.CreateFile()
   at EasyTuneEngineService.EasyTuneEngineService.OnStart(System.String[])
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (01/20/2018 04:03:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.15, time stamp: 0x59cda7cd
Faulting module name: ntdll.dll, version: 10.0.16299.192, time stamp: 0x6dead514
Exception code: 0xcfffffff
Fault offset: 0x000000000009fef4
Faulting process id: 0x2698
Faulting application start time: 0x01d3923b13769bae
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 7836e1ed-f81a-446e-8225-cb60ceccbeb0
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (01/20/2018 11:49:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasyTuneEngineService.exe, version: 8.0.6.6, time stamp: 0x584a4307
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02a158cd
Faulting process id: 0x1314
Faulting application start time: 0x01d39227c18ade49
Faulting application path: C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
Faulting module path: unknown
Report Id: ddabd605-28b8-4127-bb17-7a3458d2d885
Faulting package full name:
Faulting package-relative application ID:
Error: (01/20/2018 11:49:20 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: EasyTuneEngineService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at Gigabyte.ComputerSystemHardware.BIOS.BdrAid.SearchKeyword(UInt64, UInt64, System.String, UInt64 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.BdrAid.RetrieveBaseOffset4ReverseDirection(Int64, UInt64, UInt64, UInt64 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.BdrAid..ctor(Boolean)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctionHeader.RetrieveSmiPort(Int32 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyHealthHeader..ctor(Boolean)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyTableComWrapper.UpdateFile()
   at Gigabyte.EasyTune.EasyFunctions.EasyTableControl.UpdateSmiDataFile()
   at EasyTuneEngineService.EasyTuneEngineService.OnStart(System.String[])
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (01/20/2018 11:47:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasyTuneEngineService.exe, version: 8.0.6.6, time stamp: 0x584a4307
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x033c70fd
Faulting process id: 0x1160
Faulting application start time: 0x01d392277f71a22c
Faulting application path: C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
Faulting module path: unknown
Report Id: 80effabb-cc40-43eb-af43-c9a628f7517c
Faulting package full name:
Faulting package-relative application ID:
Error: (01/20/2018 11:47:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: EasyTuneEngineService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at Gigabyte.ComputerSystemHardware.BIOS.BdrAid.SearchKeyword(UInt64, UInt64, System.String, UInt64 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.BdrAid.RetrieveBaseOffset4ReverseDirection(Int64, UInt64, UInt64, UInt64 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.BdrAid..ctor(Boolean)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctionHeader.RetrieveSmiPort(Int32 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyHealthHeader..ctor(Boolean)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyTableComWrapper.UpdateFile()
   at Gigabyte.EasyTune.EasyFunctions.EasyTableControl.UpdateSmiDataFile()
   at EasyTuneEngineService.EasyTuneEngineService.OnStart(System.String[])
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (01/20/2018 09:56:31 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (4464,P,0) TILEREPOSITORYS-1-5-21-912802712-2140372985-3276877459-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
Error: (01/20/2018 09:56:31 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (4464,P,0) TILEREPOSITORYS-1-5-21-912802712-2140372985-3276877459-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
Error: (01/20/2018 09:56:31 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (4464,P,0) TILEREPOSITORYS-1-5-21-912802712-2140372985-3276877459-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

System errors:
=============
Error: (01/20/2018 08:11:24 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J4K9RUG)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (01/20/2018 08:11:24 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J4K9RUG)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (01/20/2018 05:41:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/20/2018 05:28:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Gservice service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/20/2018 05:27:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The EasyTune Engine service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/20/2018 05:24:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J4K9RUG)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (01/20/2018 05:24:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J4K9RUG)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (01/20/2018 05:24:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J4K9RUG)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (01/20/2018 03:33:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J4K9RUG)
Description: The server Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout.
Error: (01/20/2018 01:19:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J4K9RUG)
Description: The server Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout.

==================== Memory info ===========================
Processor: Intel® Celeron® CPU N3060 @ 1.60GHz
Percentage of memory in use: 50%
Total physical RAM: 4001.58 MB
Available physical RAM: 1999.23 MB
Total Virtual: 5409.58 MB
Available Virtual: 3378.17 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:28.52 GB) (Free:10.69 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 29.1 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 SomeTiredPerson

SomeTiredPerson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 21 January 2018 - 12:41 AM

I have many more logs. This is NOT MY BEAST GAMING PC. No gigabyte on this throw away HP laptop. scans come back just fine. NOTHING. and when I can finally dig to them they are then moved to ////? other places on the network. PC's in the house have virtual wireless adapters Bluetooth etc. that cannot be disabled. Firewall does nothing. They are using Powershell scripts, cloud storage and MBR. Someone in the house is also running a s SQL through the modem/wireless router from the ISP. I have seen Smart TV's on the network as well as DVR's and other computers sharing everything through Windows Media. A phone was showing up as a Gigabyte PC? 

 

The way that windows is designed, well my hardware boots up and starts pulling corrupted set ups routines by controlling boot order? I have no Idea about this laptop, but that is what is going on with my gaming rig. Remote users coming in impersonating SYSTEM local and network. Changing group policy, remapping PCI ports, docking up virtual hard drives, Hijacking or redirecting browser traffic. They have changed my desktop, run scripts in my view renamed files, users  and played system sounds, synth etc. IP showing up as query servers? I am taking some new steps to secure the home network here but I need help. I don't want to plug anything new in because of an old W32/SDbot that I recently found. Ya, that is an OLD one.

 

 I am thinking I will have to hire outside help for this one. I could go on for days with everything that has been happening. I have spent two weeks trying to figure out exactly what is going on. I have captured traffic from all over Europe and witness someone downloading some South African Keyboard or Language pack. Is this a Squad of some kind stealing hardware and virtualizing it to mine or cloud? 

 

The thing is, most of the programs they are using are legit Server AD Snap-in's. I hardly doubt that most people would even notice this happening, 

 

I read a post on here about some guy having really similar problems as I am having and someone just told him to buy new hardware or "he was digging too deep". Well I can tell you that yes you have to dig a little deep. These are extremely sophisticated routines and they are extremely good at hiding them. 

 

I am just going to stop here because I could really go on and on about what they are doing. I only wish I knew who "THEY" were. 

 

I really don't know what to expect from this forum, but I really don't want to spend tens of thousands of dollars on new equipment and managed security. DM me if you have any insight to this matter as well. 

 

Thanks for your time, TiredPerson



#3 SomeTiredPerson

SomeTiredPerson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 21 January 2018 - 01:36 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by Someone (20-01-2018 22:14:54)
Running from C:\New folder
Windows 10 Home Version 1709 16299.192 (X64) (2018-01-20 16:35:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-912802712-2140372985-3276877459-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-912802712-2140372985-3276877459-503 - Limited - Disabled)
Guest (S-1-5-21-912802712-2140372985-3276877459-501 - Limited - Enabled)
Someone (S-1-5-21-912802712-2140372985-3276877459-1001 - Administrator - Enabled) => C:\Users\Someone
WDAGUtilityAccount (S-1-5-21-912802712-2140372985-3276877459-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-912802712-2140372985-3276877459-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.29092 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8295 - Realtek Semiconductor Corp.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.12 - Tweaking.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {24715694-D349-4391-8E4A-18198E5B600E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {4DFE3645-7865-49E0-9DB8-D4E2C749E31B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {64B733E3-CC74-4DAD-840C-47691FD2C633} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {7D1D8518-6EB9-4412-B90B-ABFD866D598F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {B5ECA21C-4B27-4DCD-A009-D9EB18E1E75E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2017-11-09] (Realtek Semiconductor)
Task: {BCBA83B3-7C2A-4CC6-A58C-95FD36CDB909} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {C109907E-2D6E-4036-BBD2-6FAD358DAD1F} - System32\Tasks\S-1-5-21-912802712-2140372985-3276877459-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {F5768C84-713A-43F1-9846-6B675C64999C} - System32\Tasks\RtHDVBg_Session => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-11-09] (Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-01-16 13:59 - 2017-11-26 04:23 - 011044864 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-01-16 13:59 - 2017-11-26 04:01 - 001804288 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-20 20:40 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-20 20:40 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-29 05:41 - 2017-09-29 05:41 - 000030208 ____N () C:\WINDOWS\system32\Windows.WARP.JITService.exe
2018-01-20 10:37 - 2018-01-20 10:37 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.13.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-01-20 10:00 - 2018-01-20 10:00 - 000102088 _____ () C:\Users\Someone\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-01-20 08:04 - 2018-01-20 08:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-912802712-2140372985-3276877459-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 216.165.129.158 - 216.170.153.146
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{E90CDB9C-3F87-45BC-9B88-67BE617C7EC6}] => (Allow) LPort=9009
FirewallRules: [{4BEB1127-935C-4C03-B6C7-41E97CEE3891}] => (Allow) LPort=9009
FirewallRules: [{EA63073C-1117-4B82-8B2A-7A8E6870E2A6}] => (Allow) LPort=9009
FirewallRules: [{14CA7948-A4AD-402D-A1AB-B5FB33870764}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation_Server\HomeCloud\HCLOUD.exe
FirewallRules: [{114E4413-883C-4EE9-A369-3DDCB4BD0183}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation_Server\RemoteOC\ubssrv_oc_only.exe
FirewallRules: [{09BA811D-0DA0-4D72-88CC-D05B439220B9}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation_Server\RemoteControl\grckm.exe
FirewallRules: [{D40CCBBE-00E5-4226-8A65-98F00F31A612}] => (Allow) LPort=1980
FirewallRules: [{CA4AAD35-E7BB-4FBB-9C20-02300384ADE3}] => (Allow) LPort=1900
FirewallRules: [{DC2A04B2-D56A-41E8-BD3B-2B2B8F7423B2}] => (Allow) LPort=1900
FirewallRules: [{9235936F-8322-478C-88FB-58018512C738}] => (Allow) LPort=8989
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2018 08:29:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taskmgr.exe, version: 10.0.16299.15, time stamp: 0x635d4324
Faulting module name: Taskmgr.exe, version: 10.0.16299.15, time stamp: 0x635d4324
Exception code: 0xc0000409
Fault offset: 0x00000000000147d9
Faulting process id: 0x1ef0
Faulting application start time: 0x01d3926ed7fe990a
Faulting application path: C:\WINDOWS\System32\Taskmgr.exe
Faulting module path: C:\WINDOWS\System32\Taskmgr.exe
Report Id: 176657cc-c4b4-4fcf-9a97-6920f3655bb5
Faulting package full name:
Faulting package-relative application ID:
Error: (01/20/2018 05:27:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasyTuneEngineService.exe, version: 8.0.8.0, time stamp: 0x592fe6bc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x03168925
Faulting process id: 0x1894
Faulting application start time: 0x01d39257050fa952
Faulting application path: C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
Faulting module path: unknown
Report Id: 8e83a22c-9500-4ab0-ad20-744a6957918c
Faulting package full name:
Faulting package-relative application ID:
Error: (01/20/2018 05:27:40 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: EasyTuneEngineService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctions.BdrAid.SearchKeyword(UInt64, UInt64, System.String, UInt64 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctions.BdrAid.RetrieveBaseOffset4ReverseDirection(Int64, UInt64, UInt64, UInt64 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctions.BdrAid..ctor(Boolean)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctions.EasyFunctionHeader.RetrieveSmiPort(Int32 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctions.EasyHealthHeader..ctor(Boolean)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctions.EasyTableComWrapper.UpdateFile()
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctionAddressManagement.CreateFile()
   at EasyTuneEngineService.EasyTuneEngineService.OnStart(System.String[])
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (01/20/2018 04:03:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.15, time stamp: 0x59cda7cd
Faulting module name: ntdll.dll, version: 10.0.16299.192, time stamp: 0x6dead514
Exception code: 0xcfffffff
Fault offset: 0x000000000009fef4
Faulting process id: 0x2698
Faulting application start time: 0x01d3923b13769bae
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 7836e1ed-f81a-446e-8225-cb60ceccbeb0
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (01/20/2018 11:49:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasyTuneEngineService.exe, version: 8.0.6.6, time stamp: 0x584a4307
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02a158cd
Faulting process id: 0x1314
Faulting application start time: 0x01d39227c18ade49
Faulting application path: C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
Faulting module path: unknown
Report Id: ddabd605-28b8-4127-bb17-7a3458d2d885
Faulting package full name:
Faulting package-relative application ID:
Error: (01/20/2018 11:49:20 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: EasyTuneEngineService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at Gigabyte.ComputerSystemHardware.BIOS.BdrAid.SearchKeyword(UInt64, UInt64, System.String, UInt64 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.BdrAid.RetrieveBaseOffset4ReverseDirection(Int64, UInt64, UInt64, UInt64 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.BdrAid..ctor(Boolean)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctionHeader.RetrieveSmiPort(Int32 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyHealthHeader..ctor(Boolean)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyTableComWrapper.UpdateFile()
   at Gigabyte.EasyTune.EasyFunctions.EasyTableControl.UpdateSmiDataFile()
   at EasyTuneEngineService.EasyTuneEngineService.OnStart(System.String[])
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (01/20/2018 11:47:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasyTuneEngineService.exe, version: 8.0.6.6, time stamp: 0x584a4307
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x033c70fd
Faulting process id: 0x1160
Faulting application start time: 0x01d392277f71a22c
Faulting application path: C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
Faulting module path: unknown
Report Id: 80effabb-cc40-43eb-af43-c9a628f7517c
Faulting package full name:
Faulting package-relative application ID:
Error: (01/20/2018 11:47:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: EasyTuneEngineService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at Gigabyte.ComputerSystemHardware.BIOS.BdrAid.SearchKeyword(UInt64, UInt64, System.String, UInt64 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.BdrAid.RetrieveBaseOffset4ReverseDirection(Int64, UInt64, UInt64, UInt64 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.BdrAid..ctor(Boolean)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyFunctionHeader.RetrieveSmiPort(Int32 ByRef)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyHealthHeader..ctor(Boolean)
   at Gigabyte.ComputerSystemHardware.BIOS.EasyTableComWrapper.UpdateFile()
   at Gigabyte.EasyTune.EasyFunctions.EasyTableControl.UpdateSmiDataFile()
   at EasyTuneEngineService.EasyTuneEngineService.OnStart(System.String[])
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (01/20/2018 09:56:31 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (4464,P,0) TILEREPOSITORYS-1-5-21-912802712-2140372985-3276877459-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
Error: (01/20/2018 09:56:31 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (4464,P,0) TILEREPOSITORYS-1-5-21-912802712-2140372985-3276877459-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

System errors:
=============
Error: (01/20/2018 08:32:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/20/2018 08:11:24 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J4K9RUG)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (01/20/2018 08:11:24 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J4K9RUG)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (01/20/2018 05:41:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/20/2018 05:28:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Gservice service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/20/2018 05:27:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The EasyTune Engine service terminated unexpectedly.  It has done this 1 time(s).
Error: (01/20/2018 05:24:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J4K9RUG)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (01/20/2018 05:24:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J4K9RUG)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (01/20/2018 05:24:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J4K9RUG)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (01/20/2018 03:33:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J4K9RUG)
Description: The server Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
  Date: 2018-01-20 21:50:49.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2018-01-20 21:50:40.716
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2018-01-20 21:50:25.017
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2018-01-20 21:50:12.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2018-01-20 21:50:01.034
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2018-01-20 21:49:57.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2018-01-20 21:49:56.741
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2018-01-20 20:41:27.753
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2018-01-20 20:41:27.731
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2018-01-20 20:41:27.700
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================
Processor: Intel® Celeron® CPU N3060 @ 1.60GHz
Percentage of memory in use: 48%
Total physical RAM: 4001.58 MB
Available physical RAM: 2055.52 MB
Total Virtual: 5409.58 MB
Available Virtual: 3249.51 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:28.52 GB) (Free:10.37 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 29.1 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
 
 
 
There is the rest of it. AGAIN  
 
 
 
​THIS WAS RUN ON MY THROW AWAY LAPTOP NOT MY GAMING PC.
 
 
​THERE IS NO GIGABYTE PRODUCTS ON THIS LITTLE THING


#4 SomeTiredPerson

SomeTiredPerson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 22 January 2018 - 09:32 AM

It got so bad with the DNS redirector and browser redirecting that I couldn't go anywhere to download any sort of legitimate anti-malware. So in an attempt to make this a little more simple I reset this laptop and roll back all of the updates and used rkill then ran FRST. I had to use my phone in Safe Mode to download these programs and am now on the phone going to post the logs from my scans. It seems that our kill was able to reset a proxy connection and now it looks as if the laptop is not connected to the internet hopefully. I will now attempt to copy the logs here from my phone. Thanks for your help I really appreciate it if I can get this laptop clean maybe I can help all the other computers in the house it might have something to do with the router.

#5 SomeTiredPerson

SomeTiredPerson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 22 January 2018 - 09:36 AM

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/22/2018 05:21:34 AM in x64 mode.
Windows Version: Windows 10 Home

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Active Proxy Server Detected

* Proxy Disabled.
* ProxyOverride value deleted.
* ProxyServer value deleted.
* AutoConfigURL value deleted.
* Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:

* No issues found in the Registry.

Backup Registry file created at:
C:\Users\pp\Desktop\rkill\rkill-01-22-2018-05-21-40.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/22/2018 05:22:00 AM
Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)



Users shortcut scan result (x64) Version: 21.01.2018
Ran by pp (22-01-2018 06:05:55)
Running from C:\Users\pp\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\pp\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\pp\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\pp\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\pp\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\pp\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\pp ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\Links\Desktop.lnk -> C:\Users\pp\Desktop ()
Shortcut: C:\Users\pp\Links\Downloads.lnk -> C:\Users\pp\Downloads ()
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) -> /LAUNCH_BY_STARTMENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe () -> /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\pp\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\Users\pp\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

==================== End of Shortcut.txt =============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by pp (22-01-2018 06:05:31)
Running from C:\Users\pp\Desktop
Windows 10 Home Version 1709 16299.192 (X64) (2018-01-21 18:31:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3542715463-485064358-3187586401-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3542715463-485064358-3187586401-503 - Limited - Disabled)
Guest (S-1-5-21-3542715463-485064358-3187586401-501 - Limited - Disabled)
pp (S-1-5-21-3542715463-485064358-3187586401-1001 - Administrator - Enabled) => C:\Users\pp
WDAGUtilityAccount (S-1-5-21-3542715463-485064358-3187586401-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.29092 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8295 - Realtek Semiconductor Corp.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3542715463-485064358-3187586401-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\pp\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3542715463-485064358-3187586401-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\pp\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3542715463-485064358-3187586401-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\pp\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {7D527D1A-0942-47C0-BB18-D11004D5AD35} - System32\Tasks\RtHDVBg_Session => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-11-09] (Realtek Semiconductor)
Task: {BD7F36FA-EBD4-4ED7-94EF-31AC5F4DA65D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2017-11-09] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-01-16 13:59 - 2017-11-26 04:23 - 011044864 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-01-16 13:59 - 2017-11-26 04:01 - 001804288 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-22 05:25 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-29 06:43 - 2017-09-29 06:43 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-29 06:43 - 2017-09-29 06:43 - 010628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-09-29 06:43 - 2017-09-29 06:43 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-09-29 06:43 - 2017-09-29 06:43 - 000766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-01-21 09:58 - 2018-01-21 09:55 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3542715463-485064358-3187586401-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3542715463-485064358-3187586401-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{68F56392-D39D-4E95-A6D6-6026BF6608BB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{01C4FF4A-B125-4EEF-AA7B-2EAC9BD1A39E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2018 04:18:22 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8db63db6-4f8f-46d6-a448-66444faaaa72;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (01/21/2018 11:50:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8db63db6-4f8f-46d6-a448-66444faaaa72;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/21/2018 11:47:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 10.0.16299.15, time stamp: 0x5098c662
Faulting module name: ntdll.dll, version: 10.0.16299.192, time stamp: 0x6dead514
Exception code: 0xc0000409
Fault offset: 0x0000000000090d8f
Faulting process id: 0x1fd8
Faulting application start time: 0x01d392e92e26e55a
Faulting application path: C:\WINDOWS\system32\mmc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: cc4c2bac-4e46-4373-b8c2-4e488837294e
Faulting package full name:
Faulting package-relative application ID:

Error: (01/21/2018 10:44:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.16299.15, time stamp: 0x7640753d
Faulting module name: CoreUIComponents.dll, version: 10.0.16299.15, time stamp: 0x35d247d6
Exception code: 0xc0000005
Fault offset: 0x000000000008e1f4
Faulting process id: 0x994
Faulting application start time: 0x01d392e6e971df05
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
Report Id: 0a6e3cfd-2fc6-4a1e-8211-43a05d3c2f37
Faulting package full name: windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (01/22/2018 04:21:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/22/2018 04:18:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/22/2018 04:18:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 11:49:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 11:49:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 10:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 10:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 10:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 10:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 10:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU N3060 @ 1.60GHz
Percentage of memory in use: 39%
Total physical RAM: 4001.58 MB
Available physical RAM: 2421.55 MB
Total Virtual: 5409.58 MB
Available Virtual: 3741.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:28.52 GB) (Free:12.53 GB) NTFS
Drive d: () (Removable) (Total:29.16 GB) (Free:29.03 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 29.1 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 29.2 GB) (Disk ID: 7355745B)
Partition 1: (Not Active) - (Size=29.2 GB) - (Type=0C)

==================== End of Addition.txt ============================


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by pp (administrator) on DESKTOP-JVRUI6V (22-01-2018 06:03:56)
Running from C:\Users\pp\Desktop
Loaded Profiles: pp (Available Profiles: pp)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ManualProxies: 1198.168.0.1:80

Internet Explorer:
==================

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373696 2017-05-15] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2017-11-09] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7407040 2017-05-15] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-22] (Malwarebytes)
R1 MpKsl1878536b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl1878536b.sys [44928 2018-01-21] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7647232 2017-10-17] (Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [328920 2016-01-05] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [53848 2017-08-18] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys 08312DEEF0D3F8647AA53AD90A69094E
C:\WINDOWS\System32\drivers\3ware.sys 645009E711BBF117CCEE917A03FB0CDD
C:\WINDOWS\System32\drivers\ACPI.sys 69481E5474C7E61CDB3FE6A8A0F3B1B4
C:\WINDOWS\System32\drivers\AcpiDev.sys 44EA35A4B397898A83BF1B9B4B8DAE35
C:\WINDOWS\System32\Drivers\acpiex.sys 91D113A1532B8AB1E25B7DE5AB3C2F83
C:\WINDOWS\System32\drivers\acpipagr.sys 620BB2682BA625DF037072D89F44F6EE
C:\WINDOWS\System32\drivers\acpipmi.sys B9805A3C479390CEAEA5AEF5E4A90A2E
C:\WINDOWS\System32\drivers\acpitime.sys ABD4EB55C661143B015BD0B9B47B235C
C:\WINDOWS\System32\drivers\ADP80XX.SYS 8C58BD711FAD5F11E8CFDBC5CED973A5
C:\WINDOWS\system32\drivers\afd.sys 7AE4EBDC221235BF9E1008B515C0B8DB
C:\WINDOWS\System32\DRIVERS\ahcache.sys 56166D110D3ECFFC595E5FA02D9BA491
C:\WINDOWS\System32\drivers\amdk8.sys 62619E31AFF88F906A7E793AC4A9FF51
C:\WINDOWS\System32\drivers\amdppm.sys 735142DD039BEB35632765C41FC6E397
C:\WINDOWS\System32\drivers\amdsata.sys F1C16AABA27E9E153AEC7BD2AB853F30
C:\WINDOWS\System32\drivers\amdsbs.sys C834D0F1ECB8473E9E6D18EE1BCEECB2
C:\WINDOWS\System32\drivers\amdxata.sys 49203D2FFE30CBB36BE66A0E70F3D954
C:\WINDOWS\System32\drivers\appid.sys 3692C75C47285D388C886D162F54C430
C:\WINDOWS\System32\drivers\applockerfltr.sys 1E085E2302D568F0CE041732B3E887B0
C:\WINDOWS\System32\drivers\arcsas.sys B42C83DE28776B80DBA1310C56DD4F74
C:\WINDOWS\System32\drivers\asyncmac.sys C2151380227CD1F7DDA2401C1F151367
C:\WINDOWS\System32\drivers\atapi.sys 6191B9B2EE0E8CB957C683B9B341CC86
C:\WINDOWS\System32\drivers\bxvbda.sys A921805C1ED3253DF48FCA4D724173EB
C:\WINDOWS\System32\drivers\bam.sys 763CF81762483E244BAEB83DEFFC53F3
C:\WINDOWS\System32\drivers\BasicDisplay.sys 2A7267AA15E508F6D05A5B562F1FD1CE
C:\WINDOWS\System32\drivers\BasicRender.sys 2E1EE0F10FAF1250D1AC05BFB0E6BD3D
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys EDDAA3A563E7EB71C991FE91249C7D81
C:\WINDOWS\System32\DRIVERS\bowser.sys D030A1203680D66716F4E74053468627
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys A4863B7B1F0DB513D6E34547BACC211A
C:\WINDOWS\System32\drivers\BthEnum.sys 82BD96D56574231AD0E9BBF293EA2E7F
C:\WINDOWS\System32\drivers\bthhfenum.sys 9C9EE272C11252C651C5DE6A1AC1EDAA
C:\WINDOWS\System32\drivers\BthHFHid.sys 69734E386826ED857C889330F35B4D9C
C:\WINDOWS\system32\DRIVERS\bthl2cap.sys 338B8D45C7DFB03DB7957188E16C9661
C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 47BF82E2A6D11279C8501E08518AB835
C:\WINDOWS\System32\drivers\bthmodem.sys A94AFAEA86F5F792BB4ECA095B231464
C:\WINDOWS\System32\drivers\bthpan.sys 4F58D8C265FFA943878CF7F922432847
C:\WINDOWS\system32\DRIVERS\BTHport.sys D970480A59C314CC344118D7B185D7E6
C:\WINDOWS\system32\DRIVERS\BTHUSB.sys 55C836530A9602255BFB4F5D9DA2B737
C:\WINDOWS\System32\drivers\bttflt.sys 39E7437FC59CDD7A303ABD514E462E8B
C:\WINDOWS\System32\drivers\buttonconverter.sys 522888590B0C19BC8128119060AE7901
C:\WINDOWS\System32\drivers\CAD.sys 2AB01CE5E233A6FBA3E91BD57772AA4B
C:\WINDOWS\System32\drivers\capimg.sys F6F97879F53AD57194C6BC8272FD73EA
C:\WINDOWS\System32\DRIVERS\cdfs.sys 9E82A95D77AC78C84BA75FF896B060BF
C:\WINDOWS\System32\drivers\cdrom.sys 6D83565C1652E80447EDEA6947FA89D7
C:\WINDOWS\System32\drivers\cht4sx64.sys D81954CE5E016FD716EDDB2B2FD9BA58
C:\WINDOWS\System32\drivers\cht4vx64.sys F9A8570805807FFD66488F0A858E1308
C:\WINDOWS\System32\drivers\circlass.sys 9798D58461706930190F1F2F6BF21D80
C:\WINDOWS\System32\drivers\cldflt.sys 3B5973C9D50DE90CEB6D7DC85216AA86
C:\WINDOWS\System32\drivers\CLFS.sys 59D46CE57A49353A733D162DBA65A4FA
C:\WINDOWS\System32\drivers\CmBatt.sys 2BA3BA38B5A6A667B0EAEC477276707B
C:\WINDOWS\System32\Drivers\cng.sys B3CC988A9D8B8EC66ED2B7B7B3413652
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys C65AF00EF12A1755E7CA370B0C71935D
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys A50300498D56B2448F3593D25478D508
C:\WINDOWS\System32\drivers\condrv.sys 65602B0DB49199647FECB2D1212147BE
C:\WINDOWS\System32\drivers\dam.sys 72BE43ABD786E86AAE7EA2193201E100
C:\WINDOWS\System32\Drivers\dfsc.sys 9910E9CFF5ECDCB225F82E72CE9DE459
C:\WINDOWS\System32\drivers\disk.sys 811173C821171BB910219E53C7FD97AD
C:\WINDOWS\System32\drivers\dmvsc.sys 569FE16775E15A49DC904DE20BF8CAA0
C:\WINDOWS\System32\drivers\dptf_acpi.sys 225C4E9280B2AE38DCAA5E2FEFC437C2
C:\WINDOWS\System32\drivers\dptf_cpu.sys 4DD17AA07FA0A75E79B47E5B7F18964D
C:\WINDOWS\System32\drivers\drmkaud.sys F4800922F4ABA619585CE320A72E6389
C:\WINDOWS\System32\drivers\dxgkrnl.sys 0DF6B436F579E1DD23C8EBD61EE749E8
C:\WINDOWS\System32\drivers\evbda.sys C99D40C97841E0A7F0F90B8629593A97
C:\WINDOWS\System32\drivers\EhStorClass.sys 260BBD6B1ED06298E509B452354EDB91
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys F3BEBDC1B9DBA32F183079EAE6244837
C:\WINDOWS\System32\drivers\errdev.sys 1B63CA857FD03FD0A5A1379F2996784F
C:\WINDOWS\system32\DRIVERS\esif_lf.sys A63C10A6A6B09FED00046DDD313C2CC1
C:\Windows\System32\Drivers\exfat.sys F1ACA42D448E3986565EA54275EEEA65
C:\Windows\System32\Drivers\fastfat.sys 0AF4B36754A6EAE794EE4398E219A9E1
C:\WINDOWS\System32\drivers\fdc.sys 7CD8426A33F06EB72BFEC51F7C264AF8
C:\WINDOWS\System32\drivers\filecrypt.sys DE51BBBCF358188F9736F031546F9908
C:\WINDOWS\System32\drivers\fileinfo.sys 822F664952B0F8D11BB6BD2F11779602
C:\WINDOWS\System32\drivers\filetrace.sys 5A4935682A0D47A4EAC4BE3C2ACF74D6
C:\WINDOWS\System32\drivers\flpydisk.sys 60641F22D1D38EAD197C25F0339C9712
C:\WINDOWS\System32\drivers\fltmgr.sys 56F9EAA7099159759B2F6C523007A13F
C:\WINDOWS\System32\drivers\FsDepends.sys 5D8A0E58E3F82583697E3F07052435AA
C:\Windows\System32\Drivers\Fs_Rec.sys BB82CC2F51F7C3D5DCD13FA3B040D8F8
C:\WINDOWS\System32\DRIVERS\fvevol.sys 69C669540A850553AF9589DB05A2A7D0
C:\WINDOWS\System32\drivers\vmgencounter.sys 3B5DDF1061930A0A891FA63DB0CB878B
C:\WINDOWS\System32\drivers\genericusbfn.sys 8B34E3F794F652082D7E8AF112F71681
C:\WINDOWS\System32\Drivers\msgpioclx.sys 127C23F4720C8902A3AB0FEE12205317
C:\WINDOWS\System32\drivers\gpuenergydrv.sys C7DEA3458E50B691E69EFF0B47CBCCDB
C:\WINDOWS\System32\drivers\HDAudBus.sys 99A34FD1F6431A10D8C3BB50E170D0F2
C:\WINDOWS\System32\drivers\HidBatt.sys 2443FC6EEB9CF092B62127D867901B02
C:\WINDOWS\System32\drivers\hidbth.sys 205043CDC16ADE85E252DD54AE925161
C:\WINDOWS\System32\drivers\hidi2c.sys B521DDDC9038C066B1B957BF063A531A
C:\WINDOWS\System32\drivers\hidinterrupt.sys 5AC0EBFA76E93273A806176D3178E986
C:\WINDOWS\System32\drivers\hidir.sys 366AC0E05EBF5D5C375F65CD8BC7F0DF
C:\WINDOWS\System32\drivers\hidusb.sys 7CB54D02746024648FCE184FC3F941FF
C:\WINDOWS\System32\drivers\HpSAMD.sys 835FB95D85D362057A72D21A48C2C7F8
C:\WINDOWS\System32\drivers\HTTP.sys 717D6E92D0143BCC4C36976BFFD94753
C:\WINDOWS\System32\drivers\hvservice.sys 9F2CFC90306532866C62BDCDFD2532AA
C:\WINDOWS\System32\Drivers\mshwnclx.sys 3737FE486929AFC48F1D10677B698E52
C:\WINDOWS\System32\drivers\hwpolicy.sys 3C65EBF7F1BFD98426C355D66876ECEE
C:\WINDOWS\System32\drivers\hyperkbd.sys 7E00234C67A322988AFEA717D5609C9E
C:\WINDOWS\System32\drivers\HyperVideo.sys FBF5BB641DE99AE1DF4835E88D4F8993
C:\WINDOWS\System32\drivers\i8042prt.sys 56FF074E50F9042FD2856AB3418F4B18
C:\WINDOWS\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7
C:\WINDOWS\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys 435883A27A376B125BD4DF888417C85F
C:\WINDOWS\System32\drivers\iaStorV.sys 7118E4390C4ACDE61E280CE52BCAF44E
C:\WINDOWS\System32\drivers\ibbus.sys 9DBE8C359ABACE1BE1BBAB687D114506
C:\WINDOWS\system32\DRIVERS\ibtusb.sys 18F7B1E3C5DE1CC8B3D2BBF90F7350EF
C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys 254233E3FC59503A4B616A7ED47EAB3F
C:\WINDOWS\System32\drivers\IndirectKmd.sys 42CAF6216A6E516DC56BA319ACC7EEC5
C:\WINDOWS\system32\drivers\RTKVHD64.sys F36520B0C0832D8A9E04C3443468BD2B
C:\WINDOWS\system32\DRIVERS\IntcDAud.sys E300D1E37B737ED14F7A08CD5604E5D9
C:\WINDOWS\System32\drivers\intelide.sys 40943C1CD031ACE06A8374AD56B9E5EA
C:\WINDOWS\System32\drivers\intelpep.sys 327D9CCF5492543AEF3979F9EEAD02BE
C:\WINDOWS\System32\drivers\intelppm.sys 10F2757836F41BFAEA2AE19F6FE869B2
C:\WINDOWS\System32\drivers\invdimm.sys 8387E90B551B9B7F32EDC69909591E9E
C:\WINDOWS\System32\drivers\iorate.sys E207078E0E1BB3524277DB9077E4148E
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys FD8F64B7B345E539F2EA7F72846F83B4
C:\WINDOWS\System32\drivers\IPMIDrv.sys 8AAB863E72A4F9C578FED2EE3541545B
C:\WINDOWS\System32\drivers\ipnat.sys 7BEC2AF23F586EFF0DB4DBF4331B0C70
C:\WINDOWS\System32\drivers\ipt.sys 35A54F19E703D4FE5919F812F6CC5D0A
C:\WINDOWS\system32\drivers\irda.sys 359CDDBC825959DA28FA886B3C271B53
C:\WINDOWS\System32\drivers\irenum.sys F88664A2A82DDA456180FFF95A771765
C:\WINDOWS\System32\drivers\isapnp.sys 2296B158C43C306B0AC5B4D57EA9F0E1
C:\WINDOWS\System32\drivers\msiscsi.sys 2DC0765992CFECE3B13F3BFD20E69DCC
C:\WINDOWS\System32\drivers\kbdclass.sys E320F986BBE0CD9324EA0A193EBF29B1
C:\WINDOWS\System32\drivers\kbdhid.sys AFF5DDCC1A79217C9526FF5E01A69E89
C:\WINDOWS\System32\drivers\kdnic.sys 916E62AF3386F7A74603E5C545F6FF2D
C:\WINDOWS\System32\Drivers\ksecdd.sys 69FA8BEBADF807089FEFCD3F59CFAC1E
C:\WINDOWS\System32\Drivers\ksecpkg.sys C1081E2B36F77781167FD9401119B98E
C:\WINDOWS\system32\drivers\ksthunk.sys DD8C4726127CFE313233372D70787C37
C:\WINDOWS\System32\drivers\lltdio.sys CB5A6E117502156794F0DA9E61506006
C:\WINDOWS\System32\drivers\lsi_sas.sys 20048BEE892138A745B1C23EBB0E069F
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 9EAB16572B576979D585DDEDB12417CD
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 3B7B359C0870317106DF3438D4FF491D
C:\WINDOWS\System32\drivers\lsi_sss.sys 2DE03BA338A4B0ACDB416A30F1C7D56F
C:\WINDOWS\system32\drivers\luafv.sys 9A497169E145FCE2D8AA7DBC67377F64
C:\WINDOWS\System32\drivers\mausbhost.sys BF56CB9D02DEE8CA9CBA50220BE16F15
C:\WINDOWS\System32\drivers\mausbip.sys 01BDEE1FFF6D2216797DFEE4ABD937D9
C:\WINDOWS\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221
C:\WINDOWS\System32\drivers\megasas.sys C7B8B5053D646CBD30BE1BA6B487D396
C:\WINDOWS\System32\drivers\MegaSas2i.sys EB8ED3204499DDB2D3BA094A4563EE3E
C:\WINDOWS\System32\drivers\megasr.sys F1C1D4E752DE1D58295040E5BE8813AF
C:\WINDOWS\System32\drivers\mlx4_bus.sys 16B078D1089FEA98710C9D07C152DCEE
C:\WINDOWS\system32\drivers\mmcss.sys 20C57CE47B1A877C48A4B68E9A4E21FA
C:\WINDOWS\System32\drivers\modem.sys A4467A5C080318F0CCCF5ED463821F8B
C:\WINDOWS\System32\drivers\monitor.sys 78BE85C1F1C7F3AF6C87BCE127007D5A
C:\WINDOWS\System32\drivers\mouclass.sys 8E262B34A8BD184B4B3025AA8C396B00
C:\WINDOWS\System32\drivers\mouhid.sys C094A555F148495EA130D3BBC5232D5E
C:\WINDOWS\System32\drivers\mountmgr.sys 6434BC884502E95EEA2379C92DD22B60
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl1878536b.sys AA12FAF01013F63348B722D3588550FF
C:\WINDOWS\System32\drivers\mpsdrv.sys F36E4074C66DD31855A8D79EF0AE8066
C:\WINDOWS\system32\drivers\mrxdav.sys 215D672CB71987CD98EB2298EFB84DDC
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 34898F29BF0E9A84E183046318D17814
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys 6537678DEEA2A5B079052D75E21E46DA
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 87FF93E7420C9068C0D5B2F3109809F4
C:\WINDOWS\System32\drivers\bridge.sys 167408B38458ECAE545C57527BC99024
C:\Windows\System32\Drivers\Msfs.sys AE111778CA6AC08862B3C713F0413333
C:\WINDOWS\System32\drivers\msgpiowin32.sys 6DDDFCAB646BBBCFC583135C4430E10F
C:\WINDOWS\System32\drivers\mshidkmdf.sys 01C6A86BEA8279E557A5056148F068BF
C:\WINDOWS\System32\drivers\mshidumdf.sys F65ABC7DE945047147F17330F79732CB
C:\WINDOWS\System32\drivers\msisadrv.sys 05B23012427801E710BDD12720B9020B
C:\WINDOWS\System32\drivers\MSKSSRV.sys B25B2CD3E052D68075A3814AAA0C6421
C:\WINDOWS\System32\drivers\mslldp.sys C3F5EA6B9041A30B4F11BE2E7863E487
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 601D666820F0408B896791D19BE6D258
C:\WINDOWS\System32\drivers\MSPQM.sys 46E61FBA0097E48E5628C74A3F72233A
C:\Windows\System32\Drivers\MsRPC.sys 4EB9B77179BDEE89C496E60D4BF85CC1
C:\WINDOWS\System32\drivers\mssmbios.sys CBD56E0B55FB3672BA80382EC2F8835C
C:\WINDOWS\System32\drivers\MSTEE.sys 5734B2A36D3BB13A638E5305EEEC582D
C:\WINDOWS\System32\drivers\MTConfig.sys 85270E0DC6907C6B99F72A36F17AED34
C:\WINDOWS\System32\Drivers\mup.sys DB5B1539F5EBB3DD3A7ED25ADBC4D6D9
C:\WINDOWS\System32\drivers\mvumis.sys 3C57FF3BCF496D24C39C2198158864BB
C:\WINDOWS\System32\DRIVERS\nwifi.sys 8A9CD53B0FBE679116638120CCBB201E
C:\WINDOWS\System32\drivers\ndfltr.sys 77B047B109CE758A017F58FAE5038D0D
C:\WINDOWS\System32\drivers\ndis.sys 7FF306C78B0DC31192657B47539D5688
C:\WINDOWS\System32\drivers\ndiscap.sys 067AE5BA349CC35AF8975D22DC483DDF
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 6FC4D7EB5D38CFB7966405036116F065
C:\WINDOWS\System32\DRIVERS\ndistapi.sys ED7CC4E16B76B2603C9F827188EA63B4
C:\WINDOWS\System32\drivers\ndisuio.sys 8D977AFC195A3F4B15B05D02B2BD0292
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys DC1D26D62F40B7552BCF49D92774F0C5
C:\WINDOWS\System32\drivers\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\NDProxy.sys 8ABF5B8D5839F8DAE2E0D3165AE732F6
C:\WINDOWS\System32\drivers\Ndu.sys A791792DC412CCD83DA0AF6871682552
C:\WINDOWS\System32\drivers\NetAdapterCx.sys BE79982A50AC88BC0765F3AFECFCB596
C:\WINDOWS\System32\drivers\netbios.sys E899D26A0C2555AC30ACDD526056E51F
C:\WINDOWS\System32\DRIVERS\netbt.sys 7FC54F2AF5EC52C7AC05AD90FFC757E6
C:\WINDOWS\System32\drivers\netvsc.sys 680EB4AEA08EAC80C384E90E430DF16D
C:\WINDOWS\system32\DRIVERS\Netwtw04.sys 117446A20C33D5AF536D9F08907FBBB3
C:\Windows\System32\Drivers\Npfs.sys 84EB8F01B140618518AFF30B9951F132
C:\WINDOWS\System32\drivers\npsvctrig.sys 5CB8082E51DE7D19042F0FF8C517CB0D
C:\WINDOWS\System32\drivers\nsiproxy.sys 958921BB7AE2671983743FDA0DD587C4
C:\Windows\System32\Drivers\NTFS.sys E20EC8E25969ABD9F5FED6EDEA57EC0C
C:\Windows\System32\Drivers\Null.sys 0D1E03A5F87F4DE04D97622C686910A2
C:\WINDOWS\System32\drivers\nvdimmn.sys 532F27A2B62D70C327E763F035AED6C1
C:\WINDOWS\System32\drivers\nvraid.sys 7E04652EB1A476BC0A72ECDC613AF0C5
C:\WINDOWS\System32\drivers\nvstor.sys 880B3E874914DAEF97119876543AE117
C:\WINDOWS\System32\drivers\parport.sys 2E07EC2C1622F5E7B535D62DCD61F3AB
C:\WINDOWS\System32\drivers\partmgr.sys 023DDF9DE429B2E6F0BADA72AA98EF8B
C:\WINDOWS\System32\drivers\pci.sys 9BF965EE361849567DB1664BEDFA9569
C:\WINDOWS\System32\drivers\pciide.sys E5AF806815ED797086629741F29E4156
C:\WINDOWS\System32\drivers\pcmcia.sys 2A631D447B988AFBE847CBAA8E5CC298
C:\WINDOWS\System32\drivers\pcw.sys ACD510CF2B631A2D36B2CFB7D31E22FD
C:\WINDOWS\System32\drivers\pdc.sys 1796112EB89559910BC18865A29C8894
C:\WINDOWS\System32\drivers\peauth.sys F21127EDE5D72090A1B029AFF4AFFD17
C:\WINDOWS\System32\drivers\percsas2i.sys 35FD028E4323018202C0B7D115FD3AEF
C:\WINDOWS\System32\drivers\percsas3i.sys F9F3D8BE9BC9241CC726197261362AC4
C:\WINDOWS\System32\drivers\pmem.sys 36D43EA5517F3F4AAAC8EE061C957EF1
C:\WINDOWS\System32\drivers\pnpmem.sys 59048555B59FD69287CFAB6022B5CC86
C:\WINDOWS\System32\drivers\raspptp.sys AACA74DEF7BE3DED322411787494878B
C:\WINDOWS\System32\drivers\processr.sys B1111C47F128C946BDC87A18E44007EB
C:\WINDOWS\System32\drivers\pacer.sys 5818FE76C3C6AE0CA723EBE483BF447F
C:\WINDOWS\system32\drivers\qwavedrv.sys 16F9A6B593B52EB18F7ECB9D251BDF7A
C:\WINDOWS\System32\DRIVERS\ramdisk.sys 13600C467512147E99052806F2C1307A
C:\WINDOWS\System32\DRIVERS\rasacd.sys F57D1DE0C9522BCD590A69D044641B5A
C:\WINDOWS\System32\drivers\AgileVpn.sys ED0EE10911C16AD8B21B9003C90E968F
C:\WINDOWS\System32\drivers\rasl2tp.sys E0220BB6580D34001D4D1D133052DAA4
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 12EE1D92F4E5FAE4B6F65195A2016CE5
C:\WINDOWS\System32\drivers\rassstp.sys 91CE469015979E5B3C3DBC2C41A476E8
C:\WINDOWS\System32\DRIVERS\rdbss.sys 4525664EFB5EB71D4B155405F78D93DB
C:\WINDOWS\System32\drivers\rdpbus.sys 8A5285B38A203D15110E142DE68406DD
C:\WINDOWS\System32\drivers\rdpdr.sys DF83769C92527DB50653F8FB57D001FF
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 4D1A63ACEC42A88E52AFC4E84A8CE9EE
C:\WINDOWS\System32\drivers\rdyboost.sys 12AF835862F2B6B2FB9DEA8BA2288587
C:\Windows\System32\Drivers\ReFS.sys FB0577F6BC9E07549CEACF5224327499
C:\Windows\System32\Drivers\ReFSv1.sys 4136BCA61BCDCC79DCE145F9CB639CD6
C:\WINDOWS\System32\drivers\rfcomm.sys 5BF7698021DB13B55753FD921BEBE318
C:\WINDOWS\System32\drivers\rhproxy.sys BBC228CA2F96B784B01FE7F1C5E3CFBB
C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys CA864D504A5E56AF84A491B4AA1F8A98
C:\WINDOWS\System32\drivers\rspndr.sys 27B80E5766B114621980F82FB78E912A
C:\WINDOWS\System32\drivers\vms3cap.sys F0FA6B67B16EEFDEF8E8AFAD47A4F9B8
C:\WINDOWS\System32\drivers\sbp2port.sys 324FA3C337EB54B43448F7B08444DC8D
C:\WINDOWS\System32\DRIVERS\scfilter.sys 62A33CE69DB508BCEC63F4D3BFF400CE
C:\WINDOWS\System32\drivers\scmbus.sys 7B057373146CC4E5A1F1DA665EA55DC7
C:\WINDOWS\System32\drivers\sdbus.sys 0FB6CCFA52FE5AD0B8D86E8AB370EF34
C:\WINDOWS\System32\drivers\SDFRd.sys 6D3853838864886B4F10B074282772E0
C:\WINDOWS\System32\drivers\sdstor.sys C289832A3174DC9D393C7603C511DF79
C:\WINDOWS\System32\drivers\SerCx.sys 75A27472AFD009255DBDE52038E3BDB5
C:\WINDOWS\System32\drivers\SerCx2.sys 84005F54308109A022413D628E966412
C:\WINDOWS\System32\drivers\serenum.sys 40384793F74CFFA45BCC38DF65E978EC
C:\WINDOWS\System32\drivers\serial.sys 699470AD24D67908991A777716A352FD
C:\WINDOWS\System32\drivers\sermouse.sys 92453F065F52A8EF0328A926B2C9502F
C:\WINDOWS\System32\drivers\sfloppy.sys 1D8920C40F19B5FBA5F4897779840AD1
C:\WINDOWS\System32\drivers\SiSRaid2.sys A871F9CC9CF388DC7193D22EF8D8C8DF
C:\WINDOWS\System32\drivers\sisraid4.sys D30FC341550CC364880950152AE8B1C5
C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys 0AB5FBC526DC0CBE9033CE78284C7201
C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys ADFE78C4F1A328EC5BEC6EB4BC41EF06
C:\WINDOWS\System32\drivers\spaceport.sys B2ABF0F8A49752B5CD9DEE2EADF7416A
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys CCECE7E96B4F7B0E9F0FC82F6DADA917
C:\WINDOWS\System32\drivers\SpbCx.sys 545507AF670BC88B89200A118513ED9A
C:\WINDOWS\System32\DRIVERS\srv2.sys 41181D890542EB0E8D9822F73F9FD5D7
C:\WINDOWS\System32\DRIVERS\srvnet.sys 43480B3EE4D23F5AA8EE7C6D83B09487
C:\WINDOWS\System32\drivers\stexstor.sys 162A805E13B3C0DD06AE8B6FC1900156
C:\WINDOWS\System32\drivers\storahci.sys DD1F00B80DDD12252B7B228ABCE181A9
C:\WINDOWS\System32\drivers\vmstorfl.sys A12CFAAA0F113A25D8CEFE58B1CBB207
C:\WINDOWS\System32\drivers\stornvme.sys B6F8D1FA73F6E102AEA60D2BBD1DDF78
C:\WINDOWS\System32\drivers\storqosflt.sys 57377953F5688158054BC8CB5A243115
C:\WINDOWS\System32\drivers\storufs.sys B59D29E535AF7E82717C2AD2C57EEC67
C:\WINDOWS\System32\drivers\storvsc.sys 9B431079624306B5659B3B7208A71C75
C:\WINDOWS\System32\drivers\swenum.sys 027B27E4B9DB3931D64159B81BD915A0
C:\WINDOWS\System32\drivers\Synth3dVsc.sys AB15F9FDCD11D5283891BC956E8C5C95
C:\WINDOWS\System32\drivers\SynTP.sys 347F4B8DC1CAA234474AE79BF5207E2B
C:\WINDOWS\System32\drivers\tcpip.sys 9900BD38D592CF4EE6F2EAE3847A24D8
C:\WINDOWS\System32\drivers\tcpip.sys 9900BD38D592CF4EE6F2EAE3847A24D8
C:\WINDOWS\System32\drivers\tcpipreg.sys 74A1BF4093FA7B7D6C9366A39911A78E
C:\WINDOWS\system32\DRIVERS\tdx.sys 571D82ABAC428D902ACA0CF60373C039
C:\WINDOWS\System32\drivers\terminpt.sys B4B68E1DB59456419D9E49645729502A
C:\WINDOWS\System32\drivers\tpm.sys 1658D060057C85DEC82BFCB018C4C22F
C:\WINDOWS\System32\drivers\tsusbflt.sys 8D811209E34358EAD3FD8E40F657E59C
C:\WINDOWS\System32\drivers\TsUsbGD.sys 68DE1735FB020AE8948BD7B60F2EBD3B
C:\WINDOWS\System32\drivers\tunnel.sys ACD39B0E5CFDA7B1AB7DF33FC5CC0E46
C:\WINDOWS\System32\drivers\TXEIx64.sys 2CC59847A4E1B1829114C2607BA38794
C:\WINDOWS\System32\drivers\uaspstor.sys 04FC2C7F73AE58BF0DD674164E28A6DF
C:\WINDOWS\System32\Drivers\UcmCx.sys E437FC4B1833F6B745184F78C4921FB8
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 950A3E42167904CAB9AA64863C31CEB5
C:\WINDOWS\System32\drivers\UcmUcsi.sys 149CBBB74DFC3E52F242029A27B0F8EB
C:\WINDOWS\System32\drivers\ucx01000.sys E6E91B3980A495D2A9D28A09580EA993
C:\WINDOWS\System32\drivers\udecx.sys DACA289DFFA7658C04FEF6DCFA2AA9CE
C:\WINDOWS\System32\DRIVERS\udfs.sys 12383D410AEF99AD6979A8EFD3D61888
C:\WINDOWS\System32\drivers\UEFI.sys AB7FE51D818B6059C2F56FA62268CCAC
C:\WINDOWS\System32\drivers\ufx01000.sys 58447F28E697A93521DD20530A8D50ED
C:\WINDOWS\System32\drivers\UfxChipidea.sys 69ED2D00A7787D9D84E6C90CE0B02B2D
C:\WINDOWS\System32\drivers\ufxsynopsys.sys F061EC57330FBC597A4E7298BE667780
C:\WINDOWS\System32\drivers\umbus.sys D40BCED160D332005AF612E1228825E6
C:\WINDOWS\System32\drivers\umpass.sys 64CF24D7B1FA4975C52A31BF4C82EB73
C:\WINDOWS\System32\drivers\urschipidea.sys ACE4C3B4C7D17B154FFC5BBE5F7A9835
C:\WINDOWS\System32\drivers\urscx01000.sys ECE40EB976A5ACB366808AECF6B235BA
C:\WINDOWS\System32\drivers\urssynopsys.sys EB738F830D3E7EA62A218F101EF91FD4
C:\WINDOWS\System32\drivers\usbccgp.sys B43E28E5CF868517EEC0923AB2BC366B
C:\WINDOWS\System32\drivers\usbcir.sys 1080D80B5F6D249F23BAE1C0C36233A4
C:\WINDOWS\System32\drivers\usbehci.sys EE162DA2C92026A5B96ED89737975AA8
C:\WINDOWS\System32\drivers\usbhub.sys C27FEE9758E3BEDE4D48B5EDBE1122CF
C:\WINDOWS\System32\drivers\UsbHub3.sys 4FA9C956E569D0D380C2859542361780
C:\WINDOWS\System32\drivers\usbohci.sys 44B954306BB2B311E070EDA276FECAB1
C:\WINDOWS\System32\drivers\usbprint.sys EEF26F9034F0608B93D4D239534BB0BA
C:\WINDOWS\System32\drivers\usbser.sys 913CFF365DB1803525DBD2AA8B8188B4
C:\WINDOWS\System32\drivers\USBSTOR.SYS 441CAE778B6A1FF6E618E37814A7A52A
C:\WINDOWS\System32\drivers\usbuhci.sys 2D6BB2157B37B2D9DABF8C218F2A805B
C:\WINDOWS\System32\Drivers\usbvideo.sys 68788AE61B2E6A7D97CAD73B632F5BF5
C:\WINDOWS\System32\drivers\USBXHCI.SYS 41E5A6188180DC72BCECA999ED2532D4
C:\WINDOWS\System32\drivers\vdrvroot.sys C77C537077822D8EA529AD4EBFD971D6
C:\WINDOWS\System32\drivers\VerifierExt.sys 9D4EEE333603F3675685F644053499D5
C:\WINDOWS\System32\drivers\vhdmp.sys 9240C24121E3A581F8BC198413AEA06E
C:\WINDOWS\System32\drivers\vhf.sys E10FEBB566E1F0A3936AB304F338637E
C:\WINDOWS\System32\drivers\vmbus.sys 079B4378614A40A308F9C721A50C7B87
C:\WINDOWS\System32\drivers\VMBusHID.sys DC9E0600B356258E31403789119C78A9
C:\WINDOWS\System32\drivers\vmgid.sys B24F74B2710B66F647419697BDB9E163
C:\WINDOWS\System32\drivers\vnvdimm.sys D81F6B790519A60F3D1788B45D04B749
C:\WINDOWS\System32\drivers\volmgr.sys C9052650BBF2124CD525A26D5C2A6671
C:\WINDOWS\System32\drivers\volmgrx.sys 6D6CACED512C1EF1FEAC215E37E3A9BC
C:\WINDOWS\System32\drivers\volsnap.sys 5B27846CF4B1C21AFB3A35A8336BA02F
C:\WINDOWS\System32\drivers\volume.sys 72A95A844D6BAF2924A4C15BEDFD6BCA
C:\WINDOWS\System32\drivers\vpci.sys 702273C7C1BE9D366BAF1305D382F03C
C:\WINDOWS\System32\drivers\vsmraid.sys 075CE3C9E77D2666AFA888951E5F07A9
C:\WINDOWS\System32\drivers\vstxraid.sys 26D00E85BE4726B114335250FCDEDA89
C:\WINDOWS\System32\drivers\vwifibus.sys 3DFDB573E4D49EA8F416B573525B7A86
C:\WINDOWS\System32\drivers\vwififlt.sys A40FA64655AB5B8773A96A821616C5FC
C:\WINDOWS\System32\drivers\vwifimp.sys 0D34F98DBDF09D239533AC345C360F03
C:\WINDOWS\System32\drivers\wacompen.sys 5B5430522E0BDF2A753D758710BE7C5E
C:\WINDOWS\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\WINDOWS\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\WINDOWS\system32\drivers\wcifs.sys 520E4FD6B5BF5349DD1499F2AEFB7C50
C:\WINDOWS\system32\drivers\wcnfs.sys 9DE3FDFF295F2534DF0A8B6FC4F06355
C:\WINDOWS\System32\drivers\WdBoot.sys 6FD8F1FBED780A7F3DF329C834E52AC5
C:\WINDOWS\System32\drivers\Wdf01000.sys FCC960498E3CD899F0A429F7CF9E77AD
C:\WINDOWS\System32\drivers\WdFilter.sys 7D182F0F227FC141C5D2085175BE05F6
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 2D50C46EFE924BC24F63A45D2DB1AA3A
C:\WINDOWS\System32\Drivers\WdNisDrv.sys 0D38C257A7B34A818726BA2F323B196E
C:\WINDOWS\System32\drivers\wdnsfltr.sys DF58AA71FBA55E15F572C93447696DEC
C:\WINDOWS\System32\drivers\wfplwfs.sys 8E101DF42D36E04EC610581BA478B38F
C:\WINDOWS\System32\drivers\wimmount.sys C8D3FC38426E990E2787771678B19C6D
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys 0484B0D01EA6F7017519EBDDBADE759D
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 813EE0F4D4B8D599DB1968682D080732
C:\WINDOWS\System32\drivers\winmad.sys E23475E9150E6A50B12DB176EA5CDD56
C:\WINDOWS\System32\drivers\winnat.sys EABEF39BBEEDB3845C36893931DADCD1
C:\WINDOWS\System32\drivers\WinUSB.SYS E92F3539C4758F6A9F4B80CBAC75B3E6
C:\WINDOWS\System32\drivers\winverbs.sys 59126AFCC64270747B5CC9B44A4A48F4
C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys 569FB3D619213F226CBB60F9CB8FE1BD
C:\WINDOWS\System32\drivers\wmiacpi.sys E8C793ED028E132771988760819E3754
C:\Windows\System32\Drivers\Wof.sys 8D6E6F6C233AF450C50FA615530B44D2
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 9EAE1EF282864674355B4B81DF6AE935
C:\WINDOWS\system32\drivers\ws2ifsl.sys 367B3ED0C688AFE28C376B0230814567
C:\WINDOWS\System32\drivers\WudfPf.sys BD5E68B369DF3453A0A87663C6C5476D
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\System32\drivers\xboxgip.sys 2244A4CEFE8F9C74091369ACE2E9EBC6
C:\WINDOWS\System32\drivers\xinputhid.sys 4A91B49C6B1E41151D47CB919ADF013A

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-22 06:03 - 2018-01-22 06:04 - 000031862 _____ C:\Users\pp\Desktop\FRST.txt
2018-01-22 06:03 - 2018-01-22 06:03 - 000000000 ____D C:\FRST
2018-01-22 06:02 - 2018-01-22 06:02 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-22 06:02 - 2018-01-22 06:02 - 000000993 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2018-01-22 06:02 - 2018-01-22 06:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-22 06:02 - 2018-01-22 06:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-22 05:25 - 2018-01-22 05:25 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-22 05:25 - 2018-01-22 05:25 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-22 05:25 - 2018-01-22 05:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-22 05:25 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-22 05:24 - 2018-01-22 05:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-22 05:24 - 2018-01-22 05:24 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-22 05:23 - 2018-01-22 05:25 - 000096112 _____ C:\TDSSKiller.3.1.0.15_22.01.2018_05.23.09_log.txt
2018-01-22 05:21 - 2018-01-22 05:22 - 000002466 _____ C:\Users\pp\Desktop\Rkill.txt
2018-01-22 05:21 - 2018-01-22 05:21 - 000000000 ____D C:\Users\pp\Desktop\rkill
2018-01-22 05:18 - 2018-01-22 05:16 - 083316440 _____ (Malwarebytes ) C:\Users\pp\Desktop\mb3-setup-1878.1878-3.3.1.2183.exe
2018-01-22 05:18 - 2018-01-22 05:16 - 008206624 _____ (Malwarebytes) C:\Users\pp\Desktop\AdwCleaner.exe
2018-01-22 05:18 - 2018-01-22 05:16 - 005660870 _____ (Swearware) C:\Users\pp\Desktop\ComboFix.exe
2018-01-22 05:18 - 2018-01-22 05:16 - 004922400 _____ (AO Kaspersky Lab) C:\Users\pp\Desktop\tdsskiller.exe
2018-01-22 05:18 - 2018-01-22 05:16 - 002393088 _____ (Farbar) C:\Users\pp\Desktop\FRST64.exe
2018-01-22 05:18 - 2018-01-22 05:16 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\pp\Desktop\rkill.exe
2018-01-21 12:12 - 2018-01-21 12:12 - 000002946 _____ C:\Users\pp\Documents\].xml
2018-01-21 11:56 - 2018-01-21 11:56 - 000000000 ____D C:\Users\pp\AppData\Local\MicrosoftEdge
2018-01-21 10:53 - 2018-01-21 10:53 - 000000000 ____D C:\Users\pp\AppData\Local\Comms
2018-01-21 10:47 - 2018-01-21 10:47 - 000000000 ____D C:\Users\pp\AppData\Local\Microsoft_Corporation
2018-01-21 10:44 - 2018-01-21 10:44 - 000000000 ____D C:\Users\pp\AppData\Local\DBG
2018-01-21 10:39 - 2018-01-21 11:54 - 000000000 ___RD C:\Users\pp\OneDrive
2018-01-21 10:37 - 2018-01-21 10:37 - 000000000 ____D C:\ProgramData\USOShared
2018-01-21 10:37 - 2018-01-21 10:37 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-01-21 10:36 - 2018-01-21 10:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-21 10:36 - 2018-01-21 10:36 - 000000000 ____D C:\Users\pp\AppData\Local\Publishers
2018-01-21 10:35 - 2018-01-21 11:53 - 000862320 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-21 10:35 - 2018-01-21 10:53 - 000000000 ____D C:\Users\pp\AppData\Local\Packages
2018-01-21 10:35 - 2018-01-21 10:39 - 000000000 ____D C:\Users\pp
2018-01-21 10:35 - 2018-01-21 10:35 - 000000020 ___SH C:\Users\pp\ntuser.ini
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ___RD C:\Users\pp\3D Objects
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ____D C:\Users\pp\AppData\Roaming\Synaptics
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ____D C:\Users\pp\AppData\Roaming\Adobe
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ____D C:\Users\pp\AppData\Local\VirtualStore
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ____D C:\Users\pp\AppData\Local\ConnectedDevicesPlatform
2018-01-21 10:32 - 2017-09-29 05:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-01-21 10:31 - 2018-01-21 10:31 - 000000000 _SHDL C:\Users\Default User
2018-01-21 10:31 - 2018-01-21 10:31 - 000000000 _SHDL C:\Users\All Users
2018-01-21 10:31 - 2018-01-21 10:31 - 000000000 _SHDL C:\Documents and Settings
2018-01-21 10:31 - 2018-01-21 10:31 - 000000000 ____D C:\ProgramData\Synaptics
2018-01-21 10:27 - 2018-01-21 10:27 - 000077175 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-01-21 10:27 - 2018-01-21 10:27 - 000003222 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_Session
2018-01-21 10:27 - 2018-01-21 10:27 - 000003194 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-01-21 10:27 - 2018-01-21 10:27 - 000002058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2018-01-21 10:27 - 2018-01-21 10:27 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-01-21 10:27 - 2018-01-21 10:27 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-01-21 10:27 - 2018-01-21 10:27 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2018-01-21 10:27 - 2018-01-21 10:27 - 000000000 ____D C:\ProgramData\SRS Labs
2018-01-21 10:27 - 2018-01-21 10:27 - 000000000 ____D C:\Program Files\Realtek
2018-01-21 10:26 - 2018-01-21 11:49 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-01-21 10:26 - 2018-01-21 11:49 - 000000000 ____D C:\Intel
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____D C:\Program Files\Intel
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____D C:\Program Files (x86)\Intel
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2018-01-21 10:26 - 2017-05-15 00:55 - 000103912 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-01-21 10:26 - 2017-05-15 00:55 - 000099816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-01-21 10:25 - 2018-01-22 05:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-21 10:25 - 2018-01-21 11:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-21 10:25 - 2018-01-21 10:25 - 000222832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-21 10:25 - 2018-01-21 10:25 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-01-21 10:12 - 2018-01-21 10:13 - 000000000 ____D C:\Windows.old
2018-01-21 10:12 - 2018-01-21 10:12 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-01-21 10:12 - 2018-01-21 10:12 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-01-21 10:11 - 2018-01-21 10:11 - 000000000 ____D C:\Program Files\Synaptics
2018-01-21 10:09 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\Setup
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\0409
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\OCR
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\DigitalLocker
2018-01-21 10:02 - 2017-12-22 05:45 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-01-21 10:02 - 2017-12-22 05:45 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-21 09:59 - 2018-01-21 09:55 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2018-01-21 09:59 - 2018-01-21 09:55 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2018-01-21 09:59 - 2018-01-21 09:55 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2018-01-21 09:58 - 2018-01-22 06:02 - 000000000 ___RD C:\Program Files (x86)
2018-01-21 09:58 - 2018-01-21 10:53 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-21 09:58 - 2018-01-21 10:53 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-21 09:58 - 2018-01-21 10:37 - 000000000 ____D C:\ProgramData\USOPrivate
2018-01-21 09:58 - 2018-01-21 10:32 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-01-21 09:58 - 2018-01-21 10:32 - 000000000 ____D C:\WINDOWS\system32\spool
2018-01-21 09:58 - 2018-01-21 10:32 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-01-21 09:58 - 2018-01-21 10:29 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-01-21 09:58 - 2018-01-21 10:28 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-01-21 09:58 - 2018-01-21 10:28 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-01-21 09:58 - 2018-01-21 10:12 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\Program Files\Windows Defender
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\setup
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\com
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\IME
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\Help
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\Program Files\Common Files\system
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 __RSD C:\WINDOWS\media
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 __RHD C:\Users\Public\Libraries
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Web
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Vss
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\tracing
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\TAPI
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SystemResources
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SystemApps
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\winevt
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\ras
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\IME
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\ias
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\System
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SKB
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\security
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\schemas
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SchCache
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Resources
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\rescache
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Registration
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\PLA
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Performance
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\InputMethod
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Globalization
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Cursors
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Branding
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\appcompat
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\addins
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files\Windows Security
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files\windows nt
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files\Common Files\Services
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-01-21 09:58 - 2018-01-21 09:55 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2018-01-21 09:58 - 2018-01-21 09:55 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2018-01-21 09:58 - 2018-01-21 09:55 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2018-01-21 09:58 - 2018-01-21 09:55 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2018-01-21 09:58 - 2018-01-21 09:55 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2018-01-21 09:58 - 2018-01-21 09:55 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2018-01-21 09:58 - 2018-01-21 09:55 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2018-01-21 09:58 - 2018-01-21 09:55 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2018-01-21 09:58 - 2018-01-21 09:55 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2018-01-21 09:58 - 2018-01-21 09:55 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2018-01-21 09:58 - 2018-01-21 09:55 - 000000219 _____ C:\WINDOWS\system.ini
2018-01-21 09:58 - 2018-01-21 09:55 - 000000092 _____ C:\WINDOWS\win.ini
2018-01-21 09:56 - 2018-01-22 05:40 - 000000000 ____D C:\WINDOWS\INF
2018-01-21 09:51 - 2018-01-21 11:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-21 09:49 - 2018-01-21 11:48 - 080216064 _____ C:\WINDOWS\system32\config\SYSTEM
2018-01-21 09:49 - 2018-01-21 11:48 - 070254592 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-01-21 09:49 - 2018-01-21 11:48 - 000262144 _____ C:\WINDOWS\system32\config\DEFAULT
2018-01-21 09:49 - 2018-01-21 11:48 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-01-21 09:49 - 2018-01-21 11:48 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2018-01-21 09:49 - 2018-01-21 10:31 - 000000000 ____D C:\WINDOWS\Panther
2018-01-21 09:49 - 2018-01-21 10:26 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-21 09:49 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\servicing
2018-01-21 09:49 - 2018-01-21 10:03 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2018-01-21 09:49 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\SMI
2018-01-21 09:36 - 2018-01-21 10:13 - 000000000 ___HD C:\$SysReset
2018-01-16 14:11 - 2017-08-18 02:23 - 000055384 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2018-01-16 14:11 - 2017-08-18 02:23 - 000053848 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF.sys
2018-01-16 13:59 - 2018-01-01 04:50 - 005905752 ____N (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-16 13:59 - 2018-01-01 04:49 - 008605080 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-16 13:59 - 2018-01-01 04:48 - 007831760 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-16 13:59 - 2018-01-01 04:41 - 007676296 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-16 13:59 - 2018-01-01 04:38 - 003904808 ____N (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-16 13:59 - 2018-01-01 04:34 - 007385088 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-16 13:59 - 2018-01-01 04:23 - 021352144 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-16 13:59 - 2018-01-01 03:45 - 006092152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-16 13:59 - 2018-01-01 03:42 - 006479552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-16 13:59 - 2018-01-01 03:37 - 025247232 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-16 13:59 - 2018-01-01 03:24 - 003668480 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-16 13:59 - 2018-01-01 03:20 - 019337216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-16 13:59 - 2018-01-01 03:20 - 018917888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-16 13:59 - 2018-01-01 03:19 - 008014848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-16 13:59 - 2018-01-01 03:17 - 011923968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-16 13:59 - 2018-01-01 03:15 - 012687872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-16 13:59 - 2018-01-01 03:15 - 006029312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-16 13:59 - 2018-01-01 03:14 - 023655936 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-16 13:59 - 2018-01-01 03:13 - 013657600 ____N (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-16 13:59 - 2018-01-01 03:13 - 012830208 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-16 13:59 - 2018-01-01 03:11 - 008108544 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-16 13:59 - 2018-01-01 03:11 - 004748288 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-16 13:59 - 2018-01-01 03:11 - 003165696 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-16 13:59 - 2017-12-07 14:10 - 006466048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-01-16 13:59 - 2017-12-07 14:02 - 007545344 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-01-16 13:59 - 2017-11-26 12:35 - 017084416 ____N (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-01-16 13:59 - 2017-11-26 12:32 - 021754368 ____N (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-01-16 13:59 - 2017-11-26 05:29 - 003010720 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-01-16 13:59 - 2017-11-26 05:29 - 002573208 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-01-16 13:59 - 2017-11-26 05:27 - 002446744 ____N (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-01-16 13:59 - 2017-11-26 05:23 - 001694224 ____N (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-01-16 13:59 - 2017-11-26 04:18 - 003186688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-01-16 13:59 - 2017-11-26 04:08 - 017159680 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-01-16 13:59 - 2017-11-26 04:04 - 002596352 ____N (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-01-16 13:59 - 2017-11-26 04:03 - 002783744 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-01-16 13:59 - 2017-11-26 03:59 - 004814848 ____N (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-01-16 13:59 - 2017-11-26 03:01 - 002339296 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-01-16 13:59 - 2017-11-26 02:36 - 013703168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-01-16 13:59 - 2017-11-26 02:28 - 004249600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-01-16 13:59 - 2017-11-18 23:35 - 003331520 ____N C:\WINDOWS\system32\Windows.Mirage.dll
2018-01-16 13:59 - 2017-11-18 18:20 - 002491112 ____N C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-01-16 13:59 - 2017-10-24 20:27 - 006791472 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-01-16 13:59 - 2017-10-24 20:20 - 002717392 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-01-16 13:59 - 2017-10-24 19:22 - 006015200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-01-16 13:59 - 2017-10-24 19:22 - 002465848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-01-16 13:59 - 2017-10-24 19:13 - 002972672 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-01-16 13:59 - 2017-10-09 22:49 - 001554216 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-01-16 13:58 - 2018-01-01 09:15 - 000956416 ____N (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-16 13:58 - 2018-01-01 04:54 - 000924648 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-16 13:58 - 2018-01-01 04:53 - 001090984 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-16 13:58 - 2018-01-01 04:52 - 000066712 ____N (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-16 13:58 - 2018-01-01 04:51 - 001414784 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-16 13:58 - 2018-01-01 04:51 - 001209240 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-16 13:58 - 2018-01-01 04:51 - 001055128 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-16 13:58 - 2018-01-01 04:51 - 000191816 ____N (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-16 13:58 - 2018-01-01 04:51 - 000059800 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-16 13:58 - 2018-01-01 04:50 - 000780464 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-16 13:58 - 2018-01-01 04:50 - 000479912 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-16 13:58 - 2018-01-01 04:50 - 000077208 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-16 13:58 - 2018-01-01 04:49 - 000599448 ____N (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-16 13:58 - 2018-01-01 04:49 - 000319352 ____N (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-16 13:58 - 2018-01-01 04:49 - 000292376 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-16 13:58 - 2018-01-01 04:48 - 001954048 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-16 13:58 - 2018-01-01 04:48 - 000382360 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-16 13:58 - 2018-01-01 04:47 - 000649304 ____N (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-16 13:58 - 2018-01-01 04:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-16 13:58 - 2018-01-01 04:46 - 002709704 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-16 13:58 - 2018-01-01 04:46 - 000898216 ____N (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-16 13:58 - 2018-01-01 04:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-16 13:58 - 2018-01-01 04:46 - 000471960 ____N (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-16 13:58 - 2018-01-01 04:45 - 002395032 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-16 13:58 - 2018-01-01 04:45 - 001277848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-16 13:58 - 2018-01-01 04:45 - 000398744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-16 13:58 - 2018-01-01 04:43 - 001173576 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-16 13:58 - 2018-01-01 04:43 - 000367336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-16 13:58 - 2018-01-01 04:43 - 000062872 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-16 13:58 - 2018-01-01 04:42 - 001029016 ____N (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-16 13:58 - 2018-01-01 04:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-16 13:58 - 2018-01-01 04:42 - 000494488 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-16 13:58 - 2018-01-01 04:42 - 000184984 ____N (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-16 13:58 - 2018-01-01 04:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-16 13:58 - 2018-01-01 04:41 - 000559512 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-16 13:58 - 2018-01-01 04:41 - 000549552 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-16 13:58 - 2018-01-01 04:40 - 001206680 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-16 13:58 - 2018-01-01 04:39 - 000902416 ____N (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-16 13:58 - 2018-01-01 04:39 - 000677784 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-16 13:58 - 2018-01-01 04:39 - 000508264 ____N (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-16 13:58 - 2018-01-01 04:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-16 13:58 - 2018-01-01 04:39 - 000129432 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-16 13:58 - 2018-01-01 04:38 - 000727448 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-16 13:58 - 2018-01-01 04:38 - 000519152 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-16 13:58 - 2018-01-01 04:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-16 13:58 - 2018-01-01 04:38 - 000038808 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-16 13:58 - 2018-01-01 04:37 - 001426664 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-16 13:58 - 2018-01-01 04:37 - 000461720 ____N (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-16 13:58 - 2018-01-01 04:36 - 000413888 ____N (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-16 13:58 - 2018-01-01 04:36 - 000374032 ____N (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-16 13:58 - 2018-01-01 04:36 - 000166296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-16 13:58 - 2018-01-01 04:36 - 000113560 ____N (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-16 13:58 - 2018-01-01 04:36 - 000057752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-16 13:58 - 2018-01-01 04:35 - 001170008 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-16 13:58 - 2018-01-01 04:35 - 000075160 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-16 13:58 - 2018-01-01 04:34 - 001336344 ____N (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-16 13:58 - 2018-01-01 04:34 - 000260896 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-16 13:58 - 2018-01-01 04:34 - 000087384 ____N (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-16 13:58 - 2018-01-01 04:33 - 002773400 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-16 13:58 - 2018-01-01 04:33 - 000603920 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-16 13:58 - 2018-01-01 04:32 - 004481240 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-16 13:58 - 2018-01-01 04:32 - 000617304 ____N (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-16 13:58 - 2018-01-01 04:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-16 13:58 - 2018-01-01 04:27 - 000163736 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-16 13:58 - 2018-01-01 04:26 - 000428952 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-16 13:58 - 2018-01-01 04:26 - 000081304 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-16 13:58 - 2018-01-01 04:25 - 000615768 ____N (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-16 13:58 - 2018-01-01 04:25 - 000147864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-16 13:58 - 2018-01-01 04:21 - 001103768 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-16 13:58 - 2018-01-01 04:21 - 000614296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-16 13:58 - 2018-01-01 04:06 - 000311192 ____N (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-16 13:58 - 2018-01-01 04:03 - 000777904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-16 13:58 - 2018-01-01 04:03 - 000650328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-16 13:58 - 2018-01-01 04:03 - 000566664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-16 13:58 - 2018-01-01 04:03 - 000123512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-16 13:58 - 2018-01-01 03:53 - 001615712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-16 13:58 - 2018-01-01 03:49 - 000481464 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-16 13:58 - 2018-01-01 03:49 - 000258808 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-16 13:58 - 2018-01-01 03:46 - 003485392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-16 13:58 - 2018-01-01 03:46 - 000289816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-16 13:58 - 2018-01-01 03:45 - 005615968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-16 13:58 - 2018-01-01 03:45 - 002192624 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-16 13:58 - 2018-01-01 03:45 - 000450928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-16 13:58 - 2018-01-01 03:43 - 020286120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 004644912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 001246432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 001003152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000982528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000386424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000129184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000074992 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-16 13:58 - 2018-01-01 03:34 - 000703568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 002905600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-16 13:58 - 2018-01-01 03:25 - 001008640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 000475648 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 000344576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 000097792 ____N C:\WINDOWS\system32\runexehelper.exe
2018-01-16 13:58 - 2018-01-01 03:24 - 000240640 ____N (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-16 13:58 - 2018-01-01 03:24 - 000202240 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-16 13:58 - 2018-01-01 03:24 - 000096256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-16 13:58 - 2018-01-01 03:24 - 000038912 ____N (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 001313792 ____N (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000561152 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000536576 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-16 13:58 - 2018-01-01 03:23 - 000250368 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000232960 ____N (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-16 13:58 - 2018-01-01 03:23 - 000121344 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000080384 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-16 13:58 - 2018-01-01 03:23 - 000047104 ____N (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-16 13:58 - 2018-01-01 03:22 - 000031744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-16 13:58 - 2018-01-01 03:22 - 000025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-16 13:58 - 2018-01-01 03:22 - 000017408 ____N (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000268288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000233984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-16 13:58 - 2018-01-01 03:21 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000097280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000097280 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-16 13:58 - 2018-01-01 03:21 - 000080896 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-16 13:58 - 2018-01-01 03:21 - 000062976 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-16 13:58 - 2018-01-01 03:20 - 000524288 ____N (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000459776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000397824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000225792 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-16 13:58 - 2018-01-01 03:20 - 000215552 ____N (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000212992 ____N (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000204288 ____N (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000186368 ____N (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000175616 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000134656 ____N (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000104960 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000082432 ____N (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-16 13:58 - 2018-01-01 03:20 - 000035328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000795136 ____N (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000675328 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000461312 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000450048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000430080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000416768 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-16 13:58 - 2018-01-01 03:19 - 000369152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000366080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000365568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000340480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-16 13:58 - 2018-01-01 03:19 - 000334848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000316928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-16 13:58 - 2018-01-01 03:19 - 000188416 ____N (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000174592 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000149504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000142848 ____N (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000097792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000093696 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000079872 ____N (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000073216 ____N (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-16 13:58 - 2018-01-01 03:19 - 000063488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000043008 ____N (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000748032 ____N (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000699904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000588800 ____N (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000465920 ____N (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000436224 ____N (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000432640 ____N (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000431616 ____N (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000427008 ____N (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000425984 ____N (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000391168 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000380928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000374784 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000369664 ____N (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000343040 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000336896 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000276480 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000261632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000259072 ____N (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000210944 ____N (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000144896 ____N (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000082944 ____N (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 006564864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 001485312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000791552 ____N (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000708096 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000616960 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000594432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000568832 ____N (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000559104 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000555520 ____N (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000542208 ____N (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000456704 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000423936 ____N (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000341504 ____N (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000228352 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-16 13:58 - 2018-01-01 03:17 - 000112640 ____N (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 005833216 ____N (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 004839424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 003676672 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000966656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000956928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000831488 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000815616 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000812544 ____N (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000720896 ____N (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000668160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000664576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000624128 ____N (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000594944 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000463360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000401920 ____N (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000235008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000086528 ____N (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000076288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 002349568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 001657856 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 001245184 ____N (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000970240 ____N (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000951808 ____N (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000756736 ____N (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000588800 ____N (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000434176 ____N (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000366080 ____N (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000258560 ____N (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 002465280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 001495040 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 001097728 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 001003008 ____N (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 000985600 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 000917504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 000870912 ____N (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 003121664 ____N (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 002869760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 002013184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-16 13:58 - 2018-01-01 03:13 - 001559552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 001474560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 000897024 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 002633216 ____N (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 002208768 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 001573376 ____N (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 001547776 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 001424896 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 000760320 ____N (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-16 13:58 - 2018-01-01 03:12 - 000464384 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 003334144 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 002859520 ____N (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 002082304 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-16 13:58 - 2018-01-01 03:11 - 001822208 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001816576 ____N (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001597952 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001343488 ____N (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001231872 ____N (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 000880640 ____N (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 000812032 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 000715776 ____N (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-16 13:58 - 2018-01-01 03:10 - 003126272 ____N (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-16 13:58 - 2018-01-01 03:10 - 002528256 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-16 13:58 - 2018-01-01 03:10 - 000012800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 001487872 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 000925184 ____N (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 000666624 ____N (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 000599552 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-16 13:58 - 2018-01-01 03:08 - 000963072 ____N (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-16 13:58 - 2018-01-01 03:08 - 000726016 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-16 13:58 - 2018-01-01 03:08 - 000685056 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-16 13:58 - 2018-01-01 03:08 - 000505344 ____N (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-16 13:58 - 2018-01-01 03:06 - 000018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-16 13:58 - 2018-01-01 03:05 - 002510848 ____N (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-16 13:58 - 2018-01-01 03:05 - 001160704 ____N (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-16 13:58 - 2018-01-01 03:05 - 000050176 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-16 13:58 - 2017-12-07 22:52 - 000666112 ____N (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-01-16 13:58 - 2017-12-07 15:34 - 001925296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-01-16 13:58 - 2017-12-07 15:34 - 001634288 ____N (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-01-16 13:58 - 2017-12-07 15:28 - 000710912 ____N (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-01-16 13:58 - 2017-12-07 15:28 - 000630752 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2018-01-16 13:58 - 2017-12-07 15:27 - 004504456 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-01-16 13:58 - 2017-12-07 15:26 - 000525208 ____N (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-01-16 13:58 - 2017-12-07 15:24 - 000705944 ____N (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-01-16 13:58 - 2017-12-07 15:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-01-16 13:58 - 2017-12-07 15:24 - 000246168 ____N (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-01-16 13:58 - 2017-12-07 15:22 - 001003104 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-01-16 13:58 - 2017-12-07 15:22 - 000979352 ____N (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-01-16 13:58 - 2017-12-07 15:22 - 000137544 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-01-16 13:58 - 2017-12-07 15:16 - 001776272 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-01-16 13:58 - 2017-12-07 15:15 - 000721592 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-01-16 13:58 - 2017-12-07 15:12 - 000401304 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2018-01-16 13:58 - 2017-12-07 14:56 - 001528904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-01-16 13:58 - 2017-12-07 14:55 - 001490328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-01-16 13:58 - 2017-12-07 14:55 - 000097144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-01-16 13:58 - 2017-12-07 14:37 - 001145104 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-01-16 13:58 - 2017-12-07 14:36 - 000769096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2018-01-16 13:58 - 2017-12-07 14:33 - 000747416 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-01-16 13:58 - 2017-12-07 14:33 - 000592280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-01-16 13:58 - 2017-12-07 14:31 - 001522176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-01-16 13:58 - 2017-12-07 14:12 - 000101376 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2018-01-16 13:58 - 2017-12-07 14:10 - 000150528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-01-16 13:58 - 2017-12-07 14:10 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-01-16 13:58 - 2017-12-07 14:09 - 001663488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2018-01-16 13:58 - 2017-12-07 14:09 - 000235520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-01-16 13:58 - 2017-12-07 14:09 - 000147456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2018-01-16 13:58 - 2017-12-07 14:09 - 000143360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2018-01-16 13:58 - 2017-12-07 14:09 - 000136704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2018-01-16 13:58 - 2017-12-07 14:08 - 000514560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2018-01-16 13:58 - 2017-12-07 14:08 - 000206336 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2018-01-16 13:58 - 2017-12-07 14:08 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000254976 ____N (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000246272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000172544 ____N (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-01-16 13:58 - 2017-12-07 14:06 - 000676352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-01-16 13:58 - 2017-12-07 14:06 - 000174080 ____N (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2018-01-16 13:58 - 2017-12-07 14:06 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2018-01-16 13:58 - 2017-12-07 14:05 - 001670656 ____N (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000559616 ____N (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000539136 ____N (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000481792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000363008 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000306688 ____N (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000222208 ____N (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2018-01-16 13:58 - 2017-12-07 14:05 - 000019456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2018-01-16 13:58 - 2017-12-07 14:04 - 001498112 ____N (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-01-16 13:58 - 2017-12-07 14:04 - 001321472 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 001230848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000841728 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000708096 ____N (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000308736 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000085504 ____N (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2018-01-16 13:58 - 2017-12-07 14:02 - 002864640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2018-01-16 13:58 - 2017-12-07 14:02 - 002117632 ____N (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2018-01-16 13:58 - 2017-12-07 14:02 - 000496640 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 004592640 ____N (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 001980928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 000601088 ____N (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 000021504 ____N (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2018-01-16 13:58 - 2017-12-07 14:00 - 001509888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-01-16 13:58 - 2017-12-07 13:59 - 002105856 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-01-16 13:58 - 2017-12-07 13:59 - 001666048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-01-16 13:58 - 2017-12-07 13:59 - 001058304 ____N (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-01-16 13:58 - 2017-12-07 13:58 - 003478016 ____N (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2018-01-16 13:58 - 2017-12-07 13:58 - 003211776 ____N (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-01-16 13:58 - 2017-12-07 13:58 - 001353728 ____N (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-01-16 13:58 - 2017-12-07 13:56 - 002666496 ____N (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2018-01-16 13:58 - 2017-12-07 13:56 - 001739264 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-01-16 13:58 - 2017-12-07 13:54 - 001570816 ____N (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-01-16 13:58 - 2017-11-26 12:15 - 000882688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-01-16 13:58 - 2017-11-26 08:43 - 000618496 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-01-16 13:58 - 2017-11-26 05:45 - 001642520 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-01-16 13:58 - 2017-11-26 05:45 - 000264040 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-01-16 13:58 - 2017-11-26 05:45 - 000198888 ____N (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-01-16 13:58 - 2017-11-26 05:41 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-01-16 13:58 - 2017-11-26 05:38 - 001636376 ____N (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-01-16 13:58 - 2017-11-26 05:32 - 000373656 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-01-16 13:58 - 2017-11-26 05:31 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-01-16 13:58 - 2017-11-26 05:30 - 001488792 ____N (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-01-16 13:58 - 2017-11-26 05:29 - 000891800 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-01-16 13:58 - 2017-11-26 05:29 - 000840440 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2018-01-16 13:58 - 2017-11-26 05:29 - 000749976 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-01-16 13:58 - 2017-11-26 05:29 - 000703536 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-01-16 13:58 - 2017-11-26 05:29 - 000436120 ____N (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-01-16 13:58 - 2017-11-26 05:28 - 001259344 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-01-16 13:58 - 2017-11-26 05:28 - 001012120 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2018-01-16 13:58 - 2017-11-26 05:28 - 000495000 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-01-16 13:58 - 2017-11-26 05:28 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-01-16 13:58 - 2017-11-26 05:27 - 002412168 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-01-16 13:58 - 2017-11-26 05:27 - 000464408 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-01-16 13:58 - 2017-11-26 05:27 - 000230296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-01-16 13:58 - 2017-11-26 05:26 - 000048112 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-01-16 13:58 - 2017-11-26 05:23 - 001054280 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-01-16 13:58 - 2017-11-26 05:23 - 000754688 ____N (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-01-16 13:58 - 2017-11-26 05:22 - 000404888 ____N (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-01-16 13:58 - 2017-11-26 05:21 - 001585376 ____N (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-01-16 13:58 - 2017-11-26 05:21 - 000654048 ____N (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-01-16 13:58 - 2017-11-26 04:57 - 001664000 ____N (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 001289216 ____N (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000329728 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000301056 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000211456 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-01-16 13:58 - 2017-11-26 04:55 - 000175104 ____N (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000084992 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-01-16 13:58 - 2017-11-26 04:54 - 000327680 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-01-16 13:58 - 2017-11-26 04:54 - 000092160 ____N (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-01-16 13:58 - 2017-11-26 04:47 - 002890240 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-01-16 13:58 - 2017-11-26 04:43 - 000239104 ____N (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-01-16 13:58 - 2017-11-26 04:36 - 000169472 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-01-16 13:58 - 2017-11-26 04:36 - 000168448 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2018-01-16 13:58 - 2017-11-26 04:36 - 000041472 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2018-01-16 13:58 - 2017-11-26 04:35 - 000170496 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2018-01-16 13:58 - 2017-11-26 04:35 - 000057856 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-01-16 13:58 - 2017-11-26 04:34 - 000126464 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2018-01-16 13:58 - 2017-11-26 04:33 - 000361984 ____N (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2018-01-16 13:58 - 2017-11-26 04:31 - 000529408 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-01-16 13:58 - 2017-11-26 04:31 - 000115200 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-01-16 13:58 - 2017-11-26 04:29 - 000474112 ____N (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2018-01-16 13:58 - 2017-11-26 04:29 - 000238080 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-01-16 13:58 - 2017-11-26 04:28 - 000394752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-01-16 13:58 - 2017-11-26 04:26 - 000830464 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2018-01-16 13:58 - 2017-11-26 04:26 - 000770048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-01-16 13:58 - 2017-11-26 04:26 - 000432640 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 001425408 ____N (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000516096 ____N (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000354304 ____N (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000292864 ____N (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000266752 ____N (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-01-16 13:58 - 2017-11-26 04:19 - 001167360 ____N (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-01-16 13:58 - 2017-11-26 04:19 - 000887296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-01-16 13:58 - 2017-11-26 04:19 - 000059392 ____N (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2018-01-16 13:58 - 2017-11-26 04:18 - 000556544 ____N (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-01-16 13:58 - 2017-11-26 04:17 - 001054720 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-01-16 13:58 - 2017-11-26 04:05 - 000462336 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-01-16 13:58 - 2017-11-26 04:04 - 003578368 ____N (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-01-16 13:58 - 2017-11-26 04:03 - 004772352 ____N (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-01-16 13:58 - 2017-11-26 04:00 - 000899584 ____N (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-01-16 13:58 - 2017-11-26 03:59 - 000259072 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-01-16 13:58 - 2017-11-26 03:58 - 000151040 ____N (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2018-01-16 13:58 - 2017-11-26 03:48 - 000534528 ____N (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2018-01-16 13:58 - 2017-11-26 03:48 - 000079360 ____N (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2018-01-16 13:58 - 2017-11-26 03:21 - 001474680 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-01-16 13:58 - 2017-11-26 03:21 - 001432816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-01-16 13:58 - 2017-11-26 03:02 - 001124760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000791960 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-01-16 13:58 - 2017-11-26 03:01 - 000746904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000590944 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000506256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000354200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-01-16 13:58 - 2017-11-26 03:00 - 001990160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-01-16 13:58 - 2017-11-26 03:00 - 000353848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-01-16 13:58 - 2017-11-26 02:58 - 001148216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-01-16 13:58 - 2017-11-26 02:58 - 001057824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-01-16 13:58 - 2017-11-26 02:51 - 001558856 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-01-16 13:58 - 2017-11-26 02:51 - 000661664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 002393600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 001470976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 000372224 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 000065536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-01-16 13:58 - 2017-11-26 02:40 - 000160256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-01-16 13:58 - 2017-11-26 02:38 - 000271872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2018-01-16 13:58 - 2017-11-26 02:37 - 000098304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-01-16 13:58 - 2017-11-26 02:36 - 000444928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-01-16 13:58 - 2017-11-26 02:36 - 000351232 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2018-01-16 13:58 - 2017-11-26 02:36 - 000315392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2018-01-16 13:58 - 2017-11-26 02:35 - 000557056 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2018-01-16 13:58 - 2017-11-26 02:35 - 000293888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2018-01-16 13:58 - 2017-11-26 02:35 - 000242176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-01-16 13:58 - 2017-11-26 02:31 - 000660480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-01-16 13:58 - 2017-11-26 02:31 - 000456704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-01-16 13:58 - 2017-11-26 02:30 - 004385280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-01-16 13:58 - 2017-11-26 02:30 - 002859520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2018-01-16 13:58 - 2017-11-26 02:29 - 000823808 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-01-16 13:58 - 2017-11-26 02:24 - 000614912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2018-01-16 13:58 - 2017-11-26 02:24 - 000068096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2018-01-16 13:58 - 2017-10-25 01:11 - 000336896 ____N (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2018-01-16 13:58 - 2017-10-24 20:41 - 000362176 ____N (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2018-01-16 13:58 - 2017-10-24 20:40 - 000612760 ____N (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-01-16 13:58 - 2017-10-24 20:40 - 000269696 ____N C:\WINDOWS\system32\FaceProcessorCore.dll
2018-01-16 13:58 - 2017-10-24 20:39 - 000479912 ____N (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2018-01-16 13:58 - 2017-10-24 20:37 - 000610712 ____N (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-01-16 13:58 - 2017-10-24 20:31 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-01-16 13:58 - 2017-10-24 20:30 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-01-16 13:58 - 2017-10-24 20:29 - 002269080 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 20:29 - 001507736 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-01-16 13:58 - 2017-10-24 20:27 - 001970520 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:27 - 001454568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:27 - 001377080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:27 - 001015008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000975872 ____N C:\WINDOWS\system32\FaceProcessor.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000135168 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000095744 ____N (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000056320 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-01-16 13:58 - 2017-10-24 19:16 - 000227328 ____N (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-01-16 13:58 - 2017-10-24 19:16 - 000114688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2018-01-16 13:58 - 2017-10-24 19:14 - 000046080 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2018-01-16 13:58 - 2017-10-24 19:12 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-01-16 13:58 - 2017-10-24 19:11 - 000768512 ____N (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-01-16 13:58 - 2017-10-24 19:09 - 001806336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2018-01-16 13:58 - 2017-10-24 19:08 - 000654848 ____N (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2018-01-16 13:58 - 2017-10-24 19:08 - 000487424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-01-16 13:58 - 2017-10-24 19:07 - 000064512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2018-01-16 13:58 - 2017-10-24 19:05 - 000022528 ____N (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2018-01-16 13:58 - 2017-10-24 19:04 - 000124928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2018-01-16 13:58 - 2017-10-24 19:04 - 000041984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2018-01-16 13:58 - 2017-10-24 19:02 - 000591872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-01-16 13:58 - 2017-10-24 18:58 - 001280000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2018-01-16 13:58 - 2017-10-24 18:54 - 000022528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2018-01-16 13:58 - 2017-10-19 21:08 - 000339968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-01-16 13:58 - 2017-10-09 23:11 - 000739696 ____N (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-01-16 13:58 - 2017-10-09 22:54 - 001463856 ____N (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-01-16 13:58 - 2017-10-09 22:49 - 000060824 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2018-01-16 13:58 - 2017-10-09 22:43 - 000418712 ____N (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2018-01-16 13:58 - 2017-10-09 22:31 - 001323840 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-01-16 13:58 - 2017-10-09 22:11 - 000597160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-01-16 13:58 - 2017-10-09 22:07 - 001261864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-01-16 13:58 - 2017-10-09 22:06 - 000353688 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2018-01-16 13:58 - 2017-10-09 21:43 - 000566272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2018-01-16 13:58 - 2017-10-09 21:43 - 000070656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2018-01-16 13:58 - 2017-10-09 21:42 - 000326144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2018-01-16 13:58 - 2017-10-09 21:34 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-01-16 13:58 - 2017-10-09 21:34 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-01-16 13:58 - 2017-10-09 21:33 - 000086016 ____N (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2018-01-16 13:58 - 2017-10-09 21:33 - 000058880 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2018-01-16 13:58 - 2017-10-09 21:31 - 000665088 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2018-01-16 13:58 - 2017-10-09 21:31 - 000478208 ____N (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2018-01-16 13:58 - 2017-10-09 21:30 - 000442880 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2018-01-16 13:58 - 2017-10-09 21:24 - 000285696 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-01-16 13:58 - 2017-10-03 14:42 - 000640512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2018-01-16 13:58 - 2017-10-03 14:42 - 000008704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2018-01-16 12:47 - 2016-01-05 17:50 - 000328920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsP2Stor.sys
2018-01-16 12:47 - 2015-12-18 10:06 - 004330200 _____ (TODO: <Company name>) C:\WINDOWS\RtCRU64.exe
2018-01-16 12:47 - 2014-10-20 17:50 - 000083160 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
2018-01-16 12:47 - 2014-01-27 13:39 - 009890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 001804688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01011.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 001392792 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\esif_uf.exe
2018-01-16 12:42 - 2015-10-30 02:32 - 000971944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 000668840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 000260072 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\esif_lf.sys
2018-01-16 12:42 - 2015-10-30 02:31 - 000055784 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\dptf_acpi.sys
2018-01-16 12:42 - 2015-10-30 02:31 - 000052200 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\dptf_cpu.sys
2017-11-09 01:55 - 2017-11-09 01:55 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-11-09 01:55 - 2017-11-09 01:55 - 000532368 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-11-09 01:55 - 2017-11-09 01:55 - 000381400 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-11-09 01:55 - 2017-11-09 01:55 - 000166192 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 003410320 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 003121112 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000986992 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-11-09 01:45 - 2017-11-09 01:45 - 000866632 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 003562432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 003509192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 001351232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 001016920 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000877424 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000868176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000737960 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000691672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000526280 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000387304 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000321704 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000088336 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-11-09 01:34 - 2017-11-09 01:34 - 001617728 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-11-09 01:34 - 2017-11-09 01:34 - 001529128 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-11-09 01:33 - 2017-11-09 01:33 - 000609384 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2017-11-09 01:33 - 2017-11-09 01:33 - 000115120 _____ (Conexant System, Inc.) C:\WINDOWS\system32\Caf64api.dll
2017-11-09 01:27 - 2017-11-09 01:27 - 003677152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-11-09 01:27 - 2017-11-09 01:27 - 003205592 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-11-09 01:27 - 2017-11-09 01:27 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-11-09 01:26 - 2017-11-09 01:26 - 072520704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-11-09 01:26 - 2017-11-09 01:26 - 006033832 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-11-09 01:26 - 2017-11-09 01:26 - 002922976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-11-09 01:26 - 2017-11-09 01:26 - 000023680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-11-09 01:25 - 2017-11-09 01:25 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-11-09 01:01 - 2017-11-09 01:01 - 014848602 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-11-09 01:01 - 2017-11-09 01:01 - 000005604 _____ C:\WINDOWS\system32\cxapo.lncs
2017-11-09 01:01 - 2017-11-09 01:01 - 000003780 _____ C:\WINDOWS\system32\cxapo.prop

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{4a678cf4-fb02-11e7-95eb-806e6f6e6963}
{4a678cf3-fb02-11e7-95eb-806e6f6e6963}
timeout 20

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {abb9ba91-fed6-11e7-bb9e-ed071e87330a}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 0

Firmware Application (101fffff)
-------------------------------
identifier {4a678cf3-fb02-11e7-95eb-806e6f6e6963}
description EFI USB Device

Firmware Application (101fffff)
-------------------------------
identifier {4a678cf4-fb02-11e7-95eb-806e6f6e6963}
description Internal Hard Disk or Solid State Disk

Windows Boot Loader
-------------------
identifier {254aa7c9-f984-11e7-b26a-ce11479db281}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{254aa7ca-f984-11e7-b26a-ce11479db281}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride PushButtonReset
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{254aa7ca-f984-11e7-b26a-ce11479db281}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {254aa7c9-f984-11e7-b26a-ce11479db281}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {abb9ba91-fed6-11e7-bb9e-ed071e87330a}
nx OptIn
bootmenupolicy Standard

Resume from Hibernate
---------------------
identifier {abb9ba91-fed6-11e7-bb9e-ed071e87330a}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {254aa7c9-f984-11e7-b26a-ce11479db281}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {254aa7ca-f984-11e7-b26a-ce11479db281}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi


LastRegBack: 2018-01-21 10:25

==================== End of FRST.txt ============================

#6 SomeTiredPerson

SomeTiredPerson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 22 January 2018 - 09:36 AM

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/22/2018 05:21:34 AM in x64 mode.
Windows Version: Windows 10 Home

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Active Proxy Server Detected

* Proxy Disabled.
* ProxyOverride value deleted.
* ProxyServer value deleted.
* AutoConfigURL value deleted.
* Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:

* No issues found in the Registry.

Backup Registry file created at:
C:\Users\pp\Desktop\rkill\rkill-01-22-2018-05-21-40.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/22/2018 05:22:00 AM
Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)



Users shortcut scan result (x64) Version: 21.01.2018
Ran by pp (22-01-2018 06:05:55)
Running from C:\Users\pp\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\pp\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\pp\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\pp\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\pp\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\pp\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\pp ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\Links\Desktop.lnk -> C:\Users\pp\Desktop ()
Shortcut: C:\Users\pp\Links\Downloads.lnk -> C:\Users\pp\Downloads ()
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) -> /LAUNCH_BY_STARTMENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe () -> /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\pp\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\Users\pp\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

==================== End of Shortcut.txt =============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by pp (22-01-2018 06:05:31)
Running from C:\Users\pp\Desktop
Windows 10 Home Version 1709 16299.192 (X64) (2018-01-21 18:31:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3542715463-485064358-3187586401-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3542715463-485064358-3187586401-503 - Limited - Disabled)
Guest (S-1-5-21-3542715463-485064358-3187586401-501 - Limited - Disabled)
pp (S-1-5-21-3542715463-485064358-3187586401-1001 - Administrator - Enabled) => C:\Users\pp
WDAGUtilityAccount (S-1-5-21-3542715463-485064358-3187586401-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.29092 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8295 - Realtek Semiconductor Corp.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3542715463-485064358-3187586401-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\pp\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3542715463-485064358-3187586401-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\pp\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3542715463-485064358-3187586401-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\pp\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {7D527D1A-0942-47C0-BB18-D11004D5AD35} - System32\Tasks\RtHDVBg_Session => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-11-09] (Realtek Semiconductor)
Task: {BD7F36FA-EBD4-4ED7-94EF-31AC5F4DA65D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2017-11-09] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-01-16 13:59 - 2017-11-26 04:23 - 011044864 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-01-16 13:59 - 2017-11-26 04:01 - 001804288 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-22 05:25 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-29 06:43 - 2017-09-29 06:43 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-29 06:43 - 2017-09-29 06:43 - 010628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-09-29 06:43 - 2017-09-29 06:43 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-09-29 06:43 - 2017-09-29 06:43 - 000766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-01-21 09:58 - 2018-01-21 09:55 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3542715463-485064358-3187586401-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3542715463-485064358-3187586401-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{68F56392-D39D-4E95-A6D6-6026BF6608BB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{01C4FF4A-B125-4EEF-AA7B-2EAC9BD1A39E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2018 04:18:22 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8db63db6-4f8f-46d6-a448-66444faaaa72;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (01/21/2018 11:50:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8db63db6-4f8f-46d6-a448-66444faaaa72;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/21/2018 11:47:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 10.0.16299.15, time stamp: 0x5098c662
Faulting module name: ntdll.dll, version: 10.0.16299.192, time stamp: 0x6dead514
Exception code: 0xc0000409
Fault offset: 0x0000000000090d8f
Faulting process id: 0x1fd8
Faulting application start time: 0x01d392e92e26e55a
Faulting application path: C:\WINDOWS\system32\mmc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: cc4c2bac-4e46-4373-b8c2-4e488837294e
Faulting package full name:
Faulting package-relative application ID:

Error: (01/21/2018 10:44:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.16299.15, time stamp: 0x7640753d
Faulting module name: CoreUIComponents.dll, version: 10.0.16299.15, time stamp: 0x35d247d6
Exception code: 0xc0000005
Fault offset: 0x000000000008e1f4
Faulting process id: 0x994
Faulting application start time: 0x01d392e6e971df05
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
Report Id: 0a6e3cfd-2fc6-4a1e-8211-43a05d3c2f37
Faulting package full name: windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (01/22/2018 04:21:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/22/2018 04:18:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/22/2018 04:18:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 11:49:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 11:49:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 10:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 10:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 10:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 10:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 10:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU N3060 @ 1.60GHz
Percentage of memory in use: 39%
Total physical RAM: 4001.58 MB
Available physical RAM: 2421.55 MB
Total Virtual: 5409.58 MB
Available Virtual: 3741.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:28.52 GB) (Free:12.53 GB) NTFS
Drive d: () (Removable) (Total:29.16 GB) (Free:29.03 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 29.1 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 29.2 GB) (Disk ID: 7355745B)
Partition 1: (Not Active) - (Size=29.2 GB) - (Type=0C)

==================== End of Addition.txt ============================


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by pp (administrator) on DESKTOP-JVRUI6V (22-01-2018 06:03:56)
Running from C:\Users\pp\Desktop
Loaded Profiles: pp (Available Profiles: pp)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ManualProxies: 1198.168.0.1:80

Internet Explorer:
==================

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373696 2017-05-15] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2017-11-09] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7407040 2017-05-15] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-22] (Malwarebytes)
R1 MpKsl1878536b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl1878536b.sys [44928 2018-01-21] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7647232 2017-10-17] (Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [328920 2016-01-05] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [53848 2017-08-18] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys 08312DEEF0D3F8647AA53AD90A69094E
C:\WINDOWS\System32\drivers\3ware.sys 645009E711BBF117CCEE917A03FB0CDD
C:\WINDOWS\System32\drivers\ACPI.sys 69481E5474C7E61CDB3FE6A8A0F3B1B4
C:\WINDOWS\System32\drivers\AcpiDev.sys 44EA35A4B397898A83BF1B9B4B8DAE35
C:\WINDOWS\System32\Drivers\acpiex.sys 91D113A1532B8AB1E25B7DE5AB3C2F83
C:\WINDOWS\System32\drivers\acpipagr.sys 620BB2682BA625DF037072D89F44F6EE
C:\WINDOWS\System32\drivers\acpipmi.sys B9805A3C479390CEAEA5AEF5E4A90A2E
C:\WINDOWS\System32\drivers\acpitime.sys ABD4EB55C661143B015BD0B9B47B235C
C:\WINDOWS\System32\drivers\ADP80XX.SYS 8C58BD711FAD5F11E8CFDBC5CED973A5
C:\WINDOWS\system32\drivers\afd.sys 7AE4EBDC221235BF9E1008B515C0B8DB
C:\WINDOWS\System32\DRIVERS\ahcache.sys 56166D110D3ECFFC595E5FA02D9BA491
C:\WINDOWS\System32\drivers\amdk8.sys 62619E31AFF88F906A7E793AC4A9FF51
C:\WINDOWS\System32\drivers\amdppm.sys 735142DD039BEB35632765C41FC6E397
C:\WINDOWS\System32\drivers\amdsata.sys F1C16AABA27E9E153AEC7BD2AB853F30
C:\WINDOWS\System32\drivers\amdsbs.sys C834D0F1ECB8473E9E6D18EE1BCEECB2
C:\WINDOWS\System32\drivers\amdxata.sys 49203D2FFE30CBB36BE66A0E70F3D954
C:\WINDOWS\System32\drivers\appid.sys 3692C75C47285D388C886D162F54C430
C:\WINDOWS\System32\drivers\applockerfltr.sys 1E085E2302D568F0CE041732B3E887B0
C:\WINDOWS\System32\drivers\arcsas.sys B42C83DE28776B80DBA1310C56DD4F74
C:\WINDOWS\System32\drivers\asyncmac.sys C2151380227CD1F7DDA2401C1F151367
C:\WINDOWS\System32\drivers\atapi.sys 6191B9B2EE0E8CB957C683B9B341CC86
C:\WINDOWS\System32\drivers\bxvbda.sys A921805C1ED3253DF48FCA4D724173EB
C:\WINDOWS\System32\drivers\bam.sys 763CF81762483E244BAEB83DEFFC53F3
C:\WINDOWS\System32\drivers\BasicDisplay.sys 2A7267AA15E508F6D05A5B562F1FD1CE
C:\WINDOWS\System32\drivers\BasicRender.sys 2E1EE0F10FAF1250D1AC05BFB0E6BD3D
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys EDDAA3A563E7EB71C991FE91249C7D81
C:\WINDOWS\System32\DRIVERS\bowser.sys D030A1203680D66716F4E74053468627
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys A4863B7B1F0DB513D6E34547BACC211A
C:\WINDOWS\System32\drivers\BthEnum.sys 82BD96D56574231AD0E9BBF293EA2E7F
C:\WINDOWS\System32\drivers\bthhfenum.sys 9C9EE272C11252C651C5DE6A1AC1EDAA
C:\WINDOWS\System32\drivers\BthHFHid.sys 69734E386826ED857C889330F35B4D9C
C:\WINDOWS\system32\DRIVERS\bthl2cap.sys 338B8D45C7DFB03DB7957188E16C9661
C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 47BF82E2A6D11279C8501E08518AB835
C:\WINDOWS\System32\drivers\bthmodem.sys A94AFAEA86F5F792BB4ECA095B231464
C:\WINDOWS\System32\drivers\bthpan.sys 4F58D8C265FFA943878CF7F922432847
C:\WINDOWS\system32\DRIVERS\BTHport.sys D970480A59C314CC344118D7B185D7E6
C:\WINDOWS\system32\DRIVERS\BTHUSB.sys 55C836530A9602255BFB4F5D9DA2B737
C:\WINDOWS\System32\drivers\bttflt.sys 39E7437FC59CDD7A303ABD514E462E8B
C:\WINDOWS\System32\drivers\buttonconverter.sys 522888590B0C19BC8128119060AE7901
C:\WINDOWS\System32\drivers\CAD.sys 2AB01CE5E233A6FBA3E91BD57772AA4B
C:\WINDOWS\System32\drivers\capimg.sys F6F97879F53AD57194C6BC8272FD73EA
C:\WINDOWS\System32\DRIVERS\cdfs.sys 9E82A95D77AC78C84BA75FF896B060BF
C:\WINDOWS\System32\drivers\cdrom.sys 6D83565C1652E80447EDEA6947FA89D7
C:\WINDOWS\System32\drivers\cht4sx64.sys D81954CE5E016FD716EDDB2B2FD9BA58
C:\WINDOWS\System32\drivers\cht4vx64.sys F9A8570805807FFD66488F0A858E1308
C:\WINDOWS\System32\drivers\circlass.sys 9798D58461706930190F1F2F6BF21D80
C:\WINDOWS\System32\drivers\cldflt.sys 3B5973C9D50DE90CEB6D7DC85216AA86
C:\WINDOWS\System32\drivers\CLFS.sys 59D46CE57A49353A733D162DBA65A4FA
C:\WINDOWS\System32\drivers\CmBatt.sys 2BA3BA38B5A6A667B0EAEC477276707B
C:\WINDOWS\System32\Drivers\cng.sys B3CC988A9D8B8EC66ED2B7B7B3413652
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys C65AF00EF12A1755E7CA370B0C71935D
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys A50300498D56B2448F3593D25478D508
C:\WINDOWS\System32\drivers\condrv.sys 65602B0DB49199647FECB2D1212147BE
C:\WINDOWS\System32\drivers\dam.sys 72BE43ABD786E86AAE7EA2193201E100
C:\WINDOWS\System32\Drivers\dfsc.sys 9910E9CFF5ECDCB225F82E72CE9DE459
C:\WINDOWS\System32\drivers\disk.sys 811173C821171BB910219E53C7FD97AD
C:\WINDOWS\System32\drivers\dmvsc.sys 569FE16775E15A49DC904DE20BF8CAA0
C:\WINDOWS\System32\drivers\dptf_acpi.sys 225C4E9280B2AE38DCAA5E2FEFC437C2
C:\WINDOWS\System32\drivers\dptf_cpu.sys 4DD17AA07FA0A75E79B47E5B7F18964D
C:\WINDOWS\System32\drivers\drmkaud.sys F4800922F4ABA619585CE320A72E6389
C:\WINDOWS\System32\drivers\dxgkrnl.sys 0DF6B436F579E1DD23C8EBD61EE749E8
C:\WINDOWS\System32\drivers\evbda.sys C99D40C97841E0A7F0F90B8629593A97
C:\WINDOWS\System32\drivers\EhStorClass.sys 260BBD6B1ED06298E509B452354EDB91
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys F3BEBDC1B9DBA32F183079EAE6244837
C:\WINDOWS\System32\drivers\errdev.sys 1B63CA857FD03FD0A5A1379F2996784F
C:\WINDOWS\system32\DRIVERS\esif_lf.sys A63C10A6A6B09FED00046DDD313C2CC1
C:\Windows\System32\Drivers\exfat.sys F1ACA42D448E3986565EA54275EEEA65
C:\Windows\System32\Drivers\fastfat.sys 0AF4B36754A6EAE794EE4398E219A9E1
C:\WINDOWS\System32\drivers\fdc.sys 7CD8426A33F06EB72BFEC51F7C264AF8
C:\WINDOWS\System32\drivers\filecrypt.sys DE51BBBCF358188F9736F031546F9908
C:\WINDOWS\System32\drivers\fileinfo.sys 822F664952B0F8D11BB6BD2F11779602
C:\WINDOWS\System32\drivers\filetrace.sys 5A4935682A0D47A4EAC4BE3C2ACF74D6
C:\WINDOWS\System32\drivers\flpydisk.sys 60641F22D1D38EAD197C25F0339C9712
C:\WINDOWS\System32\drivers\fltmgr.sys 56F9EAA7099159759B2F6C523007A13F
C:\WINDOWS\System32\drivers\FsDepends.sys 5D8A0E58E3F82583697E3F07052435AA
C:\Windows\System32\Drivers\Fs_Rec.sys BB82CC2F51F7C3D5DCD13FA3B040D8F8
C:\WINDOWS\System32\DRIVERS\fvevol.sys 69C669540A850553AF9589DB05A2A7D0
C:\WINDOWS\System32\drivers\vmgencounter.sys 3B5DDF1061930A0A891FA63DB0CB878B
C:\WINDOWS\System32\drivers\genericusbfn.sys 8B34E3F794F652082D7E8AF112F71681
C:\WINDOWS\System32\Drivers\msgpioclx.sys 127C23F4720C8902A3AB0FEE12205317
C:\WINDOWS\System32\drivers\gpuenergydrv.sys C7DEA3458E50B691E69EFF0B47CBCCDB
C:\WINDOWS\System32\drivers\HDAudBus.sys 99A34FD1F6431A10D8C3BB50E170D0F2
C:\WINDOWS\System32\drivers\HidBatt.sys 2443FC6EEB9CF092B62127D867901B02
C:\WINDOWS\System32\drivers\hidbth.sys 205043CDC16ADE85E252DD54AE925161
C:\WINDOWS\System32\drivers\hidi2c.sys B521DDDC9038C066B1B957BF063A531A
C:\WINDOWS\System32\drivers\hidinterrupt.sys 5AC0EBFA76E93273A806176D3178E986
C:\WINDOWS\System32\drivers\hidir.sys 366AC0E05EBF5D5C375F65CD8BC7F0DF
C:\WINDOWS\System32\drivers\hidusb.sys 7CB54D02746024648FCE184FC3F941FF
C:\WINDOWS\System32\drivers\HpSAMD.sys 835FB95D85D362057A72D21A48C2C7F8
C:\WINDOWS\System32\drivers\HTTP.sys 717D6E92D0143BCC4C36976BFFD94753
C:\WINDOWS\System32\drivers\hvservice.sys 9F2CFC90306532866C62BDCDFD2532AA
C:\WINDOWS\System32\Drivers\mshwnclx.sys 3737FE486929AFC48F1D10677B698E52
C:\WINDOWS\System32\drivers\hwpolicy.sys 3C65EBF7F1BFD98426C355D66876ECEE
C:\WINDOWS\System32\drivers\hyperkbd.sys 7E00234C67A322988AFEA717D5609C9E
C:\WINDOWS\System32\drivers\HyperVideo.sys FBF5BB641DE99AE1DF4835E88D4F8993
C:\WINDOWS\System32\drivers\i8042prt.sys 56FF074E50F9042FD2856AB3418F4B18
C:\WINDOWS\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7
C:\WINDOWS\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys 435883A27A376B125BD4DF888417C85F
C:\WINDOWS\System32\drivers\iaStorV.sys 7118E4390C4ACDE61E280CE52BCAF44E
C:\WINDOWS\System32\drivers\ibbus.sys 9DBE8C359ABACE1BE1BBAB687D114506
C:\WINDOWS\system32\DRIVERS\ibtusb.sys 18F7B1E3C5DE1CC8B3D2BBF90F7350EF
C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys 254233E3FC59503A4B616A7ED47EAB3F
C:\WINDOWS\System32\drivers\IndirectKmd.sys 42CAF6216A6E516DC56BA319ACC7EEC5
C:\WINDOWS\system32\drivers\RTKVHD64.sys F36520B0C0832D8A9E04C3443468BD2B
C:\WINDOWS\system32\DRIVERS\IntcDAud.sys E300D1E37B737ED14F7A08CD5604E5D9
C:\WINDOWS\System32\drivers\intelide.sys 40943C1CD031ACE06A8374AD56B9E5EA
C:\WINDOWS\System32\drivers\intelpep.sys 327D9CCF5492543AEF3979F9EEAD02BE
C:\WINDOWS\System32\drivers\intelppm.sys 10F2757836F41BFAEA2AE19F6FE869B2
C:\WINDOWS\System32\drivers\invdimm.sys 8387E90B551B9B7F32EDC69909591E9E
C:\WINDOWS\System32\drivers\iorate.sys E207078E0E1BB3524277DB9077E4148E
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys FD8F64B7B345E539F2EA7F72846F83B4
C:\WINDOWS\System32\drivers\IPMIDrv.sys 8AAB863E72A4F9C578FED2EE3541545B
C:\WINDOWS\System32\drivers\ipnat.sys 7BEC2AF23F586EFF0DB4DBF4331B0C70
C:\WINDOWS\System32\drivers\ipt.sys 35A54F19E703D4FE5919F812F6CC5D0A
C:\WINDOWS\system32\drivers\irda.sys 359CDDBC825959DA28FA886B3C271B53
C:\WINDOWS\System32\drivers\irenum.sys F88664A2A82DDA456180FFF95A771765
C:\WINDOWS\System32\drivers\isapnp.sys 2296B158C43C306B0AC5B4D57EA9F0E1
C:\WINDOWS\System32\drivers\msiscsi.sys 2DC0765992CFECE3B13F3BFD20E69DCC
C:\WINDOWS\System32\drivers\kbdclass.sys E320F986BBE0CD9324EA0A193EBF29B1
C:\WINDOWS\System32\drivers\kbdhid.sys AFF5DDCC1A79217C9526FF5E01A69E89
C:\WINDOWS\System32\drivers\kdnic.sys 916E62AF3386F7A74603E5C545F6FF2D
C:\WINDOWS\System32\Drivers\ksecdd.sys 69FA8BEBADF807089FEFCD3F59CFAC1E
C:\WINDOWS\System32\Drivers\ksecpkg.sys C1081E2B36F77781167FD9401119B98E
C:\WINDOWS\system32\drivers\ksthunk.sys DD8C4726127CFE313233372D70787C37
C:\WINDOWS\System32\drivers\lltdio.sys CB5A6E117502156794F0DA9E61506006
C:\WINDOWS\System32\drivers\lsi_sas.sys 20048BEE892138A745B1C23EBB0E069F
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 9EAB16572B576979D585DDEDB12417CD
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 3B7B359C0870317106DF3438D4FF491D
C:\WINDOWS\System32\drivers\lsi_sss.sys 2DE03BA338A4B0ACDB416A30F1C7D56F
C:\WINDOWS\system32\drivers\luafv.sys 9A497169E145FCE2D8AA7DBC67377F64
C:\WINDOWS\System32\drivers\mausbhost.sys BF56CB9D02DEE8CA9CBA50220BE16F15
C:\WINDOWS\System32\drivers\mausbip.sys 01BDEE1FFF6D2216797DFEE4ABD937D9
C:\WINDOWS\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221
C:\WINDOWS\System32\drivers\megasas.sys C7B8B5053D646CBD30BE1BA6B487D396
C:\WINDOWS\System32\drivers\MegaSas2i.sys EB8ED3204499DDB2D3BA094A4563EE3E
C:\WINDOWS\System32\drivers\megasr.sys F1C1D4E752DE1D58295040E5BE8813AF
C:\WINDOWS\System32\drivers\mlx4_bus.sys 16B078D1089FEA98710C9D07C152DCEE
C:\WINDOWS\system32\drivers\mmcss.sys 20C57CE47B1A877C48A4B68E9A4E21FA
C:\WINDOWS\System32\drivers\modem.sys A4467A5C080318F0CCCF5ED463821F8B
C:\WINDOWS\System32\drivers\monitor.sys 78BE85C1F1C7F3AF6C87BCE127007D5A
C:\WINDOWS\System32\drivers\mouclass.sys 8E262B34A8BD184B4B3025AA8C396B00
C:\WINDOWS\System32\drivers\mouhid.sys C094A555F148495EA130D3BBC5232D5E
C:\WINDOWS\System32\drivers\mountmgr.sys 6434BC884502E95EEA2379C92DD22B60
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl1878536b.sys AA12FAF01013F63348B722D3588550FF
C:\WINDOWS\System32\drivers\mpsdrv.sys F36E4074C66DD31855A8D79EF0AE8066
C:\WINDOWS\system32\drivers\mrxdav.sys 215D672CB71987CD98EB2298EFB84DDC
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 34898F29BF0E9A84E183046318D17814
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys 6537678DEEA2A5B079052D75E21E46DA
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 87FF93E7420C9068C0D5B2F3109809F4
C:\WINDOWS\System32\drivers\bridge.sys 167408B38458ECAE545C57527BC99024
C:\Windows\System32\Drivers\Msfs.sys AE111778CA6AC08862B3C713F0413333
C:\WINDOWS\System32\drivers\msgpiowin32.sys 6DDDFCAB646BBBCFC583135C4430E10F
C:\WINDOWS\System32\drivers\mshidkmdf.sys 01C6A86BEA8279E557A5056148F068BF
C:\WINDOWS\System32\drivers\mshidumdf.sys F65ABC7DE945047147F17330F79732CB
C:\WINDOWS\System32\drivers\msisadrv.sys 05B23012427801E710BDD12720B9020B
C:\WINDOWS\System32\drivers\MSKSSRV.sys B25B2CD3E052D68075A3814AAA0C6421
C:\WINDOWS\System32\drivers\mslldp.sys C3F5EA6B9041A30B4F11BE2E7863E487
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 601D666820F0408B896791D19BE6D258
C:\WINDOWS\System32\drivers\MSPQM.sys 46E61FBA0097E48E5628C74A3F72233A
C:\Windows\System32\Drivers\MsRPC.sys 4EB9B77179BDEE89C496E60D4BF85CC1
C:\WINDOWS\System32\drivers\mssmbios.sys CBD56E0B55FB3672BA80382EC2F8835C
C:\WINDOWS\System32\drivers\MSTEE.sys 5734B2A36D3BB13A638E5305EEEC582D
C:\WINDOWS\System32\drivers\MTConfig.sys 85270E0DC6907C6B99F72A36F17AED34
C:\WINDOWS\System32\Drivers\mup.sys DB5B1539F5EBB3DD3A7ED25ADBC4D6D9
C:\WINDOWS\System32\drivers\mvumis.sys 3C57FF3BCF496D24C39C2198158864BB
C:\WINDOWS\System32\DRIVERS\nwifi.sys 8A9CD53B0FBE679116638120CCBB201E
C:\WINDOWS\System32\drivers\ndfltr.sys 77B047B109CE758A017F58FAE5038D0D
C:\WINDOWS\System32\drivers\ndis.sys 7FF306C78B0DC31192657B47539D5688
C:\WINDOWS\System32\drivers\ndiscap.sys 067AE5BA349CC35AF8975D22DC483DDF
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 6FC4D7EB5D38CFB7966405036116F065
C:\WINDOWS\System32\DRIVERS\ndistapi.sys ED7CC4E16B76B2603C9F827188EA63B4
C:\WINDOWS\System32\drivers\ndisuio.sys 8D977AFC195A3F4B15B05D02B2BD0292
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys DC1D26D62F40B7552BCF49D92774F0C5
C:\WINDOWS\System32\drivers\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\NDProxy.sys 8ABF5B8D5839F8DAE2E0D3165AE732F6
C:\WINDOWS\System32\drivers\Ndu.sys A791792DC412CCD83DA0AF6871682552
C:\WINDOWS\System32\drivers\NetAdapterCx.sys BE79982A50AC88BC0765F3AFECFCB596
C:\WINDOWS\System32\drivers\netbios.sys E899D26A0C2555AC30ACDD526056E51F
C:\WINDOWS\System32\DRIVERS\netbt.sys 7FC54F2AF5EC52C7AC05AD90FFC757E6
C:\WINDOWS\System32\drivers\netvsc.sys 680EB4AEA08EAC80C384E90E430DF16D
C:\WINDOWS\system32\DRIVERS\Netwtw04.sys 117446A20C33D5AF536D9F08907FBBB3
C:\Windows\System32\Drivers\Npfs.sys 84EB8F01B140618518AFF30B9951F132
C:\WINDOWS\System32\drivers\npsvctrig.sys 5CB8082E51DE7D19042F0FF8C517CB0D
C:\WINDOWS\System32\drivers\nsiproxy.sys 958921BB7AE2671983743FDA0DD587C4
C:\Windows\System32\Drivers\NTFS.sys E20EC8E25969ABD9F5FED6EDEA57EC0C
C:\Windows\System32\Drivers\Null.sys 0D1E03A5F87F4DE04D97622C686910A2
C:\WINDOWS\System32\drivers\nvdimmn.sys 532F27A2B62D70C327E763F035AED6C1
C:\WINDOWS\System32\drivers\nvraid.sys 7E04652EB1A476BC0A72ECDC613AF0C5
C:\WINDOWS\System32\drivers\nvstor.sys 880B3E874914DAEF97119876543AE117
C:\WINDOWS\System32\drivers\parport.sys 2E07EC2C1622F5E7B535D62DCD61F3AB
C:\WINDOWS\System32\drivers\partmgr.sys 023DDF9DE429B2E6F0BADA72AA98EF8B
C:\WINDOWS\System32\drivers\pci.sys 9BF965EE361849567DB1664BEDFA9569
C:\WINDOWS\System32\drivers\pciide.sys E5AF806815ED797086629741F29E4156
C:\WINDOWS\System32\drivers\pcmcia.sys 2A631D447B988AFBE847CBAA8E5CC298
C:\WINDOWS\System32\drivers\pcw.sys ACD510CF2B631A2D36B2CFB7D31E22FD
C:\WINDOWS\System32\drivers\pdc.sys 1796112EB89559910BC18865A29C8894
C:\WINDOWS\System32\drivers\peauth.sys F21127EDE5D72090A1B029AFF4AFFD17
C:\WINDOWS\System32\drivers\percsas2i.sys 35FD028E4323018202C0B7D115FD3AEF
C:\WINDOWS\System32\drivers\percsas3i.sys F9F3D8BE9BC9241CC726197261362AC4
C:\WINDOWS\System32\drivers\pmem.sys 36D43EA5517F3F4AAAC8EE061C957EF1
C:\WINDOWS\System32\drivers\pnpmem.sys 59048555B59FD69287CFAB6022B5CC86
C:\WINDOWS\System32\drivers\raspptp.sys AACA74DEF7BE3DED322411787494878B
C:\WINDOWS\System32\drivers\processr.sys B1111C47F128C946BDC87A18E44007EB
C:\WINDOWS\System32\drivers\pacer.sys 5818FE76C3C6AE0CA723EBE483BF447F
C:\WINDOWS\system32\drivers\qwavedrv.sys 16F9A6B593B52EB18F7ECB9D251BDF7A
C:\WINDOWS\System32\DRIVERS\ramdisk.sys 13600C467512147E99052806F2C1307A
C:\WINDOWS\System32\DRIVERS\rasacd.sys F57D1DE0C9522BCD590A69D044641B5A
C:\WINDOWS\System32\drivers\AgileVpn.sys ED0EE10911C16AD8B21B9003C90E968F
C:\WINDOWS\System32\drivers\rasl2tp.sys E0220BB6580D34001D4D1D133052DAA4
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 12EE1D92F4E5FAE4B6F65195A2016CE5
C:\WINDOWS\System32\drivers\rassstp.sys 91CE469015979E5B3C3DBC2C41A476E8
C:\WINDOWS\System32\DRIVERS\rdbss.sys 4525664EFB5EB71D4B155405F78D93DB
C:\WINDOWS\System32\drivers\rdpbus.sys 8A5285B38A203D15110E142DE68406DD
C:\WINDOWS\System32\drivers\rdpdr.sys DF83769C92527DB50653F8FB57D001FF
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 4D1A63ACEC42A88E52AFC4E84A8CE9EE
C:\WINDOWS\System32\drivers\rdyboost.sys 12AF835862F2B6B2FB9DEA8BA2288587
C:\Windows\System32\Drivers\ReFS.sys FB0577F6BC9E07549CEACF5224327499
C:\Windows\System32\Drivers\ReFSv1.sys 4136BCA61BCDCC79DCE145F9CB639CD6
C:\WINDOWS\System32\drivers\rfcomm.sys 5BF7698021DB13B55753FD921BEBE318
C:\WINDOWS\System32\drivers\rhproxy.sys BBC228CA2F96B784B01FE7F1C5E3CFBB
C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys CA864D504A5E56AF84A491B4AA1F8A98
C:\WINDOWS\System32\drivers\rspndr.sys 27B80E5766B114621980F82FB78E912A
C:\WINDOWS\System32\drivers\vms3cap.sys F0FA6B67B16EEFDEF8E8AFAD47A4F9B8
C:\WINDOWS\System32\drivers\sbp2port.sys 324FA3C337EB54B43448F7B08444DC8D
C:\WINDOWS\System32\DRIVERS\scfilter.sys 62A33CE69DB508BCEC63F4D3BFF400CE
C:\WINDOWS\System32\drivers\scmbus.sys 7B057373146CC4E5A1F1DA665EA55DC7
C:\WINDOWS\System32\drivers\sdbus.sys 0FB6CCFA52FE5AD0B8D86E8AB370EF34
C:\WINDOWS\System32\drivers\SDFRd.sys 6D3853838864886B4F10B074282772E0
C:\WINDOWS\System32\drivers\sdstor.sys C289832A3174DC9D393C7603C511DF79
C:\WINDOWS\System32\drivers\SerCx.sys 75A27472AFD009255DBDE52038E3BDB5
C:\WINDOWS\System32\drivers\SerCx2.sys 84005F54308109A022413D628E966412
C:\WINDOWS\System32\drivers\serenum.sys 40384793F74CFFA45BCC38DF65E978EC
C:\WINDOWS\System32\drivers\serial.sys 699470AD24D67908991A777716A352FD
C:\WINDOWS\System32\drivers\sermouse.sys 92453F065F52A8EF0328A926B2C9502F
C:\WINDOWS\System32\drivers\sfloppy.sys 1D8920C40F19B5FBA5F4897779840AD1
C:\WINDOWS\System32\drivers\SiSRaid2.sys A871F9CC9CF388DC7193D22EF8D8C8DF
C:\WINDOWS\System32\drivers\sisraid4.sys D30FC341550CC364880950152AE8B1C5
C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys 0AB5FBC526DC0CBE9033CE78284C7201
C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys ADFE78C4F1A328EC5BEC6EB4BC41EF06
C:\WINDOWS\System32\drivers\spaceport.sys B2ABF0F8A49752B5CD9DEE2EADF7416A
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys CCECE7E96B4F7B0E9F0FC82F6DADA917
C:\WINDOWS\System32\drivers\SpbCx.sys 545507AF670BC88B89200A118513ED9A
C:\WINDOWS\System32\DRIVERS\srv2.sys 41181D890542EB0E8D9822F73F9FD5D7
C:\WINDOWS\System32\DRIVERS\srvnet.sys 43480B3EE4D23F5AA8EE7C6D83B09487
C:\WINDOWS\System32\drivers\stexstor.sys 162A805E13B3C0DD06AE8B6FC1900156
C:\WINDOWS\System32\drivers\storahci.sys DD1F00B80DDD12252B7B228ABCE181A9
C:\WINDOWS\System32\drivers\vmstorfl.sys A12CFAAA0F113A25D8CEFE58B1CBB207
C:\WINDOWS\System32\drivers\stornvme.sys B6F8D1FA73F6E102AEA60D2BBD1DDF78
C:\WINDOWS\System32\drivers\storqosflt.sys 57377953F5688158054BC8CB5A243115
C:\WINDOWS\System32\drivers\storufs.sys B59D29E535AF7E82717C2AD2C57EEC67
C:\WINDOWS\System32\drivers\storvsc.sys 9B431079624306B5659B3B7208A71C75
C:\WINDOWS\System32\drivers\swenum.sys 027B27E4B9DB3931D64159B81BD915A0
C:\WINDOWS\System32\drivers\Synth3dVsc.sys AB15F9FDCD11D5283891BC956E8C5C95
C:\WINDOWS\System32\drivers\SynTP.sys 347F4B8DC1CAA234474AE79BF5207E2B
C:\WINDOWS\System32\drivers\tcpip.sys 9900BD38D592CF4EE6F2EAE3847A24D8
C:\WINDOWS\System32\drivers\tcpip.sys 9900BD38D592CF4EE6F2EAE3847A24D8
C:\WINDOWS\System32\drivers\tcpipreg.sys 74A1BF4093FA7B7D6C9366A39911A78E
C:\WINDOWS\system32\DRIVERS\tdx.sys 571D82ABAC428D902ACA0CF60373C039
C:\WINDOWS\System32\drivers\terminpt.sys B4B68E1DB59456419D9E49645729502A
C:\WINDOWS\System32\drivers\tpm.sys 1658D060057C85DEC82BFCB018C4C22F
C:\WINDOWS\System32\drivers\tsusbflt.sys 8D811209E34358EAD3FD8E40F657E59C
C:\WINDOWS\System32\drivers\TsUsbGD.sys 68DE1735FB020AE8948BD7B60F2EBD3B
C:\WINDOWS\System32\drivers\tunnel.sys ACD39B0E5CFDA7B1AB7DF33FC5CC0E46
C:\WINDOWS\System32\drivers\TXEIx64.sys 2CC59847A4E1B1829114C2607BA38794
C:\WINDOWS\System32\drivers\uaspstor.sys 04FC2C7F73AE58BF0DD674164E28A6DF
C:\WINDOWS\System32\Drivers\UcmCx.sys E437FC4B1833F6B745184F78C4921FB8
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 950A3E42167904CAB9AA64863C31CEB5
C:\WINDOWS\System32\drivers\UcmUcsi.sys 149CBBB74DFC3E52F242029A27B0F8EB
C:\WINDOWS\System32\drivers\ucx01000.sys E6E91B3980A495D2A9D28A09580EA993
C:\WINDOWS\System32\drivers\udecx.sys DACA289DFFA7658C04FEF6DCFA2AA9CE
C:\WINDOWS\System32\DRIVERS\udfs.sys 12383D410AEF99AD6979A8EFD3D61888
C:\WINDOWS\System32\drivers\UEFI.sys AB7FE51D818B6059C2F56FA62268CCAC
C:\WINDOWS\System32\drivers\ufx01000.sys 58447F28E697A93521DD20530A8D50ED
C:\WINDOWS\System32\drivers\UfxChipidea.sys 69ED2D00A7787D9D84E6C90CE0B02B2D
C:\WINDOWS\System32\drivers\ufxsynopsys.sys F061EC57330FBC597A4E7298BE667780
C:\WINDOWS\System32\drivers\umbus.sys D40BCED160D332005AF612E1228825E6
C:\WINDOWS\System32\drivers\umpass.sys 64CF24D7B1FA4975C52A31BF4C82EB73
C:\WINDOWS\System32\drivers\urschipidea.sys ACE4C3B4C7D17B154FFC5BBE5F7A9835
C:\WINDOWS\System32\drivers\urscx01000.sys ECE40EB976A5ACB366808AECF6B235BA
C:\WINDOWS\System32\drivers\urssynopsys.sys EB738F830D3E7EA62A218F101EF91FD4
C:\WINDOWS\System32\drivers\usbccgp.sys B43E28E5CF868517EEC0923AB2BC366B
C:\WINDOWS\System32\drivers\usbcir.sys 1080D80B5F6D249F23BAE1C0C36233A4
C:\WINDOWS\System32\drivers\usbehci.sys EE162DA2C92026A5B96ED89737975AA8
C:\WINDOWS\System32\drivers\usbhub.sys C27FEE9758E3BEDE4D48B5EDBE1122CF
C:\WINDOWS\System32\drivers\UsbHub3.sys 4FA9C956E569D0D380C2859542361780
C:\WINDOWS\System32\drivers\usbohci.sys 44B954306BB2B311E070EDA276FECAB1
C:\WINDOWS\System32\drivers\usbprint.sys EEF26F9034F0608B93D4D239534BB0BA
C:\WINDOWS\System32\drivers\usbser.sys 913CFF365DB1803525DBD2AA8B8188B4
C:\WINDOWS\System32\drivers\USBSTOR.SYS 441CAE778B6A1FF6E618E37814A7A52A
C:\WINDOWS\System32\drivers\usbuhci.sys 2D6BB2157B37B2D9DABF8C218F2A805B
C:\WINDOWS\System32\Drivers\usbvideo.sys 68788AE61B2E6A7D97CAD73B632F5BF5
C:\WINDOWS\System32\drivers\USBXHCI.SYS 41E5A6188180DC72BCECA999ED2532D4
C:\WINDOWS\System32\drivers\vdrvroot.sys C77C537077822D8EA529AD4EBFD971D6
C:\WINDOWS\System32\drivers\VerifierExt.sys 9D4EEE333603F3675685F644053499D5
C:\WINDOWS\System32\drivers\vhdmp.sys 9240C24121E3A581F8BC198413AEA06E
C:\WINDOWS\System32\drivers\vhf.sys E10FEBB566E1F0A3936AB304F338637E
C:\WINDOWS\System32\drivers\vmbus.sys 079B4378614A40A308F9C721A50C7B87
C:\WINDOWS\System32\drivers\VMBusHID.sys DC9E0600B356258E31403789119C78A9
C:\WINDOWS\System32\drivers\vmgid.sys B24F74B2710B66F647419697BDB9E163
C:\WINDOWS\System32\drivers\vnvdimm.sys D81F6B790519A60F3D1788B45D04B749
C:\WINDOWS\System32\drivers\volmgr.sys C9052650BBF2124CD525A26D5C2A6671
C:\WINDOWS\System32\drivers\volmgrx.sys 6D6CACED512C1EF1FEAC215E37E3A9BC
C:\WINDOWS\System32\drivers\volsnap.sys 5B27846CF4B1C21AFB3A35A8336BA02F
C:\WINDOWS\System32\drivers\volume.sys 72A95A844D6BAF2924A4C15BEDFD6BCA
C:\WINDOWS\System32\drivers\vpci.sys 702273C7C1BE9D366BAF1305D382F03C
C:\WINDOWS\System32\drivers\vsmraid.sys 075CE3C9E77D2666AFA888951E5F07A9
C:\WINDOWS\System32\drivers\vstxraid.sys 26D00E85BE4726B114335250FCDEDA89
C:\WINDOWS\System32\drivers\vwifibus.sys 3DFDB573E4D49EA8F416B573525B7A86
C:\WINDOWS\System32\drivers\vwififlt.sys A40FA64655AB5B8773A96A821616C5FC
C:\WINDOWS\System32\drivers\vwifimp.sys 0D34F98DBDF09D239533AC345C360F03
C:\WINDOWS\System32\drivers\wacompen.sys 5B5430522E0BDF2A753D758710BE7C5E
C:\WINDOWS\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\WINDOWS\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\WINDOWS\system32\drivers\wcifs.sys 520E4FD6B5BF5349DD1499F2AEFB7C50
C:\WINDOWS\system32\drivers\wcnfs.sys 9DE3FDFF295F2534DF0A8B6FC4F06355
C:\WINDOWS\System32\drivers\WdBoot.sys 6FD8F1FBED780A7F3DF329C834E52AC5
C:\WINDOWS\System32\drivers\Wdf01000.sys FCC960498E3CD899F0A429F7CF9E77AD
C:\WINDOWS\System32\drivers\WdFilter.sys 7D182F0F227FC141C5D2085175BE05F6
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 2D50C46EFE924BC24F63A45D2DB1AA3A
C:\WINDOWS\System32\Drivers\WdNisDrv.sys 0D38C257A7B34A818726BA2F323B196E
C:\WINDOWS\System32\drivers\wdnsfltr.sys DF58AA71FBA55E15F572C93447696DEC
C:\WINDOWS\System32\drivers\wfplwfs.sys 8E101DF42D36E04EC610581BA478B38F
C:\WINDOWS\System32\drivers\wimmount.sys C8D3FC38426E990E2787771678B19C6D
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys 0484B0D01EA6F7017519EBDDBADE759D
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 813EE0F4D4B8D599DB1968682D080732
C:\WINDOWS\System32\drivers\winmad.sys E23475E9150E6A50B12DB176EA5CDD56
C:\WINDOWS\System32\drivers\winnat.sys EABEF39BBEEDB3845C36893931DADCD1
C:\WINDOWS\System32\drivers\WinUSB.SYS E92F3539C4758F6A9F4B80CBAC75B3E6
C:\WINDOWS\System32\drivers\winverbs.sys 59126AFCC64270747B5CC9B44A4A48F4
C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys 569FB3D619213F226CBB60F9CB8FE1BD
C:\WINDOWS\System32\drivers\wmiacpi.sys E8C793ED028E132771988760819E3754
C:\Windows\System32\Drivers\Wof.sys 8D6E6F6C233AF450C50FA615530B44D2
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 9EAE1EF282864674355B4B81DF6AE935
C:\WINDOWS\system32\drivers\ws2ifsl.sys 367B3ED0C688AFE28C376B0230814567
C:\WINDOWS\System32\drivers\WudfPf.sys BD5E68B369DF3453A0A87663C6C5476D
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\System32\drivers\xboxgip.sys 2244A4CEFE8F9C74091369ACE2E9EBC6
C:\WINDOWS\System32\drivers\xinputhid.sys 4A91B49C6B1E41151D47CB919ADF013A

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-22 06:03 - 2018-01-22 06:04 - 000031862 _____ C:\Users\pp\Desktop\FRST.txt
2018-01-22 06:03 - 2018-01-22 06:03 - 000000000 ____D C:\FRST
2018-01-22 06:02 - 2018-01-22 06:02 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-22 06:02 - 2018-01-22 06:02 - 000000993 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2018-01-22 06:02 - 2018-01-22 06:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-22 06:02 - 2018-01-22 06:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-22 05:25 - 2018-01-22 05:25 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-22 05:25 - 2018-01-22 05:25 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-22 05:25 - 2018-01-22 05:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-22 05:25 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-22 05:24 - 2018-01-22 05:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-22 05:24 - 2018-01-22 05:24 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-22 05:23 - 2018-01-22 05:25 - 000096112 _____ C:\TDSSKiller.3.1.0.15_22.01.2018_05.23.09_log.txt
2018-01-22 05:21 - 2018-01-22 05:22 - 000002466 _____ C:\Users\pp\Desktop\Rkill.txt
2018-01-22 05:21 - 2018-01-22 05:21 - 000000000 ____D C:\Users\pp\Desktop\rkill
2018-01-22 05:18 - 2018-01-22 05:16 - 083316440 _____ (Malwarebytes ) C:\Users\pp\Desktop\mb3-setup-1878.1878-3.3.1.2183.exe
2018-01-22 05:18 - 2018-01-22 05:16 - 008206624 _____ (Malwarebytes) C:\Users\pp\Desktop\AdwCleaner.exe
2018-01-22 05:18 - 2018-01-22 05:16 - 005660870 _____ (Swearware) C:\Users\pp\Desktop\ComboFix.exe
2018-01-22 05:18 - 2018-01-22 05:16 - 004922400 _____ (AO Kaspersky Lab) C:\Users\pp\Desktop\tdsskiller.exe
2018-01-22 05:18 - 2018-01-22 05:16 - 002393088 _____ (Farbar) C:\Users\pp\Desktop\FRST64.exe
2018-01-22 05:18 - 2018-01-22 05:16 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\pp\Desktop\rkill.exe
2018-01-21 12:12 - 2018-01-21 12:12 - 000002946 _____ C:\Users\pp\Documents\].xml
2018-01-21 11:56 - 2018-01-21 11:56 - 000000000 ____D C:\Users\pp\AppData\Local\MicrosoftEdge
2018-01-21 10:53 - 2018-01-21 10:53 - 000000000 ____D C:\Users\pp\AppData\Local\Comms
2018-01-21 10:47 - 2018-01-21 10:47 - 000000000 ____D C:\Users\pp\AppData\Local\Microsoft_Corporation
2018-01-21 10:44 - 2018-01-21 10:44 - 000000000 ____D C:\Users\pp\AppData\Local\DBG
2018-01-21 10:39 - 2018-01-21 11:54 - 000000000 ___RD C:\Users\pp\OneDrive
2018-01-21 10:37 - 2018-01-21 10:37 - 000000000 ____D C:\ProgramData\USOShared
2018-01-21 10:37 - 2018-01-21 10:37 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-01-21 10:36 - 2018-01-21 10:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-21 10:36 - 2018-01-21 10:36 - 000000000 ____D C:\Users\pp\AppData\Local\Publishers
2018-01-21 10:35 - 2018-01-21 11:53 - 000862320 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-21 10:35 - 2018-01-21 10:53 - 000000000 ____D C:\Users\pp\AppData\Local\Packages
2018-01-21 10:35 - 2018-01-21 10:39 - 000000000 ____D C:\Users\pp
2018-01-21 10:35 - 2018-01-21 10:35 - 000000020 ___SH C:\Users\pp\ntuser.ini
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ___RD C:\Users\pp\3D Objects
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ____D C:\Users\pp\AppData\Roaming\Synaptics
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ____D C:\Users\pp\AppData\Roaming\Adobe
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ____D C:\Users\pp\AppData\Local\VirtualStore
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ____D C:\Users\pp\AppData\Local\ConnectedDevicesPlatform
2018-01-21 10:32 - 2017-09-29 05:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-01-21 10:31 - 2018-01-21 10:31 - 000000000 _SHDL C:\Users\Default User
2018-01-21 10:31 - 2018-01-21 10:31 - 000000000 _SHDL C:\Users\All Users
2018-01-21 10:31 - 2018-01-21 10:31 - 000000000 _SHDL C:\Documents and Settings
2018-01-21 10:31 - 2018-01-21 10:31 - 000000000 ____D C:\ProgramData\Synaptics
2018-01-21 10:27 - 2018-01-21 10:27 - 000077175 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-01-21 10:27 - 2018-01-21 10:27 - 000003222 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_Session
2018-01-21 10:27 - 2018-01-21 10:27 - 000003194 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-01-21 10:27 - 2018-01-21 10:27 - 000002058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2018-01-21 10:27 - 2018-01-21 10:27 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-01-21 10:27 - 2018-01-21 10:27 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-01-21 10:27 - 2018-01-21 10:27 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2018-01-21 10:27 - 2018-01-21 10:27 - 000000000 ____D C:\ProgramData\SRS Labs
2018-01-21 10:27 - 2018-01-21 10:27 - 000000000 ____D C:\Program Files\Realtek
2018-01-21 10:26 - 2018-01-21 11:49 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-01-21 10:26 - 2018-01-21 11:49 - 000000000 ____D C:\Intel
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____D C:\Program Files\Intel
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____D C:\Program Files (x86)\Intel
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2018-01-21 10:26 - 2017-05-15 00:55 - 000103912 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-01-21 10:26 - 2017-05-15 00:55 - 000099816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-01-21 10:25 - 2018-01-22 05:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-21 10:25 - 2018-01-21 11:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-21 10:25 - 2018-01-21 10:25 - 000222832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-21 10:25 - 2018-01-21 10:25 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-01-21 10:12 - 2018-01-21 10:13 - 000000000 ____D C:\Windows.old
2018-01-21 10:12 - 2018-01-21 10:12 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-01-21 10:12 - 2018-01-21 10:12 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-01-21 10:11 - 2018-01-21 10:11 - 000000000 ____D C:\Program Files\Synaptics
2018-01-21 10:09 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\Setup
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\0409
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\OCR
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\DigitalLocker
2018-01-21 10:02 - 2017-12-22 05:45 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-01-21 10:02 - 2017-12-22 05:45 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-21 09:59 - 2018-01-21 09:55 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2018-01-21 09:59 - 2018-01-21 09:55 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2018-01-21 09:59 - 2018-01-21 09:55 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2018-01-21 09:58 - 2018-01-22 06:02 - 000000000 ___RD C:\Program Files (x86)
2018-01-21 09:58 - 2018-01-21 10:53 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-21 09:58 - 2018-01-21 10:53 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-21 09:58 - 2018-01-21 10:37 - 000000000 ____D C:\ProgramData\USOPrivate
2018-01-21 09:58 - 2018-01-21 10:32 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-01-21 09:58 - 2018-01-21 10:32 - 000000000 ____D C:\WINDOWS\system32\spool
2018-01-21 09:58 - 2018-01-21 10:32 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-01-21 09:58 - 2018-01-21 10:29 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-01-21 09:58 - 2018-01-21 10:28 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-01-21 09:58 - 2018-01-21 10:28 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-01-21 09:58 - 2018-01-21 10:12 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\Program Files\Windows Defender
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\setup
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\com
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\IME
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\Help
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\Program Files\Common Files\system
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 __RSD C:\WINDOWS\media
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 __RHD C:\Users\Public\Libraries
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Web
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Vss
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\tracing
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\TAPI
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SystemResources
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SystemApps
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\winevt
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\ras
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\IME
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\ias
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\System
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SKB
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\security
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\schemas
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SchCache
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Resources
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\rescache
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Registration
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\PLA
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Performance
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\InputMethod
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Globalization
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Cursors
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Branding
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\appcompat
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\addins
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files\Windows Security
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files\windows nt
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files\Common Files\Services
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-01-21 09:58 - 2018-01-21 09:55 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2018-01-21 09:58 - 2018-01-21 09:55 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2018-01-21 09:58 - 2018-01-21 09:55 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2018-01-21 09:58 - 2018-01-21 09:55 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2018-01-21 09:58 - 2018-01-21 09:55 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2018-01-21 09:58 - 2018-01-21 09:55 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2018-01-21 09:58 - 2018-01-21 09:55 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2018-01-21 09:58 - 2018-01-21 09:55 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2018-01-21 09:58 - 2018-01-21 09:55 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2018-01-21 09:58 - 2018-01-21 09:55 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2018-01-21 09:58 - 2018-01-21 09:55 - 000000219 _____ C:\WINDOWS\system.ini
2018-01-21 09:58 - 2018-01-21 09:55 - 000000092 _____ C:\WINDOWS\win.ini
2018-01-21 09:56 - 2018-01-22 05:40 - 000000000 ____D C:\WINDOWS\INF
2018-01-21 09:51 - 2018-01-21 11:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-21 09:49 - 2018-01-21 11:48 - 080216064 _____ C:\WINDOWS\system32\config\SYSTEM
2018-01-21 09:49 - 2018-01-21 11:48 - 070254592 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-01-21 09:49 - 2018-01-21 11:48 - 000262144 _____ C:\WINDOWS\system32\config\DEFAULT
2018-01-21 09:49 - 2018-01-21 11:48 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-01-21 09:49 - 2018-01-21 11:48 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2018-01-21 09:49 - 2018-01-21 10:31 - 000000000 ____D C:\WINDOWS\Panther
2018-01-21 09:49 - 2018-01-21 10:26 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-21 09:49 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\servicing
2018-01-21 09:49 - 2018-01-21 10:03 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2018-01-21 09:49 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\SMI
2018-01-21 09:36 - 2018-01-21 10:13 - 000000000 ___HD C:\$SysReset
2018-01-16 14:11 - 2017-08-18 02:23 - 000055384 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2018-01-16 14:11 - 2017-08-18 02:23 - 000053848 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF.sys
2018-01-16 13:59 - 2018-01-01 04:50 - 005905752 ____N (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-16 13:59 - 2018-01-01 04:49 - 008605080 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-16 13:59 - 2018-01-01 04:48 - 007831760 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-16 13:59 - 2018-01-01 04:41 - 007676296 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-16 13:59 - 2018-01-01 04:38 - 003904808 ____N (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-16 13:59 - 2018-01-01 04:34 - 007385088 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-16 13:59 - 2018-01-01 04:23 - 021352144 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-16 13:59 - 2018-01-01 03:45 - 006092152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-16 13:59 - 2018-01-01 03:42 - 006479552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-16 13:59 - 2018-01-01 03:37 - 025247232 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-16 13:59 - 2018-01-01 03:24 - 003668480 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-16 13:59 - 2018-01-01 03:20 - 019337216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-16 13:59 - 2018-01-01 03:20 - 018917888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-16 13:59 - 2018-01-01 03:19 - 008014848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-16 13:59 - 2018-01-01 03:17 - 011923968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-16 13:59 - 2018-01-01 03:15 - 012687872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-16 13:59 - 2018-01-01 03:15 - 006029312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-16 13:59 - 2018-01-01 03:14 - 023655936 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-16 13:59 - 2018-01-01 03:13 - 013657600 ____N (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-16 13:59 - 2018-01-01 03:13 - 012830208 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-16 13:59 - 2018-01-01 03:11 - 008108544 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-16 13:59 - 2018-01-01 03:11 - 004748288 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-16 13:59 - 2018-01-01 03:11 - 003165696 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-16 13:59 - 2017-12-07 14:10 - 006466048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-01-16 13:59 - 2017-12-07 14:02 - 007545344 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-01-16 13:59 - 2017-11-26 12:35 - 017084416 ____N (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-01-16 13:59 - 2017-11-26 12:32 - 021754368 ____N (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-01-16 13:59 - 2017-11-26 05:29 - 003010720 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-01-16 13:59 - 2017-11-26 05:29 - 002573208 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-01-16 13:59 - 2017-11-26 05:27 - 002446744 ____N (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-01-16 13:59 - 2017-11-26 05:23 - 001694224 ____N (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-01-16 13:59 - 2017-11-26 04:18 - 003186688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-01-16 13:59 - 2017-11-26 04:08 - 017159680 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-01-16 13:59 - 2017-11-26 04:04 - 002596352 ____N (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-01-16 13:59 - 2017-11-26 04:03 - 002783744 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-01-16 13:59 - 2017-11-26 03:59 - 004814848 ____N (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-01-16 13:59 - 2017-11-26 03:01 - 002339296 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-01-16 13:59 - 2017-11-26 02:36 - 013703168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-01-16 13:59 - 2017-11-26 02:28 - 004249600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-01-16 13:59 - 2017-11-18 23:35 - 003331520 ____N C:\WINDOWS\system32\Windows.Mirage.dll
2018-01-16 13:59 - 2017-11-18 18:20 - 002491112 ____N C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-01-16 13:59 - 2017-10-24 20:27 - 006791472 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-01-16 13:59 - 2017-10-24 20:20 - 002717392 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-01-16 13:59 - 2017-10-24 19:22 - 006015200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-01-16 13:59 - 2017-10-24 19:22 - 002465848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-01-16 13:59 - 2017-10-24 19:13 - 002972672 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-01-16 13:59 - 2017-10-09 22:49 - 001554216 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-01-16 13:58 - 2018-01-01 09:15 - 000956416 ____N (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-16 13:58 - 2018-01-01 04:54 - 000924648 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-16 13:58 - 2018-01-01 04:53 - 001090984 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-16 13:58 - 2018-01-01 04:52 - 000066712 ____N (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-16 13:58 - 2018-01-01 04:51 - 001414784 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-16 13:58 - 2018-01-01 04:51 - 001209240 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-16 13:58 - 2018-01-01 04:51 - 001055128 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-16 13:58 - 2018-01-01 04:51 - 000191816 ____N (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-16 13:58 - 2018-01-01 04:51 - 000059800 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-16 13:58 - 2018-01-01 04:50 - 000780464 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-16 13:58 - 2018-01-01 04:50 - 000479912 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-16 13:58 - 2018-01-01 04:50 - 000077208 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-16 13:58 - 2018-01-01 04:49 - 000599448 ____N (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-16 13:58 - 2018-01-01 04:49 - 000319352 ____N (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-16 13:58 - 2018-01-01 04:49 - 000292376 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-16 13:58 - 2018-01-01 04:48 - 001954048 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-16 13:58 - 2018-01-01 04:48 - 000382360 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-16 13:58 - 2018-01-01 04:47 - 000649304 ____N (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-16 13:58 - 2018-01-01 04:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-16 13:58 - 2018-01-01 04:46 - 002709704 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-16 13:58 - 2018-01-01 04:46 - 000898216 ____N (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-16 13:58 - 2018-01-01 04:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-16 13:58 - 2018-01-01 04:46 - 000471960 ____N (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-16 13:58 - 2018-01-01 04:45 - 002395032 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-16 13:58 - 2018-01-01 04:45 - 001277848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-16 13:58 - 2018-01-01 04:45 - 000398744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-16 13:58 - 2018-01-01 04:43 - 001173576 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-16 13:58 - 2018-01-01 04:43 - 000367336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-16 13:58 - 2018-01-01 04:43 - 000062872 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-16 13:58 - 2018-01-01 04:42 - 001029016 ____N (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-16 13:58 - 2018-01-01 04:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-16 13:58 - 2018-01-01 04:42 - 000494488 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-16 13:58 - 2018-01-01 04:42 - 000184984 ____N (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-16 13:58 - 2018-01-01 04:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-16 13:58 - 2018-01-01 04:41 - 000559512 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-16 13:58 - 2018-01-01 04:41 - 000549552 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-16 13:58 - 2018-01-01 04:40 - 001206680 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-16 13:58 - 2018-01-01 04:39 - 000902416 ____N (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-16 13:58 - 2018-01-01 04:39 - 000677784 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-16 13:58 - 2018-01-01 04:39 - 000508264 ____N (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-16 13:58 - 2018-01-01 04:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-16 13:58 - 2018-01-01 04:39 - 000129432 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-16 13:58 - 2018-01-01 04:38 - 000727448 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-16 13:58 - 2018-01-01 04:38 - 000519152 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-16 13:58 - 2018-01-01 04:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-16 13:58 - 2018-01-01 04:38 - 000038808 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-16 13:58 - 2018-01-01 04:37 - 001426664 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-16 13:58 - 2018-01-01 04:37 - 000461720 ____N (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-16 13:58 - 2018-01-01 04:36 - 000413888 ____N (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-16 13:58 - 2018-01-01 04:36 - 000374032 ____N (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-16 13:58 - 2018-01-01 04:36 - 000166296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-16 13:58 - 2018-01-01 04:36 - 000113560 ____N (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-16 13:58 - 2018-01-01 04:36 - 000057752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-16 13:58 - 2018-01-01 04:35 - 001170008 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-16 13:58 - 2018-01-01 04:35 - 000075160 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-16 13:58 - 2018-01-01 04:34 - 001336344 ____N (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-16 13:58 - 2018-01-01 04:34 - 000260896 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-16 13:58 - 2018-01-01 04:34 - 000087384 ____N (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-16 13:58 - 2018-01-01 04:33 - 002773400 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-16 13:58 - 2018-01-01 04:33 - 000603920 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-16 13:58 - 2018-01-01 04:32 - 004481240 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-16 13:58 - 2018-01-01 04:32 - 000617304 ____N (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-16 13:58 - 2018-01-01 04:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-16 13:58 - 2018-01-01 04:27 - 000163736 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-16 13:58 - 2018-01-01 04:26 - 000428952 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-16 13:58 - 2018-01-01 04:26 - 000081304 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-16 13:58 - 2018-01-01 04:25 - 000615768 ____N (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-16 13:58 - 2018-01-01 04:25 - 000147864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-16 13:58 - 2018-01-01 04:21 - 001103768 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-16 13:58 - 2018-01-01 04:21 - 000614296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-16 13:58 - 2018-01-01 04:06 - 000311192 ____N (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-16 13:58 - 2018-01-01 04:03 - 000777904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-16 13:58 - 2018-01-01 04:03 - 000650328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-16 13:58 - 2018-01-01 04:03 - 000566664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-16 13:58 - 2018-01-01 04:03 - 000123512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-16 13:58 - 2018-01-01 03:53 - 001615712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-16 13:58 - 2018-01-01 03:49 - 000481464 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-16 13:58 - 2018-01-01 03:49 - 000258808 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-16 13:58 - 2018-01-01 03:46 - 003485392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-16 13:58 - 2018-01-01 03:46 - 000289816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-16 13:58 - 2018-01-01 03:45 - 005615968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-16 13:58 - 2018-01-01 03:45 - 002192624 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-16 13:58 - 2018-01-01 03:45 - 000450928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-16 13:58 - 2018-01-01 03:43 - 020286120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 004644912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 001246432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 001003152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000982528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000386424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000129184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000074992 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-16 13:58 - 2018-01-01 03:34 - 000703568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 002905600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-16 13:58 - 2018-01-01 03:25 - 001008640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 000475648 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 000344576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 000097792 ____N C:\WINDOWS\system32\runexehelper.exe
2018-01-16 13:58 - 2018-01-01 03:24 - 000240640 ____N (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-16 13:58 - 2018-01-01 03:24 - 000202240 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-16 13:58 - 2018-01-01 03:24 - 000096256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-16 13:58 - 2018-01-01 03:24 - 000038912 ____N (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 001313792 ____N (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000561152 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000536576 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-16 13:58 - 2018-01-01 03:23 - 000250368 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000232960 ____N (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-16 13:58 - 2018-01-01 03:23 - 000121344 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000080384 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-16 13:58 - 2018-01-01 03:23 - 000047104 ____N (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-16 13:58 - 2018-01-01 03:22 - 000031744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-16 13:58 - 2018-01-01 03:22 - 000025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-16 13:58 - 2018-01-01 03:22 - 000017408 ____N (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000268288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000233984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-16 13:58 - 2018-01-01 03:21 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000097280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000097280 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-16 13:58 - 2018-01-01 03:21 - 000080896 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-16 13:58 - 2018-01-01 03:21 - 000062976 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-16 13:58 - 2018-01-01 03:20 - 000524288 ____N (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000459776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000397824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000225792 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-16 13:58 - 2018-01-01 03:20 - 000215552 ____N (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000212992 ____N (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000204288 ____N (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000186368 ____N (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000175616 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000134656 ____N (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000104960 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000082432 ____N (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-16 13:58 - 2018-01-01 03:20 - 000035328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000795136 ____N (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000675328 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000461312 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000450048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000430080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000416768 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-16 13:58 - 2018-01-01 03:19 - 000369152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000366080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000365568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000340480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-16 13:58 - 2018-01-01 03:19 - 000334848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000316928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-16 13:58 - 2018-01-01 03:19 - 000188416 ____N (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000174592 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000149504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000142848 ____N (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000097792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000093696 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000079872 ____N (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000073216 ____N (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-16 13:58 - 2018-01-01 03:19 - 000063488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000043008 ____N (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000748032 ____N (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000699904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000588800 ____N (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000465920 ____N (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000436224 ____N (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000432640 ____N (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000431616 ____N (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000427008 ____N (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000425984 ____N (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000391168 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000380928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000374784 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000369664 ____N (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000343040 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000336896 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000276480 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000261632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000259072 ____N (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000210944 ____N (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000144896 ____N (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000082944 ____N (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 006564864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 001485312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000791552 ____N (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000708096 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000616960 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000594432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000568832 ____N (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000559104 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000555520 ____N (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000542208 ____N (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000456704 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000423936 ____N (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000341504 ____N (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000228352 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-16 13:58 - 2018-01-01 03:17 - 000112640 ____N (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 005833216 ____N (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 004839424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 003676672 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000966656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000956928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000831488 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000815616 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000812544 ____N (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000720896 ____N (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000668160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000664576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000624128 ____N (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000594944 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000463360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000401920 ____N (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000235008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000086528 ____N (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000076288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 002349568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 001657856 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 001245184 ____N (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000970240 ____N (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000951808 ____N (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000756736 ____N (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000588800 ____N (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000434176 ____N (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000366080 ____N (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000258560 ____N (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 002465280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 001495040 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 001097728 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 001003008 ____N (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 000985600 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 000917504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 000870912 ____N (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 003121664 ____N (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 002869760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 002013184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-16 13:58 - 2018-01-01 03:13 - 001559552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 001474560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 000897024 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 002633216 ____N (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 002208768 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 001573376 ____N (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 001547776 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 001424896 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 000760320 ____N (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-16 13:58 - 2018-01-01 03:12 - 000464384 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 003334144 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 002859520 ____N (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 002082304 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-16 13:58 - 2018-01-01 03:11 - 001822208 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001816576 ____N (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001597952 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001343488 ____N (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001231872 ____N (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 000880640 ____N (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 000812032 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 000715776 ____N (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-16 13:58 - 2018-01-01 03:10 - 003126272 ____N (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-16 13:58 - 2018-01-01 03:10 - 002528256 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-16 13:58 - 2018-01-01 03:10 - 000012800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 001487872 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 000925184 ____N (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 000666624 ____N (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 000599552 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-16 13:58 - 2018-01-01 03:08 - 000963072 ____N (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-16 13:58 - 2018-01-01 03:08 - 000726016 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-16 13:58 - 2018-01-01 03:08 - 000685056 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-16 13:58 - 2018-01-01 03:08 - 000505344 ____N (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-16 13:58 - 2018-01-01 03:06 - 000018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-16 13:58 - 2018-01-01 03:05 - 002510848 ____N (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-16 13:58 - 2018-01-01 03:05 - 001160704 ____N (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-16 13:58 - 2018-01-01 03:05 - 000050176 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-16 13:58 - 2017-12-07 22:52 - 000666112 ____N (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-01-16 13:58 - 2017-12-07 15:34 - 001925296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-01-16 13:58 - 2017-12-07 15:34 - 001634288 ____N (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-01-16 13:58 - 2017-12-07 15:28 - 000710912 ____N (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-01-16 13:58 - 2017-12-07 15:28 - 000630752 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2018-01-16 13:58 - 2017-12-07 15:27 - 004504456 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-01-16 13:58 - 2017-12-07 15:26 - 000525208 ____N (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-01-16 13:58 - 2017-12-07 15:24 - 000705944 ____N (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-01-16 13:58 - 2017-12-07 15:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-01-16 13:58 - 2017-12-07 15:24 - 000246168 ____N (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-01-16 13:58 - 2017-12-07 15:22 - 001003104 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-01-16 13:58 - 2017-12-07 15:22 - 000979352 ____N (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-01-16 13:58 - 2017-12-07 15:22 - 000137544 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-01-16 13:58 - 2017-12-07 15:16 - 001776272 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-01-16 13:58 - 2017-12-07 15:15 - 000721592 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-01-16 13:58 - 2017-12-07 15:12 - 000401304 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2018-01-16 13:58 - 2017-12-07 14:56 - 001528904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-01-16 13:58 - 2017-12-07 14:55 - 001490328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-01-16 13:58 - 2017-12-07 14:55 - 000097144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-01-16 13:58 - 2017-12-07 14:37 - 001145104 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-01-16 13:58 - 2017-12-07 14:36 - 000769096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2018-01-16 13:58 - 2017-12-07 14:33 - 000747416 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-01-16 13:58 - 2017-12-07 14:33 - 000592280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-01-16 13:58 - 2017-12-07 14:31 - 001522176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-01-16 13:58 - 2017-12-07 14:12 - 000101376 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2018-01-16 13:58 - 2017-12-07 14:10 - 000150528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-01-16 13:58 - 2017-12-07 14:10 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-01-16 13:58 - 2017-12-07 14:09 - 001663488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2018-01-16 13:58 - 2017-12-07 14:09 - 000235520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-01-16 13:58 - 2017-12-07 14:09 - 000147456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2018-01-16 13:58 - 2017-12-07 14:09 - 000143360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2018-01-16 13:58 - 2017-12-07 14:09 - 000136704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2018-01-16 13:58 - 2017-12-07 14:08 - 000514560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2018-01-16 13:58 - 2017-12-07 14:08 - 000206336 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2018-01-16 13:58 - 2017-12-07 14:08 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000254976 ____N (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000246272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000172544 ____N (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-01-16 13:58 - 2017-12-07 14:06 - 000676352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-01-16 13:58 - 2017-12-07 14:06 - 000174080 ____N (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2018-01-16 13:58 - 2017-12-07 14:06 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2018-01-16 13:58 - 2017-12-07 14:05 - 001670656 ____N (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000559616 ____N (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000539136 ____N (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000481792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000363008 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000306688 ____N (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000222208 ____N (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2018-01-16 13:58 - 2017-12-07 14:05 - 000019456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2018-01-16 13:58 - 2017-12-07 14:04 - 001498112 ____N (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-01-16 13:58 - 2017-12-07 14:04 - 001321472 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 001230848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000841728 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000708096 ____N (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000308736 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000085504 ____N (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2018-01-16 13:58 - 2017-12-07 14:02 - 002864640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2018-01-16 13:58 - 2017-12-07 14:02 - 002117632 ____N (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2018-01-16 13:58 - 2017-12-07 14:02 - 000496640 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 004592640 ____N (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 001980928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 000601088 ____N (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 000021504 ____N (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2018-01-16 13:58 - 2017-12-07 14:00 - 001509888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-01-16 13:58 - 2017-12-07 13:59 - 002105856 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-01-16 13:58 - 2017-12-07 13:59 - 001666048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-01-16 13:58 - 2017-12-07 13:59 - 001058304 ____N (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-01-16 13:58 - 2017-12-07 13:58 - 003478016 ____N (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2018-01-16 13:58 - 2017-12-07 13:58 - 003211776 ____N (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-01-16 13:58 - 2017-12-07 13:58 - 001353728 ____N (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-01-16 13:58 - 2017-12-07 13:56 - 002666496 ____N (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2018-01-16 13:58 - 2017-12-07 13:56 - 001739264 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-01-16 13:58 - 2017-12-07 13:54 - 001570816 ____N (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-01-16 13:58 - 2017-11-26 12:15 - 000882688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-01-16 13:58 - 2017-11-26 08:43 - 000618496 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-01-16 13:58 - 2017-11-26 05:45 - 001642520 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-01-16 13:58 - 2017-11-26 05:45 - 000264040 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-01-16 13:58 - 2017-11-26 05:45 - 000198888 ____N (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-01-16 13:58 - 2017-11-26 05:41 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-01-16 13:58 - 2017-11-26 05:38 - 001636376 ____N (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-01-16 13:58 - 2017-11-26 05:32 - 000373656 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-01-16 13:58 - 2017-11-26 05:31 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-01-16 13:58 - 2017-11-26 05:30 - 001488792 ____N (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-01-16 13:58 - 2017-11-26 05:29 - 000891800 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-01-16 13:58 - 2017-11-26 05:29 - 000840440 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2018-01-16 13:58 - 2017-11-26 05:29 - 000749976 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-01-16 13:58 - 2017-11-26 05:29 - 000703536 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-01-16 13:58 - 2017-11-26 05:29 - 000436120 ____N (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-01-16 13:58 - 2017-11-26 05:28 - 001259344 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-01-16 13:58 - 2017-11-26 05:28 - 001012120 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2018-01-16 13:58 - 2017-11-26 05:28 - 000495000 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-01-16 13:58 - 2017-11-26 05:28 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-01-16 13:58 - 2017-11-26 05:27 - 002412168 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-01-16 13:58 - 2017-11-26 05:27 - 000464408 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-01-16 13:58 - 2017-11-26 05:27 - 000230296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-01-16 13:58 - 2017-11-26 05:26 - 000048112 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-01-16 13:58 - 2017-11-26 05:23 - 001054280 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-01-16 13:58 - 2017-11-26 05:23 - 000754688 ____N (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-01-16 13:58 - 2017-11-26 05:22 - 000404888 ____N (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-01-16 13:58 - 2017-11-26 05:21 - 001585376 ____N (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-01-16 13:58 - 2017-11-26 05:21 - 000654048 ____N (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-01-16 13:58 - 2017-11-26 04:57 - 001664000 ____N (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 001289216 ____N (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000329728 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000301056 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000211456 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-01-16 13:58 - 2017-11-26 04:55 - 000175104 ____N (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000084992 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-01-16 13:58 - 2017-11-26 04:54 - 000327680 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-01-16 13:58 - 2017-11-26 04:54 - 000092160 ____N (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-01-16 13:58 - 2017-11-26 04:47 - 002890240 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-01-16 13:58 - 2017-11-26 04:43 - 000239104 ____N (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-01-16 13:58 - 2017-11-26 04:36 - 000169472 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-01-16 13:58 - 2017-11-26 04:36 - 000168448 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2018-01-16 13:58 - 2017-11-26 04:36 - 000041472 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2018-01-16 13:58 - 2017-11-26 04:35 - 000170496 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2018-01-16 13:58 - 2017-11-26 04:35 - 000057856 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-01-16 13:58 - 2017-11-26 04:34 - 000126464 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2018-01-16 13:58 - 2017-11-26 04:33 - 000361984 ____N (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2018-01-16 13:58 - 2017-11-26 04:31 - 000529408 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-01-16 13:58 - 2017-11-26 04:31 - 000115200 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-01-16 13:58 - 2017-11-26 04:29 - 000474112 ____N (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2018-01-16 13:58 - 2017-11-26 04:29 - 000238080 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-01-16 13:58 - 2017-11-26 04:28 - 000394752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-01-16 13:58 - 2017-11-26 04:26 - 000830464 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2018-01-16 13:58 - 2017-11-26 04:26 - 000770048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-01-16 13:58 - 2017-11-26 04:26 - 000432640 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 001425408 ____N (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000516096 ____N (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000354304 ____N (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000292864 ____N (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000266752 ____N (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-01-16 13:58 - 2017-11-26 04:19 - 001167360 ____N (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-01-16 13:58 - 2017-11-26 04:19 - 000887296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-01-16 13:58 - 2017-11-26 04:19 - 000059392 ____N (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2018-01-16 13:58 - 2017-11-26 04:18 - 000556544 ____N (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-01-16 13:58 - 2017-11-26 04:17 - 001054720 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-01-16 13:58 - 2017-11-26 04:05 - 000462336 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-01-16 13:58 - 2017-11-26 04:04 - 003578368 ____N (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-01-16 13:58 - 2017-11-26 04:03 - 004772352 ____N (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-01-16 13:58 - 2017-11-26 04:00 - 000899584 ____N (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-01-16 13:58 - 2017-11-26 03:59 - 000259072 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-01-16 13:58 - 2017-11-26 03:58 - 000151040 ____N (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2018-01-16 13:58 - 2017-11-26 03:48 - 000534528 ____N (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2018-01-16 13:58 - 2017-11-26 03:48 - 000079360 ____N (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2018-01-16 13:58 - 2017-11-26 03:21 - 001474680 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-01-16 13:58 - 2017-11-26 03:21 - 001432816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-01-16 13:58 - 2017-11-26 03:02 - 001124760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000791960 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-01-16 13:58 - 2017-11-26 03:01 - 000746904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000590944 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000506256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000354200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-01-16 13:58 - 2017-11-26 03:00 - 001990160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-01-16 13:58 - 2017-11-26 03:00 - 000353848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-01-16 13:58 - 2017-11-26 02:58 - 001148216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-01-16 13:58 - 2017-11-26 02:58 - 001057824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-01-16 13:58 - 2017-11-26 02:51 - 001558856 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-01-16 13:58 - 2017-11-26 02:51 - 000661664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 002393600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 001470976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 000372224 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 000065536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-01-16 13:58 - 2017-11-26 02:40 - 000160256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-01-16 13:58 - 2017-11-26 02:38 - 000271872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2018-01-16 13:58 - 2017-11-26 02:37 - 000098304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-01-16 13:58 - 2017-11-26 02:36 - 000444928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-01-16 13:58 - 2017-11-26 02:36 - 000351232 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2018-01-16 13:58 - 2017-11-26 02:36 - 000315392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2018-01-16 13:58 - 2017-11-26 02:35 - 000557056 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2018-01-16 13:58 - 2017-11-26 02:35 - 000293888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2018-01-16 13:58 - 2017-11-26 02:35 - 000242176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-01-16 13:58 - 2017-11-26 02:31 - 000660480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-01-16 13:58 - 2017-11-26 02:31 - 000456704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-01-16 13:58 - 2017-11-26 02:30 - 004385280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-01-16 13:58 - 2017-11-26 02:30 - 002859520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2018-01-16 13:58 - 2017-11-26 02:29 - 000823808 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-01-16 13:58 - 2017-11-26 02:24 - 000614912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2018-01-16 13:58 - 2017-11-26 02:24 - 000068096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2018-01-16 13:58 - 2017-10-25 01:11 - 000336896 ____N (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2018-01-16 13:58 - 2017-10-24 20:41 - 000362176 ____N (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2018-01-16 13:58 - 2017-10-24 20:40 - 000612760 ____N (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-01-16 13:58 - 2017-10-24 20:40 - 000269696 ____N C:\WINDOWS\system32\FaceProcessorCore.dll
2018-01-16 13:58 - 2017-10-24 20:39 - 000479912 ____N (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2018-01-16 13:58 - 2017-10-24 20:37 - 000610712 ____N (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-01-16 13:58 - 2017-10-24 20:31 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-01-16 13:58 - 2017-10-24 20:30 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-01-16 13:58 - 2017-10-24 20:29 - 002269080 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 20:29 - 001507736 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-01-16 13:58 - 2017-10-24 20:27 - 001970520 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:27 - 001454568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:27 - 001377080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:27 - 001015008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000975872 ____N C:\WINDOWS\system32\FaceProcessor.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000135168 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000095744 ____N (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000056320 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-01-16 13:58 - 2017-10-24 19:16 - 000227328 ____N (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-01-16 13:58 - 2017-10-24 19:16 - 000114688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2018-01-16 13:58 - 2017-10-24 19:14 - 000046080 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2018-01-16 13:58 - 2017-10-24 19:12 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-01-16 13:58 - 2017-10-24 19:11 - 000768512 ____N (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-01-16 13:58 - 2017-10-24 19:09 - 001806336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2018-01-16 13:58 - 2017-10-24 19:08 - 000654848 ____N (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2018-01-16 13:58 - 2017-10-24 19:08 - 000487424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-01-16 13:58 - 2017-10-24 19:07 - 000064512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2018-01-16 13:58 - 2017-10-24 19:05 - 000022528 ____N (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2018-01-16 13:58 - 2017-10-24 19:04 - 000124928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2018-01-16 13:58 - 2017-10-24 19:04 - 000041984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2018-01-16 13:58 - 2017-10-24 19:02 - 000591872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-01-16 13:58 - 2017-10-24 18:58 - 001280000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2018-01-16 13:58 - 2017-10-24 18:54 - 000022528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2018-01-16 13:58 - 2017-10-19 21:08 - 000339968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-01-16 13:58 - 2017-10-09 23:11 - 000739696 ____N (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-01-16 13:58 - 2017-10-09 22:54 - 001463856 ____N (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-01-16 13:58 - 2017-10-09 22:49 - 000060824 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2018-01-16 13:58 - 2017-10-09 22:43 - 000418712 ____N (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2018-01-16 13:58 - 2017-10-09 22:31 - 001323840 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-01-16 13:58 - 2017-10-09 22:11 - 000597160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-01-16 13:58 - 2017-10-09 22:07 - 001261864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-01-16 13:58 - 2017-10-09 22:06 - 000353688 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2018-01-16 13:58 - 2017-10-09 21:43 - 000566272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2018-01-16 13:58 - 2017-10-09 21:43 - 000070656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2018-01-16 13:58 - 2017-10-09 21:42 - 000326144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2018-01-16 13:58 - 2017-10-09 21:34 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-01-16 13:58 - 2017-10-09 21:34 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-01-16 13:58 - 2017-10-09 21:33 - 000086016 ____N (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2018-01-16 13:58 - 2017-10-09 21:33 - 000058880 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2018-01-16 13:58 - 2017-10-09 21:31 - 000665088 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2018-01-16 13:58 - 2017-10-09 21:31 - 000478208 ____N (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2018-01-16 13:58 - 2017-10-09 21:30 - 000442880 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2018-01-16 13:58 - 2017-10-09 21:24 - 000285696 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-01-16 13:58 - 2017-10-03 14:42 - 000640512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2018-01-16 13:58 - 2017-10-03 14:42 - 000008704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2018-01-16 12:47 - 2016-01-05 17:50 - 000328920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsP2Stor.sys
2018-01-16 12:47 - 2015-12-18 10:06 - 004330200 _____ (TODO: <Company name>) C:\WINDOWS\RtCRU64.exe
2018-01-16 12:47 - 2014-10-20 17:50 - 000083160 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
2018-01-16 12:47 - 2014-01-27 13:39 - 009890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 001804688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01011.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 001392792 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\esif_uf.exe
2018-01-16 12:42 - 2015-10-30 02:32 - 000971944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 000668840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 000260072 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\esif_lf.sys
2018-01-16 12:42 - 2015-10-30 02:31 - 000055784 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\dptf_acpi.sys
2018-01-16 12:42 - 2015-10-30 02:31 - 000052200 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\dptf_cpu.sys
2017-11-09 01:55 - 2017-11-09 01:55 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-11-09 01:55 - 2017-11-09 01:55 - 000532368 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-11-09 01:55 - 2017-11-09 01:55 - 000381400 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-11-09 01:55 - 2017-11-09 01:55 - 000166192 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 003410320 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 003121112 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000986992 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-11-09 01:45 - 2017-11-09 01:45 - 000866632 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 003562432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 003509192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 001351232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 001016920 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000877424 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000868176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000737960 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000691672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000526280 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000387304 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000321704 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000088336 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-11-09 01:34 - 2017-11-09 01:34 - 001617728 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-11-09 01:34 - 2017-11-09 01:34 - 001529128 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-11-09 01:33 - 2017-11-09 01:33 - 000609384 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2017-11-09 01:33 - 2017-11-09 01:33 - 000115120 _____ (Conexant System, Inc.) C:\WINDOWS\system32\Caf64api.dll
2017-11-09 01:27 - 2017-11-09 01:27 - 003677152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-11-09 01:27 - 2017-11-09 01:27 - 003205592 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-11-09 01:27 - 2017-11-09 01:27 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-11-09 01:26 - 2017-11-09 01:26 - 072520704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-11-09 01:26 - 2017-11-09 01:26 - 006033832 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-11-09 01:26 - 2017-11-09 01:26 - 002922976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-11-09 01:26 - 2017-11-09 01:26 - 000023680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-11-09 01:25 - 2017-11-09 01:25 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-11-09 01:01 - 2017-11-09 01:01 - 014848602 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-11-09 01:01 - 2017-11-09 01:01 - 000005604 _____ C:\WINDOWS\system32\cxapo.lncs
2017-11-09 01:01 - 2017-11-09 01:01 - 000003780 _____ C:\WINDOWS\system32\cxapo.prop

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{4a678cf4-fb02-11e7-95eb-806e6f6e6963}
{4a678cf3-fb02-11e7-95eb-806e6f6e6963}
timeout 20

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {abb9ba91-fed6-11e7-bb9e-ed071e87330a}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 0

Firmware Application (101fffff)
-------------------------------
identifier {4a678cf3-fb02-11e7-95eb-806e6f6e6963}
description EFI USB Device

Firmware Application (101fffff)
-------------------------------
identifier {4a678cf4-fb02-11e7-95eb-806e6f6e6963}
description Internal Hard Disk or Solid State Disk

Windows Boot Loader
-------------------
identifier {254aa7c9-f984-11e7-b26a-ce11479db281}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{254aa7ca-f984-11e7-b26a-ce11479db281}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride PushButtonReset
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{254aa7ca-f984-11e7-b26a-ce11479db281}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {254aa7c9-f984-11e7-b26a-ce11479db281}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {abb9ba91-fed6-11e7-bb9e-ed071e87330a}
nx OptIn
bootmenupolicy Standard

Resume from Hibernate
---------------------
identifier {abb9ba91-fed6-11e7-bb9e-ed071e87330a}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {254aa7c9-f984-11e7-b26a-ce11479db281}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {254aa7ca-f984-11e7-b26a-ce11479db281}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi


LastRegBack: 2018-01-21 10:25

==================== End of FRST.txt ============================

#7 SomeTiredPerson

SomeTiredPerson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 22 January 2018 - 05:23 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by pp (administrator) on DESKTOP-JVRUI6V (22-01-2018 13:42:08)
Running from C:\Users\pp\Desktop
Loaded Profiles: pp (Available Profiles: pp)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (All) =================
(Microsoft Corporation) C:\Windows\System32\smss.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\wininit.exe
(Microsoft Corporation) C:\Windows\System32\services.exe
(Microsoft Corporation) C:\Windows\System32\lsass.exe
(Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\spoolsv.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\winlogon.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\sihost.exe
(Microsoft Corporation) C:\Windows\System32\taskhostw.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\ctfmon.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\ApplicationFrameHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\taskhostw.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Farbar) C:\Users\pp\Desktop\FRST64.exe

==================== Registry (All) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe, [32256 2017-09-29] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [3904808 2018-01-01] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [3485392 2018-01-01] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [20488312 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [20488312 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3542715463-485064358-3187586401-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKLM\...\Providers\Internet Print Provider: C:\WINDOWS\system32\inetpp.dll [173568 2017-09-29] (Microsoft Corporation)
HKLM\...\Providers\LanMan Print Services: C:\WINDOWS\system32\win32spl.dll [837120 2017-09-29] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File
BootExecute: autocheck autochk *
AlternateShell: cmd.exe
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (All) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488 2018-01-01] (Microsoft Corporation)
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [334744 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5-x64 01 C:\Windows\system32\napinsp.dll [67072 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5-x64 02 C:\Windows\system32\pnrpnsp.dll [84992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [84992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5-x64 04 C:\Windows\system32\NLAapi.dll [79872 2018-01-01] (Microsoft Corporation)
Winsock: Catalog5-x64 05 C:\Windows\System32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5-x64 06 C:\Windows\System32\winrnr.dll [31232 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Windows\System32\wshbth.dll [63488 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 12 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
Winsock: Catalog9-x64 13 C:\Windows\system32\mswsock.dll [402992 2017-09-29] (Microsoft Corporation)
ManualProxies: 1198.168.0.1:80

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-3542715463-485064358-3187586401-1001\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-3542715463-485064358-3187586401-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-3542715463-485064358-3187586401-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
URLSearchHook: HKU\S-1-5-21-3542715463-485064358-3187586401-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-3542715463-485064358-3187586401-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2018-01-01] (Microsoft Corporation)
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2018-01-01] (Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll [2018-01-01] (Microsoft Corporation)
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll [2018-01-01] (Microsoft Corporation)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll [2017-09-29] (Microsoft Corporation)
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll [2017-09-29] (Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2018-01-01] (Microsoft Corporation)
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2018-01-01] (Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2018-01-01] (Microsoft Corporation)
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2018-01-01] (Microsoft Corporation)
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2018-01-01] (Microsoft Corporation)
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2018-01-01] (Microsoft Corporation)
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2018-01-01] (Microsoft Corporation)
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2018-01-01] (Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2017-12-07] (Microsoft Corporation)
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2017-12-07] (Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2018-01-01] (Microsoft Corporation)
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2018-01-01] (Microsoft Corporation)
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2018-01-01] (Microsoft Corporation)
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2018-01-01] (Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2018-01-01] (Microsoft Corporation)
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2018-01-01] (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll [2018-01-01] (Microsoft Corporation)
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll [2018-01-01] (Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2018-01-01] (Microsoft Corporation)
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2018-01-01] (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2017-12-07] (Microsoft Corporation)
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2017-12-07] (Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2018-01-01] (Microsoft Corporation)
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2018-01-01] (Microsoft Corporation)
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2017-09-29] (Microsoft Corporation)
Handler-x32: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2017-09-29] (Microsoft Corporation)
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll [2017-09-29] (Microsoft Corporation)
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll [2017-09-29] (Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2018-01-01] (Microsoft Corporation)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2018-01-01] (Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2017-09-29] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2017-09-29] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe

FireFox:
========
FF Extension: (Default) - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-11-12] [Legacy] [not signed]
FF Extension: (Activity Stream) - C:\Program Files\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi [2017-11-12] [Legacy] [not signed]
FF Extension: (Application Update Service Helper) - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi [2017-11-12] [Legacy] [not signed]
FF Extension: (Multi-process staged rollout) - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi [2017-11-12] [Legacy] [not signed]
FF Extension: (Pocket) - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi [2017-11-12] [Legacy] [not signed]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-11-12] [Legacy] [not signed]
FF Extension: (Form Autofill) - C:\Program Files\Mozilla Firefox\browser\features\formautofill@mozilla.org.xpi [2017-11-12] [Legacy] [not signed]
FF Extension: (Photon onboarding) - C:\Program Files\Mozilla Firefox\browser\features\onboarding@mozilla.org.xpi [2017-11-12] [Legacy] [not signed]
FF Extension: (Firefox Screenshots) - C:\Program Files\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi [2017-11-12] [Legacy] [not signed]
FF Extension: (Shield Recipe Client) - C:\Program Files\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-11-12] [Legacy] [not signed]
FF Extension: (Web Compat) - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi [2017-11-12] [Legacy] [not signed]
FF HKLM\...\Mozilla Firefox 57.0\Extensions: [Components] - C:\Program Files\Mozilla Firefox\components => not found
FF HKLM\...\Mozilla Firefox 57.0\Extensions: [Plugins] - C:\Program Files\Mozilla Firefox\plugins => not found
StartMenuInternet: Firefox-308046B0AF4A39CB - "C:\Program Files\Mozilla Firefox\firefox.exe"
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\channel-prefs.js [2017-11-12]

==================== Services (All) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AJRouter; C:\WINDOWS\System32\AJRouter.dll [25088 2017-09-29] (Microsoft Corporation)
S3 ALG; C:\WINDOWS\System32\alg.exe [92672 2017-09-29] (Microsoft Corporation)
S3 AppIDSvc; C:\WINDOWS\System32\appidsvc.dll [120320 2017-09-29] (Microsoft Corporation)
R3 Appinfo; C:\WINDOWS\System32\appinfo.dll [144896 2018-01-01] (Microsoft Corporation)
S3 AppReadiness; C:\WINDOWS\system32\AppReadiness.dll [636416 2017-09-29] (Microsoft Corporation)
R3 AppXSvc; C:\WINDOWS\system32\appxdeploymentserver.dll [3165696 2018-01-01] (Microsoft Corporation)
R2 AudioEndpointBuilder; C:\WINDOWS\System32\AudioEndpointBuilder.dll [685056 2018-01-01] (Microsoft Corporation)
R2 Audiosrv; C:\WINDOWS\System32\Audiosrv.dll [1487872 2018-01-01] (Microsoft Corporation)
S3 AxInstSV; C:\WINDOWS\System32\AxInstSV.dll [110592 2017-09-29] (Microsoft Corporation)
S3 BDESVC; C:\WINDOWS\System32\bdesvc.dll [387072 2017-09-29] (Microsoft Corporation)
R2 BFE; C:\WINDOWS\System32\bfe.dll [841216 2017-09-29] (Microsoft Corporation)
R2 BITS; C:\WINDOWS\System32\qmgr.dll [1345536 2017-09-29] (Microsoft Corporation)
R2 BrokerInfrastructure; C:\WINDOWS\System32\bisrv.dll [812544 2018-01-01] (Microsoft Corporation)
S3 Browser; C:\WINDOWS\System32\browser.dll [132608 2017-09-29] (Microsoft Corporation)
S3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [456704 2017-09-29] (Microsoft Corporation)
R3 bthserv; C:\WINDOWS\system32\bthserv.dll [181760 2017-09-29] (Microsoft Corporation)
S3 camsvc; C:\WINDOWS\system32\CapabilityAccessManager.dll [227328 2017-10-24] (Microsoft Corporation)
R2 CDPSvc; C:\WINDOWS\System32\CDPSvc.dll [696832 2017-09-29] (Microsoft Corporation)
S2 CDPUserSvc; C:\WINDOWS\System32\CDPUserSvc.dll [484352 2017-09-29] (Microsoft Corporation)
R2 CDPUserSvc_3621b8; C:\WINDOWS\system32\svchost.exe [48688 2017-09-29] (Microsoft Corporation)
R2 CDPUserSvc_3621b8; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
S3 CertPropSvc; C:\WINDOWS\System32\certprop.dll [188928 2017-09-29] (Microsoft Corporation)
S3 ClipSVC; C:\WINDOWS\System32\ClipSVC.dll [824888 2017-09-29] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\WINDOWS\system32\coremessaging.dll [898216 2018-01-01] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\WINDOWS\SysWOW64\coremessaging.dll [566664 2018-01-01] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [301504 2017-05-15] (Intel Corporation)
R2 CryptSvc; C:\WINDOWS\system32\cryptsvc.dll [94720 2017-09-29] (Microsoft Corporation)
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [1117184 2017-09-29] (Microsoft Corporation)
S3 defragsvc; C:\WINDOWS\System32\defragsvc.dll [486400 2017-09-29] (Microsoft Corporation)
R3 DeviceAssociationService; C:\WINDOWS\system32\das.dll [456192 2017-09-29] (Microsoft Corporation)
S3 DeviceInstall; C:\WINDOWS\system32\umpnpmgr.dll [114688 2017-09-29] (Microsoft Corporation)
S3 DevicesFlowUserSvc; C:\WINDOWS\System32\DevicesFlowBroker.dll [696320 2017-09-29] (Microsoft Corporation)
S3 DevicesFlowUserSvc_3621b8; C:\WINDOWS\system32\svchost.exe [48688 2017-09-29] (Microsoft Corporation)
S3 DevicesFlowUserSvc_3621b8; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
S3 DevQueryBroker; C:\WINDOWS\system32\DevQueryBroker.dll [33792 2017-09-29] (Microsoft Corporation)
R2 Dhcp; C:\WINDOWS\system32\dhcpcore.dll [379392 2017-09-29] (Microsoft Corporation)
R2 Dhcp; C:\WINDOWS\SysWOW64\dhcpcore.dll [314880 2017-09-29] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [85504 2017-09-29] (Microsoft Corporation)
S3 diagsvc; C:\WINDOWS\system32\DiagSvc.dll [213504 2017-09-29] (Microsoft Corporation)
R2 DiagTrack; C:\WINDOWS\system32\diagtrack.dll [2633216 2018-01-01] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\WINDOWS\system32\Windows.Internal.Management.dll [702464 2017-09-29] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll [516608 2017-09-29] (Microsoft Corporation)
S3 dmwappushservice; C:\WINDOWS\system32\dmwappushsvc.dll [57856 2017-09-29] (Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [286720 2017-09-29] (Microsoft Corporation)
S3 DoSvc; C:\WINDOWS\system32\dosvc.dll [1345024 2017-09-29] (Microsoft Corporation)
S3 dot3svc; C:\WINDOWS\System32\dot3svc.dll [253440 2017-09-29] (Microsoft Corporation)
R2 DPS; C:\WINDOWS\system32\dps.dll [167936 2017-09-29] (Microsoft Corporation)
R3 DsmSvc; C:\WINDOWS\System32\DeviceSetupManager.dll [238080 2017-11-26] (Microsoft Corporation)
R3 DsSvc; C:\WINDOWS\System32\DsSvc.dll [151552 2017-09-29] (Microsoft Corporation)
R2 DusmSvc; C:\WINDOWS\System32\dusmsvc.dll [334848 2018-01-01] (Microsoft Corporation)
S3 Eaphost; C:\WINDOWS\System32\eapsvc.dll [109056 2017-09-29] (Microsoft Corporation)
S3 EFS; C:\WINDOWS\system32\efssvc.dll [57856 2017-09-29] (Microsoft Corporation)
S3 embeddedmode; C:\WINDOWS\System32\embeddedmodesvc.dll [165376 2017-09-29] (Microsoft Corporation)
S3 EntAppSvc; C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll [302592 2017-09-29] (Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
R2 EventLog; C:\WINDOWS\System32\wevtsvc.dll [1816576 2018-01-01] (Microsoft Corporation)
R2 EventSystem; C:\WINDOWS\system32\es.dll [450560 2017-09-29] (Microsoft Corporation)
R2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [332288 2017-09-29] (Microsoft Corporation)
S3 Fax; C:\WINDOWS\system32\fxssvc.exe [640512 2017-09-29] (Microsoft Corporation)
S3 fdPHost; C:\WINDOWS\system32\fdPHost.dll [20992 2017-09-29] (Microsoft Corporation)
S3 FDResPub; C:\WINDOWS\system32\fdrespub.dll [34816 2017-09-29] (Microsoft Corporation)
S3 fhsvc; C:\WINDOWS\system32\fhsvc.dll [122368 2017-09-29] (Microsoft Corporation)
R2 FontCache; C:\WINDOWS\system32\FntCache.dll [1968128 2017-09-29] (Microsoft Corporation)
S3 FrameServer; C:\WINDOWS\system32\FrameServer.dll [666112 2017-09-29] (Microsoft Corporation)
S2 gpsvc; C:\WINDOWS\System32\gpsvc.dll [1275904 2017-09-29] (Microsoft Corporation)
S3 GraphicsPerfSvc; C:\WINDOWS\System32\GraphicsPerfSvc.dll [70144 2017-09-29] (Microsoft Corporation)
S3 hidserv; C:\WINDOWS\system32\hidserv.dll [33792 2017-09-29] (Microsoft Corporation)
S3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [29696 2017-09-29] (Microsoft Corporation)
S3 HomeGroupListener; C:\WINDOWS\system32\ListSvc.dll [270336 2017-09-29] (Microsoft Corporation)
S3 HomeGroupProvider; C:\WINDOWS\system32\provsvc.dll [465408 2017-09-29] (Microsoft Corporation)
S3 HomeGroupProvider; C:\WINDOWS\SysWOW64\provsvc.dll [396288 2017-09-29] (Microsoft Corporation)
S3 HvHost; C:\WINDOWS\System32\hvhostsvc.dll [59800 2017-09-29] (Microsoft Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel Corporation)
S3 icssvc; C:\WINDOWS\System32\tetheringservice.dll [208384 2017-09-29] (Microsoft Corporation)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373696 2017-05-15] (Intel Corporation)
R2 IKEEXT; C:\WINDOWS\System32\ikeext.dll [984064 2017-09-29] (Microsoft Corporation)
S3 InstallService; C:\WINDOWS\system32\InstallService.dll [1313792 2018-01-01] (Microsoft Corporation)
S3 InstallService; C:\WINDOWS\SysWOW64\InstallService.dll [1008640 2018-01-01] (Microsoft Corporation)
R2 iphlpsvc; C:\WINDOWS\System32\iphlpsvc.dll [820224 2017-09-29] (Microsoft Corporation)
S3 IpxlatCfgSvc; C:\WINDOWS\System32\IpxlatCfg.dll [63488 2017-09-29] (Microsoft Corporation)
S3 irmon; C:\WINDOWS\System32\irmon.dll [24576 2017-09-29] (Microsoft Corporation)
R3 KeyIso; C:\WINDOWS\system32\keyiso.dll [90112 2017-09-29] (Microsoft Corporation)
R3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [71680 2017-09-29] (Microsoft Corporation)
S3 KtmRm; C:\WINDOWS\system32\msdtckrm.dll [368128 2017-09-29] (Microsoft Corporation)
R2 LanmanServer; C:\WINDOWS\system32\srvsvc.dll [270848 2017-09-29] (Microsoft Corporation)
R2 LanmanWorkstation; C:\WINDOWS\System32\wkssvc.dll [276480 2017-09-29] (Microsoft Corporation)
R3 lfsvc; C:\WINDOWS\System32\lfsvc.dll [46080 2017-09-29] (Microsoft Corporation)
R3 LicenseManager; C:\WINDOWS\system32\LicenseManagerSvc.dll [48640 2017-09-29] (Microsoft Corporation)
S3 lltdsvc; C:\WINDOWS\System32\lltdsvc.dll [267264 2017-09-29] (Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\System32\lmhsvc.dll [26112 2017-09-29] (Microsoft Corporation)
R2 LSM; C:\WINDOWS\System32\lsm.dll [699392 2017-09-29] (Microsoft Corporation)
S2 MapsBroker; C:\WINDOWS\System32\moshost.dll [86016 2017-09-29] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MessagingService; C:\WINDOWS\System32\MessagingService.dll [52224 2017-09-29] (Microsoft Corporation)
S3 MessagingService_3621b8; C:\WINDOWS\system32\svchost.exe [48688 2017-09-29] (Microsoft Corporation)
S3 MessagingService_3621b8; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [194000 2017-11-12] (Mozilla Foundation)
R2 MpsSvc; C:\WINDOWS\system32\mpssvc.dll [925184 2018-01-01] (Microsoft Corporation)
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [146944 2017-09-29] (Microsoft Corporation)
S3 MSiSCSI; C:\WINDOWS\system32\iscsiexe.dll [150528 2017-09-29] (Microsoft Corporation)
S3 msiserver; C:\WINDOWS\System32\msiexec.exe [65536 2017-09-29] (Microsoft Corporation)
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [59904 2017-09-29] (Microsoft Corporation)
S3 NaturalAuthentication; C:\WINDOWS\System32\NaturalAuth.dll [795136 2018-01-01] (Microsoft Corporation)
S3 NcaSvc; C:\WINDOWS\System32\ncasvc.dll [170496 2017-09-29] (Microsoft Corporation)
R3 NcbService; C:\WINDOWS\System32\ncbservice.dll [374272 2017-09-29] (Microsoft Corporation)
S3 NcdAutoSetup; C:\WINDOWS\System32\NcdAutoSetup.dll [88064 2017-09-29] (Microsoft Corporation)
S3 Netlogon; C:\WINDOWS\system32\netlogon.dll [820224 2017-09-29] (Microsoft Corporation)
S3 Netlogon; C:\WINDOWS\SysWOW64\netlogon.dll [658432 2017-09-29] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\System32\netman.dll [254976 2017-09-29] (Microsoft Corporation)
R3 netprofm; C:\WINDOWS\System32\netprofmsvc.dll [542208 2017-09-29] (Microsoft Corporation)
S3 NetSetupSvc; C:\WINDOWS\System32\NetSetupSvc.dll [307712 2017-09-29] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [136312 2017-09-29] (Microsoft Corporation)
S3 NgcCtnrSvc; C:\WINDOWS\System32\NgcCtnrSvc.dll [533504 2017-09-29] (Microsoft Corporation)
S3 NgcSvc; C:\WINDOWS\system32\ngcsvc.dll [1082880 2017-09-29] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\System32\nlasvc.dll [366080 2018-01-01] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\nsisvc.dll [30720 2017-09-29] (Microsoft Corporation)
S2 OneSyncSvc; C:\WINDOWS\System32\APHostService.dll [369664 2018-01-01] (Microsoft Corporation)
R2 OneSyncSvc_3621b8; C:\WINDOWS\system32\svchost.exe [48688 2017-09-29] (Microsoft Corporation)
R2 OneSyncSvc_3621b8; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
S3 p2pimsvc; C:\WINDOWS\system32\pnrpsvc.dll [341504 2018-01-01] (Microsoft Corporation)
S3 p2psvc; C:\WINDOWS\system32\p2psvc.dll [423936 2018-01-01] (Microsoft Corporation)
R3 PcaSvc; C:\WINDOWS\System32\pcasvc.dll [494488 2018-01-01] (Microsoft Corporation)
S3 PerfHost; C:\WINDOWS\SysWow64\perfhost.exe [21504 2017-09-29] (Microsoft Corporation)
S3 PhoneSvc; C:\WINDOWS\System32\PhoneService.dll [791552 2018-01-01] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\WINDOWS\System32\PimIndexMaintenance.dll [188416 2018-01-01] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_3621b8; C:\WINDOWS\system32\svchost.exe [48688 2017-09-29] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_3621b8; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
S3 pla; C:\WINDOWS\system32\pla.dll [1462272 2017-09-29] (Microsoft Corporation)
S3 pla; C:\WINDOWS\SysWOW64\pla.dll [1537024 2017-09-29] (Microsoft Corporation)
R3 PlugPlay; C:\WINDOWS\system32\umpnpmgr.dll [114688 2017-09-29] (Microsoft Corporation)
S3 PNRPAutoReg; C:\WINDOWS\system32\pnrpauto.dll [26624 2017-09-29] (Microsoft Corporation)
S3 PNRPsvc; C:\WINDOWS\system32\pnrpsvc.dll [341504 2018-01-01] (Microsoft Corporation)
S3 PolicyAgent; C:\WINDOWS\System32\ipsecsvc.dll [431104 2017-09-29] (Microsoft Corporation)
R2 Power; C:\WINDOWS\system32\umpo.dll [151040 2017-11-26] (Microsoft Corporation)
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [2896896 2017-09-29] (Microsoft Corporation)
S3 PrintWorkflowUserSvc; C:\WINDOWS\System32\PrintWorkflowService.dll [167936 2017-09-29] (Microsoft Corporation)
S3 PrintWorkflowUserSvc; C:\WINDOWS\SysWOW64\PrintWorkflowService.dll [136192 2017-09-29] (Microsoft Corporation)
S3 PrintWorkflowUserSvc_3621b8; C:\WINDOWS\system32\svchost.exe [48688 2017-09-29] (Microsoft Corporation)
S3 PrintWorkflowUserSvc_3621b8; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
R2 ProfSvc; C:\WINDOWS\system32\profsvc.dll [407040 2017-09-29] (Microsoft Corporation)
S3 PushToInstall; C:\WINDOWS\system32\PushToInstall.dll [254976 2017-12-07] (Microsoft Corporation)
S3 QWAVE; C:\WINDOWS\system32\qwave.dll [275968 2017-09-29] (Microsoft Corporation)
S3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [236544 2017-09-29] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [104960 2018-01-01] (Microsoft Corporation)
R2 RasMan; C:\WINDOWS\System32\rasmans.dll [930304 2017-09-29] (Microsoft Corporation)
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [491520 2017-09-29] (Microsoft Corporation)
S4 RemoteAccess; C:\WINDOWS\SysWOW64\mprdim.dll [403456 2017-09-29] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [154624 2017-09-29] (Microsoft Corporation)
S3 RetailDemo; C:\WINDOWS\system32\RDXService.dll [654848 2017-10-24] (Microsoft Corporation)
R3 RmSvc; C:\WINDOWS\System32\RMapi.dll [151552 2017-09-29] (Microsoft Corporation)
R2 RpcEptMapper; C:\WINDOWS\System32\RpcEpMap.dll [78336 2017-09-29] (Microsoft Corporation)
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [10752 2017-09-29] (Microsoft Corporation)
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [1117184 2017-09-29] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2017-11-09] (Realtek Semiconductor)
R2 SamSs; C:\WINDOWS\system32\lsass.exe [57976 2017-09-29] (Microsoft Corporation)
S4 SCardSvr; C:\WINDOWS\System32\SCardSvr.dll [259072 2018-01-01] (Microsoft Corporation)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [198144 2017-09-29] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [880640 2018-01-01] (Microsoft Corporation)
S3 SCPolicySvc; C:\WINDOWS\System32\certprop.dll [188928 2017-09-29] (Microsoft Corporation)
R3 SDRSVC; C:\WINDOWS\System32\SDRSVC.dll [145408 2017-09-29] (Microsoft Corporation)
S3 seclogon; C:\WINDOWS\system32\seclogon.dll [30720 2017-09-29] (Microsoft Corporation)
R2 SecurityHealthService; C:\WINDOWS\system32\SecurityHealthService.exe [519152 2018-01-01] (Microsoft Corporation)
S3 SEMgrSvc; C:\WINDOWS\system32\SEMgrSvc.dll [1232384 2017-09-29] (Microsoft Corporation)
R2 SENS; C:\WINDOWS\System32\sens.dll [73216 2017-09-29] (Microsoft Corporation)
S3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1288704 2017-09-29] (Microsoft Corporation)
R3 SensorService; C:\WINDOWS\system32\SensorService.dll [555520 2018-01-01] (Microsoft Corporation)
S3 SensrSvc; C:\WINDOWS\system32\sensrsvc.dll [202240 2017-09-29] (Microsoft Corporation)
S3 SessionEnv; C:\WINDOWS\system32\sessenv.dll [387584 2017-09-29] (Microsoft Corporation)
S3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [339456 2017-09-29] (Microsoft Corporation)
S3 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [601088 2017-12-07] (Microsoft Corporation)
S3 SharedRealitySvc; C:\WINDOWS\System32\SharedRealitySvc.dll [421376 2017-09-29] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [613376 2017-09-29] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [565248 2017-09-29] (Microsoft Corporation)
S4 shpamsvc; C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [194560 2017-09-29] (Microsoft Corporation)
S3 smphost; C:\WINDOWS\System32\smphost.dll [23552 2017-09-29] (Microsoft Corporation)
S3 smphost; C:\WINDOWS\SysWOW64\smphost.dll [20992 2017-09-29] (Microsoft Corporation)
S3 SmsRouter; C:\WINDOWS\system32\SmsRouterSvc.dll [588800 2018-01-01] (Microsoft Corporation)
S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15360 2017-09-29] (Microsoft Corporation)
S3 spectrum; C:\WINDOWS\system32\spectrum.exe [956416 2018-01-01] (Microsoft Corporation)
R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [760320 2018-01-01] (Microsoft Corporation)
S2 sppsvc; C:\WINDOWS\system32\sppsvc.exe [4504456 2017-12-07] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [228352 2017-09-29] (Microsoft Corporation)
R3 SstpSvc; C:\WINDOWS\system32\sstpsvc.dll [207872 2017-09-29] (Microsoft Corporation)
R3 StateRepository; C:\WINDOWS\system32\windows.staterepository.dll [4487416 2017-09-29] (Microsoft Corporation)
R3 StateRepository; C:\WINDOWS\SysWOW64\windows.staterepository.dll [3981776 2017-09-29] (Microsoft Corporation)
S3 stisvc; C:\WINDOWS\System32\wiaservc.dll [610816 2017-09-29] (Microsoft Corporation)
R3 StorSvc; C:\WINDOWS\system32\storsvc.dll [963072 2018-01-01] (Microsoft Corporation)
S3 svsvc; C:\WINDOWS\system32\svsvc.dll [13824 2017-09-29] (Microsoft Corporation)
S3 swprv; C:\WINDOWS\System32\swprv.dll [460800 2017-09-29] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R2 SysMain; C:\WINDOWS\system32\sysmain.dll [970240 2018-01-01] (Microsoft Corporation)
R2 SystemEventsBroker; C:\WINDOWS\System32\SystemEventsBrokerServer.dll [284672 2017-09-29] (Microsoft Corporation)
R3 TabletInputService; C:\WINDOWS\System32\TabSvc.dll [200192 2017-09-29] (Microsoft Corporation)
S3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [307200 2017-09-29] (Microsoft Corporation)
S3 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [252928 2017-09-29] (Microsoft Corporation)
S3 TermService; C:\WINDOWS\System32\termsrv.dll [1011200 2017-09-29] (Microsoft Corporation)
R2 Themes; C:\WINDOWS\system32\themeservice.dll [69632 2017-09-29] (Microsoft Corporation)
S3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [302592 2017-09-29] (Microsoft Corporation)
S3 tiledatamodelsvc; C:\WINDOWS\system32\tileobjserver.dll [561152 2017-09-29] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\WINDOWS\System32\TimeBrokerServer.dll [175616 2017-09-29] (Microsoft Corporation)
R3 TokenBroker; C:\WINDOWS\System32\TokenBroker.dll [1231872 2018-01-01] (Microsoft Corporation)
R3 TokenBroker; C:\WINDOWS\SysWOW64\TokenBroker.dll [917504 2018-01-01] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\System32\trkwks.dll [114176 2017-09-29] (Microsoft Corporation)
S2 TrustedInstaller; C:\WINDOWS\servicing\TrustedInstaller.exe [127488 2017-09-29] (Microsoft Corporation)
S4 tzautoupdate; C:\WINDOWS\system32\tzautoupdate.dll [96256 2017-09-29] (Microsoft Corporation)
S3 UI0Detect; C:\WINDOWS\system32\UI0Detect.exe [42496 2017-09-29] (Microsoft Corporation)
S3 UmRdpService; C:\WINDOWS\System32\umrdp.dll [283648 2017-09-29] (Microsoft Corporation)
S3 UnistoreSvc; C:\WINDOWS\System32\unistore.dll [1245184 2018-01-01] (Microsoft Corporation)
S3 UnistoreSvc; C:\WINDOWS\SysWOW64\unistore.dll [966656 2018-01-01] (Microsoft Corporation)
R3 UnistoreSvc_3621b8; C:\WINDOWS\System32\svchost.exe [48688 2017-09-29] (Microsoft Corporation)
R3 UnistoreSvc_3621b8; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [456704 2017-09-29] (Microsoft Corporation)
S3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [335872 2017-09-29] (Microsoft Corporation)
S3 UserDataSvc; C:\WINDOWS\System32\userdataservice.dll [1573376 2018-01-01] (Microsoft Corporation)
R3 UserDataSvc_3621b8; C:\WINDOWS\system32\svchost.exe [48688 2017-09-29] (Microsoft Corporation)
R3 UserDataSvc_3621b8; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
R2 UserManager; C:\WINDOWS\System32\usermgr.dll [951808 2018-01-01] (Microsoft Corporation)
R3 UsoSvc; C:\WINDOWS\system32\usocore.dll [1289216 2017-11-26] (Microsoft Corporation)
R3 VaultSvc; C:\Windows\System32\vaultsvc.dll [363520 2017-09-29] (Microsoft Corporation)
S3 vds; C:\WINDOWS\System32\vds.exe [640512 2017-09-29] (Microsoft Corporation)
S3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [286208 2017-09-29] (Microsoft Corporation)
S3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [286208 2017-09-29] (Microsoft Corporation)
S3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [286208 2017-09-29] (Microsoft Corporation)
S3 vmicrdv; C:\WINDOWS\System32\icsvcext.dll [309760 2017-09-29] (Microsoft Corporation)
S3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [286208 2017-09-29] (Microsoft Corporation)
S3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [286208 2017-09-29] (Microsoft Corporation)
S3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [286208 2017-09-29] (Microsoft Corporation)
S3 vmicvss; C:\WINDOWS\System32\icsvcext.dll [309760 2017-09-29] (Microsoft Corporation)
S3 VSS; C:\WINDOWS\system32\vssvc.exe [1558016 2017-09-29] (Microsoft Corporation)
S3 W32Time; C:\WINDOWS\system32\w32time.dll [563712 2017-09-29] (Microsoft Corporation)
S3 WalletService; C:\WINDOWS\system32\WalletService.dll [431104 2017-09-29] (Microsoft Corporation)
S3 WarpJITSvc; C:\WINDOWS\System32\Windows.WARP.JITService.dll [30720 2017-09-29] (Microsoft Corporation)
S3 wbengine; C:\WINDOWS\system32\wbengine.exe [1526784 2017-09-29] (Microsoft Corporation)
S3 WbioSrvc; C:\WINDOWS\System32\wbiosrvc.dll [975872 2017-09-29] (Microsoft Corporation)
R2 Wcmsvc; C:\WINDOWS\System32\wcmsvc.dll [889856 2017-09-29] (Microsoft Corporation)
S3 wcncsvc; C:\WINDOWS\System32\wcncsvc.dll [465920 2018-01-01] (Microsoft Corporation)
R3 WdiServiceHost; C:\WINDOWS\system32\wdi.dll [99328 2017-09-29] (Microsoft Corporation)
R3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2017-09-29] (Microsoft Corporation)
S3 WdiSystemHost; C:\WINDOWS\system32\wdi.dll [99328 2017-09-29] (Microsoft Corporation)
S3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2017-09-29] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [217088 2017-09-29] (Microsoft Corporation)
S3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [189952 2017-09-29] (Microsoft Corporation)
S3 Wecsvc; C:\WINDOWS\system32\wecsvc.dll [201216 2017-09-29] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [27648 2017-09-29] (Microsoft Corporation)
S3 wercplsupport; C:\WINDOWS\System32\wercplsupport.dll [108544 2017-09-29] (Microsoft Corporation)
S3 WerSvc; C:\WINDOWS\System32\WerSvc.dll [187904 2017-09-29] (Microsoft Corporation)
S3 WFDSConMgrSvc; C:\WINDOWS\System32\wfdsconmgrsvc.dll [622080 2017-09-29] (Microsoft Corporation)
S3 WiaRpc; C:\WINDOWS\System32\wiarpc.dll [81920 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\WINDOWS\system32\winhttp.dll [902416 2018-01-01] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\WINDOWS\SysWOW64\winhttp.dll [703568 2018-01-01] (Microsoft Corporation)
R2 Winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [220160 2017-09-29] (Microsoft Corporation)
S3 WinRM; C:\WINDOWS\system32\WsmSvc.dll [2843136 2017-09-29] (Microsoft Corporation)
S3 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2385920 2017-09-29] (Microsoft Corporation)
S3 wisvc; C:\WINDOWS\system32\flightsettings.dll [779264 2017-09-29] (Microsoft Corporation)
R2 WlanSvc; C:\WINDOWS\System32\wlansvc.dll [2528256 2018-01-01] (Microsoft Corporation)
S3 wlidsvc; C:\WINDOWS\system32\wlidsvc.dll [2223104 2017-09-29] (Microsoft Corporation)
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1346560 2017-09-29] (Microsoft Corporation)
S3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [201216 2017-09-29] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1177600 2017-09-28] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1827328 2017-09-29] (Microsoft Corporation)
S3 WPDBusEnum; C:\WINDOWS\system32\wpdbusenum.dll [82944 2017-09-29] (Microsoft Corporation)
R2 WpnService; C:\WINDOWS\system32\WpnService.dll [284672 2017-09-29] (Microsoft Corporation)
S2 WpnUserService; C:\WINDOWS\System32\WpnUserService.dll [72704 2017-09-29] (Microsoft Corporation)
R2 WpnUserService_3621b8; C:\WINDOWS\system32\svchost.exe [48688 2017-09-29] (Microsoft Corporation)
R2 WpnUserService_3621b8; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
R2 wscsvc; C:\WINDOWS\System32\wscsvc.dll [246784 2017-09-29] (Microsoft Corporation)
R2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [982016 2017-09-29] (Microsoft Corporation)
R2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [826880 2017-09-29] (Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\wuaueng.dll [2783744 2017-11-26] (Microsoft Corporation)
S3 WwanSvc; C:\WINDOWS\System32\wwansvc.dll [1424896 2018-01-01] (Microsoft Corporation)
S3 xbgm; C:\WINDOWS\system32\xbgmsvc.exe [59512 2017-09-29] (Microsoft Corporation)
S3 XblAuthManager; C:\WINDOWS\System32\XblAuthManager.dll [1107968 2017-09-29] (Microsoft Corporation)
S3 XblGameSave; C:\WINDOWS\System32\XblGameSave.dll [1272320 2017-09-29] (Microsoft Corporation)
S3 XboxGipSvc; C:\WINDOWS\System32\XboxGipSvc.dll [57856 2017-09-29] (Microsoft Corporation)
R3 XboxNetApiSvc; C:\WINDOWS\system32\XboxNetApiSvc.dll [1143808 2017-09-29] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-22 08:02 - 2018-01-22 08:02 - 000000000 ____D C:\Users\pp\AppData\Roaming\Macromedia
2018-01-22 07:55 - 2018-01-22 07:55 - 000000258 __RSH C:\Users\pp\ntuser.pol
2018-01-22 07:26 - 2018-01-22 07:26 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3542715463-485064358-3187586401-1001
2018-01-22 06:05 - 2018-01-22 06:05 - 000020622 _____ C:\Users\pp\Desktop\Shortcut.txt
2018-01-22 06:05 - 2018-01-22 06:05 - 000019018 _____ C:\Users\pp\Desktop\Addition.txt
2018-01-22 06:03 - 2018-01-22 13:42 - 000110557 _____ C:\Users\pp\Desktop\FRST.txt
2018-01-22 06:03 - 2018-01-22 13:42 - 000000000 ____D C:\FRST
2018-01-22 06:02 - 2018-01-22 06:02 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-22 06:02 - 2018-01-22 06:02 - 000000993 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2018-01-22 06:02 - 2018-01-22 06:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-22 06:02 - 2018-01-22 06:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-22 05:25 - 2018-01-22 05:25 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-22 05:25 - 2018-01-22 05:25 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-22 05:25 - 2018-01-22 05:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-22 05:25 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-22 05:24 - 2018-01-22 05:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-22 05:24 - 2018-01-22 05:24 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-22 05:23 - 2018-01-22 05:25 - 000096112 _____ C:\TDSSKiller.3.1.0.15_22.01.2018_05.23.09_log.txt
2018-01-22 05:21 - 2018-01-22 05:22 - 000002466 _____ C:\Users\pp\Desktop\Rkill.txt
2018-01-22 05:21 - 2018-01-22 05:21 - 000000000 ____D C:\Users\pp\Desktop\rkill
2018-01-22 05:18 - 2018-01-22 05:16 - 083316440 _____ (Malwarebytes ) C:\Users\pp\Desktop\mb3-setup-1878.1878-3.3.1.2183.exe
2018-01-22 05:18 - 2018-01-22 05:16 - 008206624 _____ (Malwarebytes) C:\Users\pp\Desktop\AdwCleaner.exe
2018-01-22 05:18 - 2018-01-22 05:16 - 005660870 _____ (Swearware) C:\Users\pp\Desktop\ComboFix.exe
2018-01-22 05:18 - 2018-01-22 05:16 - 004922400 _____ (AO Kaspersky Lab) C:\Users\pp\Desktop\tdsskiller.exe
2018-01-22 05:18 - 2018-01-22 05:16 - 002393088 _____ (Farbar) C:\Users\pp\Desktop\FRST64.exe
2018-01-22 05:18 - 2018-01-22 05:16 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\pp\Desktop\rkill.exe
2018-01-21 11:56 - 2018-01-21 11:56 - 000000000 ____D C:\Users\pp\AppData\Local\MicrosoftEdge
2018-01-21 10:53 - 2018-01-21 10:53 - 000000000 ____D C:\Users\pp\AppData\Local\Comms
2018-01-21 10:47 - 2018-01-21 10:47 - 000000000 ____D C:\Users\pp\AppData\Local\Microsoft_Corporation
2018-01-21 10:44 - 2018-01-21 10:44 - 000000000 ____D C:\Users\pp\AppData\Local\DBG
2018-01-21 10:39 - 2018-01-21 11:54 - 000000000 ___RD C:\Users\pp\OneDrive
2018-01-21 10:37 - 2018-01-21 10:37 - 000000000 ____D C:\ProgramData\USOShared
2018-01-21 10:37 - 2018-01-21 10:37 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-01-21 10:36 - 2018-01-21 10:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-21 10:36 - 2018-01-21 10:36 - 000000000 ____D C:\Users\pp\AppData\Local\Publishers
2018-01-21 10:35 - 2018-01-22 07:55 - 000000000 ____D C:\Users\pp
2018-01-21 10:35 - 2018-01-22 07:41 - 000000000 ____D C:\Users\pp\AppData\Local\Packages
2018-01-21 10:35 - 2018-01-21 11:53 - 000862320 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-21 10:35 - 2018-01-21 10:35 - 000000020 ___SH C:\Users\pp\ntuser.ini
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ___RD C:\Users\pp\3D Objects
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ____D C:\Users\pp\AppData\Roaming\Synaptics
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ____D C:\Users\pp\AppData\Roaming\Adobe
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ____D C:\Users\pp\AppData\Local\VirtualStore
2018-01-21 10:35 - 2018-01-21 10:35 - 000000000 ____D C:\Users\pp\AppData\Local\ConnectedDevicesPlatform
2018-01-21 10:32 - 2017-09-29 05:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-01-21 10:31 - 2018-01-21 10:31 - 000000000 _SHDL C:\Users\Default User
2018-01-21 10:31 - 2018-01-21 10:31 - 000000000 _SHDL C:\Users\All Users
2018-01-21 10:31 - 2018-01-21 10:31 - 000000000 _SHDL C:\Documents and Settings
2018-01-21 10:31 - 2018-01-21 10:31 - 000000000 ____D C:\ProgramData\Synaptics
2018-01-21 10:27 - 2018-01-21 10:27 - 000077175 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-01-21 10:27 - 2018-01-21 10:27 - 000003222 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_Session
2018-01-21 10:27 - 2018-01-21 10:27 - 000003194 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-01-21 10:27 - 2018-01-21 10:27 - 000002058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2018-01-21 10:27 - 2018-01-21 10:27 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-01-21 10:27 - 2018-01-21 10:27 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-01-21 10:27 - 2018-01-21 10:27 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2018-01-21 10:27 - 2018-01-21 10:27 - 000000000 ____D C:\ProgramData\SRS Labs
2018-01-21 10:27 - 2018-01-21 10:27 - 000000000 ____D C:\Program Files\Realtek
2018-01-21 10:26 - 2018-01-21 11:49 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-01-21 10:26 - 2018-01-21 11:49 - 000000000 ____D C:\Intel
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____D C:\Program Files\Intel
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 ____D C:\Program Files (x86)\Intel
2018-01-21 10:26 - 2018-01-21 10:26 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2018-01-21 10:26 - 2017-05-15 00:55 - 000103912 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-01-21 10:26 - 2017-05-15 00:55 - 000099816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-01-21 10:25 - 2018-01-22 13:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-21 10:25 - 2018-01-21 11:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-21 10:25 - 2018-01-21 10:25 - 000222832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-21 10:25 - 2018-01-21 10:25 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-01-21 10:12 - 2018-01-21 10:13 - 000000000 ____D C:\Windows.old
2018-01-21 10:12 - 2018-01-21 10:12 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-01-21 10:12 - 2018-01-21 10:12 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-01-21 10:11 - 2018-01-21 10:11 - 000000000 ____D C:\Program Files\Synaptics
2018-01-21 10:09 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\Setup
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-01-21 10:05 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-01-21 10:05 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\0409
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\OCR
2018-01-21 10:05 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\DigitalLocker
2018-01-21 10:02 - 2017-12-22 05:45 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-01-21 10:02 - 2017-12-22 05:45 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-21 09:59 - 2018-01-21 09:55 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2018-01-21 09:59 - 2018-01-21 09:55 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2018-01-21 09:59 - 2018-01-21 09:55 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2018-01-21 09:58 - 2018-01-22 12:04 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-21 09:58 - 2018-01-22 07:55 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-21 09:58 - 2018-01-22 07:41 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-21 09:58 - 2018-01-22 06:02 - 000000000 ___RD C:\Program Files (x86)
2018-01-21 09:58 - 2018-01-21 10:37 - 000000000 ____D C:\ProgramData\USOPrivate
2018-01-21 09:58 - 2018-01-21 10:32 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-01-21 09:58 - 2018-01-21 10:32 - 000000000 ____D C:\WINDOWS\system32\spool
2018-01-21 09:58 - 2018-01-21 10:32 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-01-21 09:58 - 2018-01-21 10:29 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-01-21 09:58 - 2018-01-21 10:28 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-01-21 09:58 - 2018-01-21 10:28 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-01-21 09:58 - 2018-01-21 10:12 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-01-21 09:58 - 2018-01-21 10:09 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-21 09:58 - 2018-01-21 10:08 - 000000000 ____D C:\Program Files\Windows Defender
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\setup
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\system32\com
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\IME
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\Help
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\Program Files\Common Files\system
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-01-21 09:58 - 2018-01-21 10:05 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-01-21 09:58 - 2018-01-21 09:59 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 __RSD C:\WINDOWS\media
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 __RHD C:\Users\Public\Libraries
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Web
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Vss
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\tracing
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\TAPI
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SystemResources
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SystemApps
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\winevt
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\ras
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\IME
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\ias
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\System
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SKB
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\security
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\schemas
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\SchCache
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Resources
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\rescache
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Registration
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\PLA
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Performance
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\InputMethod
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Globalization
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Cursors
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\Branding
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\appcompat
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\addins
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files\Windows Security
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files\windows nt
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files\Common Files\Services
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-01-21 09:58 - 2018-01-21 09:58 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-01-21 09:58 - 2018-01-21 09:55 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2018-01-21 09:58 - 2018-01-21 09:55 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2018-01-21 09:58 - 2018-01-21 09:55 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2018-01-21 09:58 - 2018-01-21 09:55 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2018-01-21 09:58 - 2018-01-21 09:55 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2018-01-21 09:58 - 2018-01-21 09:55 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2018-01-21 09:58 - 2018-01-21 09:55 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2018-01-21 09:58 - 2018-01-21 09:55 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2018-01-21 09:58 - 2018-01-21 09:55 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2018-01-21 09:58 - 2018-01-21 09:55 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2018-01-21 09:58 - 2018-01-21 09:55 - 000000219 _____ C:\WINDOWS\system.ini
2018-01-21 09:58 - 2018-01-21 09:55 - 000000092 _____ C:\WINDOWS\win.ini
2018-01-21 09:56 - 2018-01-22 08:49 - 000000000 ____D C:\WINDOWS\INF
2018-01-21 09:51 - 2018-01-21 11:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-21 09:49 - 2018-01-21 11:48 - 080216064 _____ C:\WINDOWS\system32\config\SYSTEM
2018-01-21 09:49 - 2018-01-21 11:48 - 070516736 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-01-21 09:49 - 2018-01-21 11:48 - 000262144 _____ C:\WINDOWS\system32\config\DEFAULT
2018-01-21 09:49 - 2018-01-21 11:48 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-01-21 09:49 - 2018-01-21 11:48 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2018-01-21 09:49 - 2018-01-21 10:31 - 000000000 ____D C:\WINDOWS\Panther
2018-01-21 09:49 - 2018-01-21 10:26 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-21 09:49 - 2018-01-21 10:05 - 000000000 ____D C:\WINDOWS\servicing
2018-01-21 09:49 - 2018-01-21 10:03 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2018-01-21 09:49 - 2018-01-21 09:58 - 000000000 ____D C:\WINDOWS\system32\SMI
2018-01-21 09:36 - 2018-01-21 10:13 - 000000000 ___HD C:\$SysReset
2018-01-16 14:11 - 2017-08-18 02:23 - 000055384 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2018-01-16 14:11 - 2017-08-18 02:23 - 000053848 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF.sys
2018-01-16 13:59 - 2018-01-01 04:50 - 005905752 ____N (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-16 13:59 - 2018-01-01 04:49 - 008605080 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-16 13:59 - 2018-01-01 04:48 - 007831760 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-16 13:59 - 2018-01-01 04:41 - 007676296 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-16 13:59 - 2018-01-01 04:38 - 003904808 ____N (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-16 13:59 - 2018-01-01 04:34 - 007385088 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-16 13:59 - 2018-01-01 04:23 - 021352144 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-16 13:59 - 2018-01-01 03:45 - 006092152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-16 13:59 - 2018-01-01 03:42 - 006479552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-16 13:59 - 2018-01-01 03:37 - 025247232 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-16 13:59 - 2018-01-01 03:24 - 003668480 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-16 13:59 - 2018-01-01 03:20 - 019337216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-16 13:59 - 2018-01-01 03:20 - 018917888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-16 13:59 - 2018-01-01 03:19 - 008014848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-16 13:59 - 2018-01-01 03:17 - 011923968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-16 13:59 - 2018-01-01 03:15 - 012687872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-16 13:59 - 2018-01-01 03:15 - 006029312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-16 13:59 - 2018-01-01 03:14 - 023655936 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-16 13:59 - 2018-01-01 03:13 - 013657600 ____N (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-16 13:59 - 2018-01-01 03:13 - 012830208 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-16 13:59 - 2018-01-01 03:11 - 008108544 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-16 13:59 - 2018-01-01 03:11 - 004748288 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-16 13:59 - 2018-01-01 03:11 - 003165696 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-16 13:59 - 2017-12-07 14:10 - 006466048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-01-16 13:59 - 2017-12-07 14:02 - 007545344 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-01-16 13:59 - 2017-11-26 12:35 - 017084416 ____N (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-01-16 13:59 - 2017-11-26 12:32 - 021754368 ____N (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-01-16 13:59 - 2017-11-26 05:29 - 003010720 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-01-16 13:59 - 2017-11-26 05:29 - 002573208 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-01-16 13:59 - 2017-11-26 05:27 - 002446744 ____N (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-01-16 13:59 - 2017-11-26 05:23 - 001694224 ____N (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-01-16 13:59 - 2017-11-26 04:18 - 003186688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-01-16 13:59 - 2017-11-26 04:08 - 017159680 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-01-16 13:59 - 2017-11-26 04:04 - 002596352 ____N (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-01-16 13:59 - 2017-11-26 04:03 - 002783744 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-01-16 13:59 - 2017-11-26 03:59 - 004814848 ____N (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-01-16 13:59 - 2017-11-26 03:01 - 002339296 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-01-16 13:59 - 2017-11-26 02:36 - 013703168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-01-16 13:59 - 2017-11-26 02:28 - 004249600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-01-16 13:59 - 2017-11-18 23:35 - 003331520 ____N C:\WINDOWS\system32\Windows.Mirage.dll
2018-01-16 13:59 - 2017-11-18 18:20 - 002491112 ____N C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-01-16 13:59 - 2017-10-24 20:27 - 006791472 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-01-16 13:59 - 2017-10-24 20:20 - 002717392 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-01-16 13:59 - 2017-10-24 19:22 - 006015200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-01-16 13:59 - 2017-10-24 19:22 - 002465848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-01-16 13:59 - 2017-10-24 19:13 - 002972672 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-01-16 13:59 - 2017-10-09 22:49 - 001554216 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-01-16 13:58 - 2018-01-01 09:15 - 000956416 ____N (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-16 13:58 - 2018-01-01 04:54 - 000924648 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-16 13:58 - 2018-01-01 04:53 - 001090984 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-16 13:58 - 2018-01-01 04:52 - 000066712 ____N (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-16 13:58 - 2018-01-01 04:51 - 001414784 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-16 13:58 - 2018-01-01 04:51 - 001209240 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-16 13:58 - 2018-01-01 04:51 - 001055128 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-16 13:58 - 2018-01-01 04:51 - 000191816 ____N (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-16 13:58 - 2018-01-01 04:51 - 000059800 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-16 13:58 - 2018-01-01 04:50 - 000780464 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-16 13:58 - 2018-01-01 04:50 - 000479912 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-16 13:58 - 2018-01-01 04:50 - 000077208 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-16 13:58 - 2018-01-01 04:49 - 000599448 ____N (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-16 13:58 - 2018-01-01 04:49 - 000319352 ____N (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-16 13:58 - 2018-01-01 04:49 - 000292376 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-16 13:58 - 2018-01-01 04:48 - 001954048 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-16 13:58 - 2018-01-01 04:48 - 000382360 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-16 13:58 - 2018-01-01 04:47 - 000649304 ____N (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-16 13:58 - 2018-01-01 04:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-16 13:58 - 2018-01-01 04:46 - 002709704 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-16 13:58 - 2018-01-01 04:46 - 000898216 ____N (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-16 13:58 - 2018-01-01 04:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-16 13:58 - 2018-01-01 04:46 - 000471960 ____N (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-16 13:58 - 2018-01-01 04:45 - 002395032 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-16 13:58 - 2018-01-01 04:45 - 001277848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-16 13:58 - 2018-01-01 04:45 - 000398744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-16 13:58 - 2018-01-01 04:43 - 001173576 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-16 13:58 - 2018-01-01 04:43 - 000367336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-16 13:58 - 2018-01-01 04:43 - 000062872 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-16 13:58 - 2018-01-01 04:42 - 001029016 ____N (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-16 13:58 - 2018-01-01 04:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-16 13:58 - 2018-01-01 04:42 - 000494488 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-16 13:58 - 2018-01-01 04:42 - 000184984 ____N (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-16 13:58 - 2018-01-01 04:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-16 13:58 - 2018-01-01 04:41 - 000559512 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-16 13:58 - 2018-01-01 04:41 - 000549552 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-16 13:58 - 2018-01-01 04:40 - 001206680 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-16 13:58 - 2018-01-01 04:39 - 000902416 ____N (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-16 13:58 - 2018-01-01 04:39 - 000677784 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-16 13:58 - 2018-01-01 04:39 - 000508264 ____N (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-16 13:58 - 2018-01-01 04:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-16 13:58 - 2018-01-01 04:39 - 000129432 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-16 13:58 - 2018-01-01 04:38 - 000727448 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-16 13:58 - 2018-01-01 04:38 - 000519152 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-16 13:58 - 2018-01-01 04:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-16 13:58 - 2018-01-01 04:38 - 000038808 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-16 13:58 - 2018-01-01 04:37 - 001426664 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-16 13:58 - 2018-01-01 04:37 - 000461720 ____N (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-16 13:58 - 2018-01-01 04:36 - 000413888 ____N (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-16 13:58 - 2018-01-01 04:36 - 000374032 ____N (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-16 13:58 - 2018-01-01 04:36 - 000166296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-16 13:58 - 2018-01-01 04:36 - 000113560 ____N (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-16 13:58 - 2018-01-01 04:36 - 000057752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-16 13:58 - 2018-01-01 04:35 - 001170008 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-16 13:58 - 2018-01-01 04:35 - 000075160 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-16 13:58 - 2018-01-01 04:34 - 001336344 ____N (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-16 13:58 - 2018-01-01 04:34 - 000260896 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-16 13:58 - 2018-01-01 04:34 - 000087384 ____N (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-16 13:58 - 2018-01-01 04:33 - 002773400 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-16 13:58 - 2018-01-01 04:33 - 000603920 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-16 13:58 - 2018-01-01 04:32 - 004481240 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-16 13:58 - 2018-01-01 04:32 - 000617304 ____N (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-16 13:58 - 2018-01-01 04:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-16 13:58 - 2018-01-01 04:27 - 000163736 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-16 13:58 - 2018-01-01 04:26 - 000428952 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-16 13:58 - 2018-01-01 04:26 - 000081304 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-16 13:58 - 2018-01-01 04:25 - 000615768 ____N (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-16 13:58 - 2018-01-01 04:25 - 000147864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-16 13:58 - 2018-01-01 04:21 - 001103768 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-16 13:58 - 2018-01-01 04:21 - 000614296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-16 13:58 - 2018-01-01 04:06 - 000311192 ____N (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-16 13:58 - 2018-01-01 04:03 - 000777904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-16 13:58 - 2018-01-01 04:03 - 000650328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-16 13:58 - 2018-01-01 04:03 - 000566664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-16 13:58 - 2018-01-01 04:03 - 000123512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-16 13:58 - 2018-01-01 03:53 - 001615712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-16 13:58 - 2018-01-01 03:49 - 000481464 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-16 13:58 - 2018-01-01 03:49 - 000258808 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-16 13:58 - 2018-01-01 03:46 - 003485392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-16 13:58 - 2018-01-01 03:46 - 000289816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-16 13:58 - 2018-01-01 03:45 - 005615968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-16 13:58 - 2018-01-01 03:45 - 002192624 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-16 13:58 - 2018-01-01 03:45 - 000450928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-16 13:58 - 2018-01-01 03:43 - 020286120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 004644912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 001246432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 001003152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000982528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000386424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000129184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-16 13:58 - 2018-01-01 03:42 - 000074992 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-16 13:58 - 2018-01-01 03:34 - 000703568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 002905600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-16 13:58 - 2018-01-01 03:25 - 001008640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 000475648 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 000344576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-16 13:58 - 2018-01-01 03:25 - 000097792 ____N C:\WINDOWS\system32\runexehelper.exe
2018-01-16 13:58 - 2018-01-01 03:24 - 000240640 ____N (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-16 13:58 - 2018-01-01 03:24 - 000202240 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-16 13:58 - 2018-01-01 03:24 - 000096256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-16 13:58 - 2018-01-01 03:24 - 000038912 ____N (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 001313792 ____N (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000561152 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000536576 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-16 13:58 - 2018-01-01 03:23 - 000250368 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000232960 ____N (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-16 13:58 - 2018-01-01 03:23 - 000121344 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-16 13:58 - 2018-01-01 03:23 - 000080384 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-16 13:58 - 2018-01-01 03:23 - 000047104 ____N (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-16 13:58 - 2018-01-01 03:22 - 000031744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-16 13:58 - 2018-01-01 03:22 - 000025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-16 13:58 - 2018-01-01 03:22 - 000017408 ____N (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000268288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000233984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-16 13:58 - 2018-01-01 03:21 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000097280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-16 13:58 - 2018-01-01 03:21 - 000097280 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-16 13:58 - 2018-01-01 03:21 - 000080896 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-16 13:58 - 2018-01-01 03:21 - 000062976 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-16 13:58 - 2018-01-01 03:20 - 000524288 ____N (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000459776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000397824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000225792 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-16 13:58 - 2018-01-01 03:20 - 000215552 ____N (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000212992 ____N (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000204288 ____N (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000186368 ____N (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000175616 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000134656 ____N (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000104960 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000082432 ____N (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-16 13:58 - 2018-01-01 03:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-16 13:58 - 2018-01-01 03:20 - 000035328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000795136 ____N (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000675328 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000461312 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000450048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000430080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000416768 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-16 13:58 - 2018-01-01 03:19 - 000369152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000366080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000365568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000340480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-16 13:58 - 2018-01-01 03:19 - 000334848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000316928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-16 13:58 - 2018-01-01 03:19 - 000188416 ____N (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000174592 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000149504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000142848 ____N (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000097792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000093696 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000079872 ____N (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000073216 ____N (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-16 13:58 - 2018-01-01 03:19 - 000063488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-16 13:58 - 2018-01-01 03:19 - 000043008 ____N (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000748032 ____N (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000699904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000588800 ____N (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000465920 ____N (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000436224 ____N (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000432640 ____N (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000431616 ____N (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000427008 ____N (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000425984 ____N (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000391168 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000380928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000374784 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000369664 ____N (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000343040 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000336896 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000276480 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000261632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000259072 ____N (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000210944 ____N (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000144896 ____N (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-16 13:58 - 2018-01-01 03:18 - 000082944 ____N (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 006564864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 001485312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000791552 ____N (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000708096 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000616960 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000594432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000568832 ____N (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000559104 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000555520 ____N (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000542208 ____N (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000456704 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000423936 ____N (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000341504 ____N (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-16 13:58 - 2018-01-01 03:17 - 000228352 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-16 13:58 - 2018-01-01 03:17 - 000112640 ____N (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 005833216 ____N (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 004839424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 003676672 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000966656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000956928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000831488 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000815616 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000812544 ____N (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000720896 ____N (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000668160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000664576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000624128 ____N (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000594944 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000463360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000401920 ____N (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000235008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000086528 ____N (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-16 13:58 - 2018-01-01 03:16 - 000076288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 002349568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 001657856 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 001245184 ____N (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000970240 ____N (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000951808 ____N (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000756736 ____N (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000588800 ____N (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000434176 ____N (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000366080 ____N (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-16 13:58 - 2018-01-01 03:15 - 000258560 ____N (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 002465280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 001495040 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 001097728 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 001003008 ____N (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 000985600 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 000917504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-16 13:58 - 2018-01-01 03:14 - 000870912 ____N (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 003121664 ____N (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 002869760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 002013184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-16 13:58 - 2018-01-01 03:13 - 001559552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 001474560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-16 13:58 - 2018-01-01 03:13 - 000897024 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 002633216 ____N (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 002208768 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 001573376 ____N (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 001547776 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 001424896 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-16 13:58 - 2018-01-01 03:12 - 000760320 ____N (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-16 13:58 - 2018-01-01 03:12 - 000464384 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 003334144 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 002859520 ____N (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 002082304 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-16 13:58 - 2018-01-01 03:11 - 001822208 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001816576 ____N (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001597952 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001343488 ____N (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 001231872 ____N (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 000880640 ____N (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 000812032 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-16 13:58 - 2018-01-01 03:11 - 000715776 ____N (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-16 13:58 - 2018-01-01 03:10 - 003126272 ____N (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-16 13:58 - 2018-01-01 03:10 - 002528256 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-16 13:58 - 2018-01-01 03:10 - 000012800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 001487872 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 000925184 ____N (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 000666624 ____N (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-16 13:58 - 2018-01-01 03:09 - 000599552 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-16 13:58 - 2018-01-01 03:08 - 000963072 ____N (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-16 13:58 - 2018-01-01 03:08 - 000726016 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-16 13:58 - 2018-01-01 03:08 - 000685056 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-16 13:58 - 2018-01-01 03:08 - 000505344 ____N (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-16 13:58 - 2018-01-01 03:06 - 000018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-16 13:58 - 2018-01-01 03:05 - 002510848 ____N (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-16 13:58 - 2018-01-01 03:05 - 001160704 ____N (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-16 13:58 - 2018-01-01 03:05 - 000050176 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-16 13:58 - 2017-12-07 22:52 - 000666112 ____N (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-01-16 13:58 - 2017-12-07 15:34 - 001925296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-01-16 13:58 - 2017-12-07 15:34 - 001634288 ____N (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-01-16 13:58 - 2017-12-07 15:28 - 000710912 ____N (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-01-16 13:58 - 2017-12-07 15:28 - 000630752 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2018-01-16 13:58 - 2017-12-07 15:27 - 004504456 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-01-16 13:58 - 2017-12-07 15:26 - 000525208 ____N (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-01-16 13:58 - 2017-12-07 15:24 - 000705944 ____N (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-01-16 13:58 - 2017-12-07 15:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-01-16 13:58 - 2017-12-07 15:24 - 000246168 ____N (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-01-16 13:58 - 2017-12-07 15:22 - 001003104 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-01-16 13:58 - 2017-12-07 15:22 - 000979352 ____N (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-01-16 13:58 - 2017-12-07 15:22 - 000137544 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-01-16 13:58 - 2017-12-07 15:16 - 001776272 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-01-16 13:58 - 2017-12-07 15:15 - 000721592 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-01-16 13:58 - 2017-12-07 15:12 - 000401304 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2018-01-16 13:58 - 2017-12-07 14:56 - 001528904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-01-16 13:58 - 2017-12-07 14:55 - 001490328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-01-16 13:58 - 2017-12-07 14:55 - 000097144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-01-16 13:58 - 2017-12-07 14:37 - 001145104 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-01-16 13:58 - 2017-12-07 14:36 - 000769096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2018-01-16 13:58 - 2017-12-07 14:33 - 000747416 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-01-16 13:58 - 2017-12-07 14:33 - 000592280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-01-16 13:58 - 2017-12-07 14:31 - 001522176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-01-16 13:58 - 2017-12-07 14:12 - 000101376 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2018-01-16 13:58 - 2017-12-07 14:10 - 000150528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-01-16 13:58 - 2017-12-07 14:10 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-01-16 13:58 - 2017-12-07 14:09 - 001663488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2018-01-16 13:58 - 2017-12-07 14:09 - 000235520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-01-16 13:58 - 2017-12-07 14:09 - 000147456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2018-01-16 13:58 - 2017-12-07 14:09 - 000143360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2018-01-16 13:58 - 2017-12-07 14:09 - 000136704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2018-01-16 13:58 - 2017-12-07 14:08 - 000514560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2018-01-16 13:58 - 2017-12-07 14:08 - 000206336 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2018-01-16 13:58 - 2017-12-07 14:08 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000254976 ____N (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000246272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000172544 ____N (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-01-16 13:58 - 2017-12-07 14:07 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-01-16 13:58 - 2017-12-07 14:06 - 000676352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-01-16 13:58 - 2017-12-07 14:06 - 000174080 ____N (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2018-01-16 13:58 - 2017-12-07 14:06 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2018-01-16 13:58 - 2017-12-07 14:05 - 001670656 ____N (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000559616 ____N (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000539136 ____N (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000481792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000363008 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000306688 ____N (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000222208 ____N (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2018-01-16 13:58 - 2017-12-07 14:05 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2018-01-16 13:58 - 2017-12-07 14:05 - 000019456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2018-01-16 13:58 - 2017-12-07 14:04 - 001498112 ____N (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-01-16 13:58 - 2017-12-07 14:04 - 001321472 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 001230848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000841728 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000708096 ____N (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000308736 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-16 13:58 - 2017-12-07 14:03 - 000085504 ____N (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2018-01-16 13:58 - 2017-12-07 14:02 - 002864640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2018-01-16 13:58 - 2017-12-07 14:02 - 002117632 ____N (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2018-01-16 13:58 - 2017-12-07 14:02 - 000496640 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 004592640 ____N (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 001980928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 000601088 ____N (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-01-16 13:58 - 2017-12-07 14:01 - 000021504 ____N (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2018-01-16 13:58 - 2017-12-07 14:00 - 001509888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-01-16 13:58 - 2017-12-07 13:59 - 002105856 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-01-16 13:58 - 2017-12-07 13:59 - 001666048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-01-16 13:58 - 2017-12-07 13:59 - 001058304 ____N (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-01-16 13:58 - 2017-12-07 13:58 - 003478016 ____N (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2018-01-16 13:58 - 2017-12-07 13:58 - 003211776 ____N (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-01-16 13:58 - 2017-12-07 13:58 - 001353728 ____N (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-01-16 13:58 - 2017-12-07 13:56 - 002666496 ____N (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2018-01-16 13:58 - 2017-12-07 13:56 - 001739264 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-01-16 13:58 - 2017-12-07 13:54 - 001570816 ____N (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-01-16 13:58 - 2017-11-26 12:15 - 000882688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-01-16 13:58 - 2017-11-26 08:43 - 000618496 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-01-16 13:58 - 2017-11-26 05:45 - 001642520 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-01-16 13:58 - 2017-11-26 05:45 - 000264040 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-01-16 13:58 - 2017-11-26 05:45 - 000198888 ____N (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-01-16 13:58 - 2017-11-26 05:41 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-01-16 13:58 - 2017-11-26 05:38 - 001636376 ____N (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-01-16 13:58 - 2017-11-26 05:32 - 000373656 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-01-16 13:58 - 2017-11-26 05:31 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-01-16 13:58 - 2017-11-26 05:30 - 001488792 ____N (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-01-16 13:58 - 2017-11-26 05:29 - 000891800 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-01-16 13:58 - 2017-11-26 05:29 - 000840440 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2018-01-16 13:58 - 2017-11-26 05:29 - 000749976 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-01-16 13:58 - 2017-11-26 05:29 - 000703536 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-01-16 13:58 - 2017-11-26 05:29 - 000436120 ____N (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-01-16 13:58 - 2017-11-26 05:28 - 001259344 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-01-16 13:58 - 2017-11-26 05:28 - 001012120 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2018-01-16 13:58 - 2017-11-26 05:28 - 000495000 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-01-16 13:58 - 2017-11-26 05:28 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-01-16 13:58 - 2017-11-26 05:27 - 002412168 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-01-16 13:58 - 2017-11-26 05:27 - 000464408 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-01-16 13:58 - 2017-11-26 05:27 - 000230296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-01-16 13:58 - 2017-11-26 05:26 - 000048112 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-01-16 13:58 - 2017-11-26 05:23 - 001054280 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-01-16 13:58 - 2017-11-26 05:23 - 000754688 ____N (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-01-16 13:58 - 2017-11-26 05:22 - 000404888 ____N (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-01-16 13:58 - 2017-11-26 05:21 - 001585376 ____N (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-01-16 13:58 - 2017-11-26 05:21 - 000654048 ____N (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-01-16 13:58 - 2017-11-26 04:57 - 001664000 ____N (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 001289216 ____N (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000329728 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000301056 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000211456 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-01-16 13:58 - 2017-11-26 04:55 - 000175104 ____N (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-01-16 13:58 - 2017-11-26 04:55 - 000084992 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-01-16 13:58 - 2017-11-26 04:54 - 000327680 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-01-16 13:58 - 2017-11-26 04:54 - 000092160 ____N (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-01-16 13:58 - 2017-11-26 04:47 - 002890240 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-01-16 13:58 - 2017-11-26 04:43 - 000239104 ____N (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-01-16 13:58 - 2017-11-26 04:36 - 000169472 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-01-16 13:58 - 2017-11-26 04:36 - 000168448 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2018-01-16 13:58 - 2017-11-26 04:36 - 000041472 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2018-01-16 13:58 - 2017-11-26 04:35 - 000170496 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2018-01-16 13:58 - 2017-11-26 04:35 - 000057856 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-01-16 13:58 - 2017-11-26 04:34 - 000126464 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2018-01-16 13:58 - 2017-11-26 04:33 - 000361984 ____N (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2018-01-16 13:58 - 2017-11-26 04:31 - 000529408 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-01-16 13:58 - 2017-11-26 04:31 - 000115200 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-01-16 13:58 - 2017-11-26 04:29 - 000474112 ____N (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2018-01-16 13:58 - 2017-11-26 04:29 - 000238080 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-01-16 13:58 - 2017-11-26 04:28 - 000394752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-01-16 13:58 - 2017-11-26 04:26 - 000830464 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2018-01-16 13:58 - 2017-11-26 04:26 - 000770048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-01-16 13:58 - 2017-11-26 04:26 - 000432640 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 001425408 ____N (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000516096 ____N (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000354304 ____N (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000292864 ____N (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-01-16 13:58 - 2017-11-26 04:25 - 000266752 ____N (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-01-16 13:58 - 2017-11-26 04:19 - 001167360 ____N (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-01-16 13:58 - 2017-11-26 04:19 - 000887296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-01-16 13:58 - 2017-11-26 04:19 - 000059392 ____N (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2018-01-16 13:58 - 2017-11-26 04:18 - 000556544 ____N (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-01-16 13:58 - 2017-11-26 04:17 - 001054720 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-01-16 13:58 - 2017-11-26 04:05 - 000462336 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-01-16 13:58 - 2017-11-26 04:04 - 003578368 ____N (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-01-16 13:58 - 2017-11-26 04:03 - 004772352 ____N (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-01-16 13:58 - 2017-11-26 04:00 - 000899584 ____N (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-01-16 13:58 - 2017-11-26 03:59 - 000259072 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-01-16 13:58 - 2017-11-26 03:58 - 000151040 ____N (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2018-01-16 13:58 - 2017-11-26 03:48 - 000534528 ____N (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2018-01-16 13:58 - 2017-11-26 03:48 - 000079360 ____N (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2018-01-16 13:58 - 2017-11-26 03:21 - 001474680 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-01-16 13:58 - 2017-11-26 03:21 - 001432816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-01-16 13:58 - 2017-11-26 03:02 - 001124760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000791960 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-01-16 13:58 - 2017-11-26 03:01 - 000746904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000590944 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000506256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2018-01-16 13:58 - 2017-11-26 03:01 - 000354200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-01-16 13:58 - 2017-11-26 03:00 - 001990160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-01-16 13:58 - 2017-11-26 03:00 - 000353848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-01-16 13:58 - 2017-11-26 02:58 - 001148216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-01-16 13:58 - 2017-11-26 02:58 - 001057824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-01-16 13:58 - 2017-11-26 02:51 - 001558856 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-01-16 13:58 - 2017-11-26 02:51 - 000661664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 002393600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 001470976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 000372224 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-01-16 13:58 - 2017-11-26 02:41 - 000065536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-01-16 13:58 - 2017-11-26 02:40 - 000160256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-01-16 13:58 - 2017-11-26 02:38 - 000271872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2018-01-16 13:58 - 2017-11-26 02:37 - 000098304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-01-16 13:58 - 2017-11-26 02:36 - 000444928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-01-16 13:58 - 2017-11-26 02:36 - 000351232 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2018-01-16 13:58 - 2017-11-26 02:36 - 000315392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2018-01-16 13:58 - 2017-11-26 02:35 - 000557056 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2018-01-16 13:58 - 2017-11-26 02:35 - 000293888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2018-01-16 13:58 - 2017-11-26 02:35 - 000242176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-01-16 13:58 - 2017-11-26 02:31 - 000660480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-01-16 13:58 - 2017-11-26 02:31 - 000456704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-01-16 13:58 - 2017-11-26 02:30 - 004385280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-01-16 13:58 - 2017-11-26 02:30 - 002859520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2018-01-16 13:58 - 2017-11-26 02:29 - 000823808 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-01-16 13:58 - 2017-11-26 02:24 - 000614912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2018-01-16 13:58 - 2017-11-26 02:24 - 000068096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2018-01-16 13:58 - 2017-10-25 01:11 - 000336896 ____N (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2018-01-16 13:58 - 2017-10-24 20:41 - 000362176 ____N (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2018-01-16 13:58 - 2017-10-24 20:40 - 000612760 ____N (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-01-16 13:58 - 2017-10-24 20:40 - 000269696 ____N C:\WINDOWS\system32\FaceProcessorCore.dll
2018-01-16 13:58 - 2017-10-24 20:39 - 000479912 ____N (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2018-01-16 13:58 - 2017-10-24 20:37 - 000610712 ____N (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-01-16 13:58 - 2017-10-24 20:31 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-01-16 13:58 - 2017-10-24 20:30 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-01-16 13:58 - 2017-10-24 20:29 - 002269080 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 20:29 - 001507736 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-01-16 13:58 - 2017-10-24 20:27 - 001970520 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:27 - 001454568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:27 - 001377080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:27 - 001015008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000975872 ____N C:\WINDOWS\system32\FaceProcessor.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000135168 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000095744 ____N (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-01-16 13:58 - 2017-10-24 19:18 - 000056320 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-01-16 13:58 - 2017-10-24 19:16 - 000227328 ____N (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-01-16 13:58 - 2017-10-24 19:16 - 000114688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2018-01-16 13:58 - 2017-10-24 19:14 - 000046080 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2018-01-16 13:58 - 2017-10-24 19:12 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-01-16 13:58 - 2017-10-24 19:11 - 000768512 ____N (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-01-16 13:58 - 2017-10-24 19:09 - 001806336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2018-01-16 13:58 - 2017-10-24 19:08 - 000654848 ____N (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2018-01-16 13:58 - 2017-10-24 19:08 - 000487424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-01-16 13:58 - 2017-10-24 19:07 - 000064512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2018-01-16 13:58 - 2017-10-24 19:05 - 000022528 ____N (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2018-01-16 13:58 - 2017-10-24 19:04 - 000124928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2018-01-16 13:58 - 2017-10-24 19:04 - 000041984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2018-01-16 13:58 - 2017-10-24 19:02 - 000591872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-01-16 13:58 - 2017-10-24 18:58 - 001280000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2018-01-16 13:58 - 2017-10-24 18:54 - 000022528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2018-01-16 13:58 - 2017-10-19 21:08 - 000339968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-01-16 13:58 - 2017-10-09 23:11 - 000739696 ____N (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-01-16 13:58 - 2017-10-09 22:54 - 001463856 ____N (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-01-16 13:58 - 2017-10-09 22:49 - 000060824 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2018-01-16 13:58 - 2017-10-09 22:43 - 000418712 ____N (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2018-01-16 13:58 - 2017-10-09 22:31 - 001323840 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-01-16 13:58 - 2017-10-09 22:11 - 000597160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-01-16 13:58 - 2017-10-09 22:07 - 001261864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-01-16 13:58 - 2017-10-09 22:06 - 000353688 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2018-01-16 13:58 - 2017-10-09 21:43 - 000566272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2018-01-16 13:58 - 2017-10-09 21:43 - 000070656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2018-01-16 13:58 - 2017-10-09 21:42 - 000326144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2018-01-16 13:58 - 2017-10-09 21:34 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-01-16 13:58 - 2017-10-09 21:34 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-01-16 13:58 - 2017-10-09 21:33 - 000086016 ____N (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2018-01-16 13:58 - 2017-10-09 21:33 - 000058880 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2018-01-16 13:58 - 2017-10-09 21:31 - 000665088 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2018-01-16 13:58 - 2017-10-09 21:31 - 000478208 ____N (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2018-01-16 13:58 - 2017-10-09 21:30 - 000442880 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2018-01-16 13:58 - 2017-10-09 21:24 - 000285696 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-01-16 13:58 - 2017-10-03 14:42 - 000640512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2018-01-16 13:58 - 2017-10-03 14:42 - 000008704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2018-01-16 12:47 - 2016-01-05 17:50 - 000328920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsP2Stor.sys
2018-01-16 12:47 - 2015-12-18 10:06 - 004330200 _____ (TODO: <Company name>) C:\WINDOWS\RtCRU64.exe
2018-01-16 12:47 - 2014-10-20 17:50 - 000083160 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
2018-01-16 12:47 - 2014-01-27 13:39 - 009890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 001804688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01011.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 001392792 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\esif_uf.exe
2018-01-16 12:42 - 2015-10-30 02:32 - 000971944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 000668840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120.dll
2018-01-16 12:42 - 2015-10-30 02:32 - 000260072 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\esif_lf.sys
2018-01-16 12:42 - 2015-10-30 02:31 - 000055784 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\dptf_acpi.sys
2018-01-16 12:42 - 2015-10-30 02:31 - 000052200 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\dptf_cpu.sys
2017-11-09 01:55 - 2017-11-09 01:55 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-11-09 01:55 - 2017-11-09 01:55 - 000532368 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-11-09 01:55 - 2017-11-09 01:55 - 000381400 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-11-09 01:55 - 2017-11-09 01:55 - 000166192 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 003410320 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 003121112 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000986992 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-11-09 01:50 - 2017-11-09 01:50 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-11-09 01:45 - 2017-11-09 01:45 - 000866632 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 003562432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 003509192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 001351232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 001016920 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000877424 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000868176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000737960 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000691672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000526280 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000387304 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000321704 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-11-09 01:40 - 2017-11-09 01:40 - 000088336 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-11-09 01:34 - 2017-11-09 01:34 - 001617728 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-11-09 01:34 - 2017-11-09 01:34 - 001529128 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-11-09 01:33 - 2017-11-09 01:33 - 000609384 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2017-11-09 01:33 - 2017-11-09 01:33 - 000115120 _____ (Conexant System, Inc.) C:\WINDOWS\system32\Caf64api.dll
2017-11-09 01:27 - 2017-11-09 01:27 - 003677152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-11-09 01:27 - 2017-11-09 01:27 - 003205592 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-11-09 01:27 - 2017-11-09 01:27 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-11-09 01:26 - 2017-11-09 01:26 - 072520704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-11-09 01:26 - 2017-11-09 01:26 - 006033832 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-11-09 01:26 - 2017-11-09 01:26 - 002922976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-11-09 01:26 - 2017-11-09 01:26 - 000023680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-11-09 01:25 - 2017-11-09 01:25 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-11-09 01:01 - 2017-11-09 01:01 - 014848602 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-11-09 01:01 - 2017-11-09 01:01 - 000005604 _____ C:\WINDOWS\system32\cxapo.lncs
2017-11-09 01:01 - 2017-11-09 01:01 - 000003780 _____ C:\WINDOWS\system32\cxapo.prop

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{4a678cf4-fb02-11e7-95eb-806e6f6e6963}
{4a678cf3-fb02-11e7-95eb-806e6f6e6963}
timeout 20

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {abb9ba91-fed6-11e7-bb9e-ed071e87330a}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 0

Firmware Application (101fffff)
-------------------------------
identifier {4a678cf3-fb02-11e7-95eb-806e6f6e6963}
description EFI USB Device

Firmware Application (101fffff)
-------------------------------
identifier {4a678cf4-fb02-11e7-95eb-806e6f6e6963}
description Internal Hard Disk or Solid State Disk

Windows Boot Loader
-------------------
identifier {254aa7c9-f984-11e7-b26a-ce11479db281}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{254aa7ca-f984-11e7-b26a-ce11479db281}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride PushButtonReset
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{254aa7ca-f984-11e7-b26a-ce11479db281}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {254aa7c9-f984-11e7-b26a-ce11479db281}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {abb9ba91-fed6-11e7-bb9e-ed071e87330a}
nx OptIn
bootmenupolicy Standard

Resume from Hibernate
---------------------
identifier {abb9ba91-fed6-11e7-bb9e-ed071e87330a}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {254aa7c9-f984-11e7-b26a-ce11479db281}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {254aa7ca-f984-11e7-b26a-ce11479db281}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi


LastRegBack: 2018-01-21 10:25

==================== End of FRST.txt ============================

#8 SomeTiredPerson

SomeTiredPerson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 22 January 2018 - 05:34 PM

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys 08312DEEF0D3F8647AA53AD90A69094E
C:\WINDOWS\System32\drivers\3ware.sys 645009E711BBF117CCEE917A03FB0CDD
C:\WINDOWS\System32\drivers\ACPI.sys 69481E5474C7E61CDB3FE6A8A0F3B1B4
C:\WINDOWS\System32\drivers\AcpiDev.sys 44EA35A4B397898A83BF1B9B4B8DAE35
C:\WINDOWS\System32\Drivers\acpiex.sys 91D113A1532B8AB1E25B7DE5AB3C2F83
C:\WINDOWS\System32\drivers\acpipagr.sys 620BB2682BA625DF037072D89F44F6EE
C:\WINDOWS\System32\drivers\acpipmi.sys B9805A3C479390CEAEA5AEF5E4A90A2E
C:\WINDOWS\System32\drivers\acpitime.sys ABD4EB55C661143B015BD0B9B47B235C
C:\WINDOWS\System32\drivers\ADP80XX.SYS 8C58BD711FAD5F11E8CFDBC5CED973A5
C:\WINDOWS\system32\drivers\afd.sys 7AE4EBDC221235BF9E1008B515C0B8DB
C:\WINDOWS\System32\DRIVERS\ahcache.sys 56166D110D3ECFFC595E5FA02D9BA491
C:\WINDOWS\System32\drivers\amdk8.sys 62619E31AFF88F906A7E793AC4A9FF51
C:\WINDOWS\System32\drivers\amdppm.sys 735142DD039BEB35632765C41FC6E397
C:\WINDOWS\System32\drivers\amdsata.sys F1C16AABA27E9E153AEC7BD2AB853F30
C:\WINDOWS\System32\drivers\amdsbs.sys C834D0F1ECB8473E9E6D18EE1BCEECB2
C:\WINDOWS\System32\drivers\amdxata.sys 49203D2FFE30CBB36BE66A0E70F3D954
C:\WINDOWS\System32\drivers\appid.sys 3692C75C47285D388C886D162F54C430
C:\WINDOWS\System32\drivers\applockerfltr.sys 1E085E2302D568F0CE041732B3E887B0
C:\WINDOWS\System32\drivers\arcsas.sys B42C83DE28776B80DBA1310C56DD4F74
C:\WINDOWS\System32\drivers\asyncmac.sys C2151380227CD1F7DDA2401C1F151367
C:\WINDOWS\System32\drivers\atapi.sys 6191B9B2EE0E8CB957C683B9B341CC86
C:\WINDOWS\System32\drivers\bxvbda.sys A921805C1ED3253DF48FCA4D724173EB
C:\WINDOWS\System32\drivers\bam.sys 763CF81762483E244BAEB83DEFFC53F3
C:\WINDOWS\System32\drivers\BasicDisplay.sys 2A7267AA15E508F6D05A5B562F1FD1CE
C:\WINDOWS\System32\drivers\BasicRender.sys 2E1EE0F10FAF1250D1AC05BFB0E6BD3D
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys EDDAA3A563E7EB71C991FE91249C7D81
C:\WINDOWS\System32\DRIVERS\bowser.sys D030A1203680D66716F4E74053468627
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys A4863B7B1F0DB513D6E34547BACC211A
C:\WINDOWS\System32\drivers\BthEnum.sys 82BD96D56574231AD0E9BBF293EA2E7F
C:\WINDOWS\System32\drivers\bthhfenum.sys 9C9EE272C11252C651C5DE6A1AC1EDAA
C:\WINDOWS\System32\drivers\BthHFHid.sys 69734E386826ED857C889330F35B4D9C
C:\WINDOWS\system32\DRIVERS\bthl2cap.sys 338B8D45C7DFB03DB7957188E16C9661
C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 47BF82E2A6D11279C8501E08518AB835
C:\WINDOWS\System32\drivers\bthmodem.sys A94AFAEA86F5F792BB4ECA095B231464
C:\WINDOWS\System32\drivers\bthpan.sys 4F58D8C265FFA943878CF7F922432847
C:\WINDOWS\system32\DRIVERS\BTHport.sys D970480A59C314CC344118D7B185D7E6
C:\WINDOWS\system32\DRIVERS\BTHUSB.sys 55C836530A9602255BFB4F5D9DA2B737
C:\WINDOWS\System32\drivers\bttflt.sys 39E7437FC59CDD7A303ABD514E462E8B
C:\WINDOWS\System32\drivers\buttonconverter.sys 522888590B0C19BC8128119060AE7901
C:\WINDOWS\System32\drivers\CAD.sys 2AB01CE5E233A6FBA3E91BD57772AA4B
C:\WINDOWS\System32\drivers\capimg.sys F6F97879F53AD57194C6BC8272FD73EA
C:\WINDOWS\System32\DRIVERS\cdfs.sys 9E82A95D77AC78C84BA75FF896B060BF
C:\WINDOWS\System32\drivers\cdrom.sys 6D83565C1652E80447EDEA6947FA89D7
C:\WINDOWS\System32\drivers\cht4sx64.sys D81954CE5E016FD716EDDB2B2FD9BA58
C:\WINDOWS\System32\drivers\cht4vx64.sys F9A8570805807FFD66488F0A858E1308
C:\WINDOWS\System32\drivers\circlass.sys 9798D58461706930190F1F2F6BF21D80
C:\WINDOWS\System32\drivers\cldflt.sys 3B5973C9D50DE90CEB6D7DC85216AA86
C:\WINDOWS\System32\drivers\CLFS.sys 59D46CE57A49353A733D162DBA65A4FA
C:\WINDOWS\System32\drivers\CmBatt.sys 2BA3BA38B5A6A667B0EAEC477276707B
C:\WINDOWS\System32\Drivers\cng.sys B3CC988A9D8B8EC66ED2B7B7B3413652
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys C65AF00EF12A1755E7CA370B0C71935D
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys A50300498D56B2448F3593D25478D508
C:\WINDOWS\System32\drivers\condrv.sys 65602B0DB49199647FECB2D1212147BE
C:\WINDOWS\System32\drivers\dam.sys 72BE43ABD786E86AAE7EA2193201E100
C:\WINDOWS\System32\Drivers\dfsc.sys 9910E9CFF5ECDCB225F82E72CE9DE459
C:\WINDOWS\System32\drivers\disk.sys 811173C821171BB910219E53C7FD97AD
C:\WINDOWS\System32\drivers\dmvsc.sys 569FE16775E15A49DC904DE20BF8CAA0
C:\WINDOWS\System32\drivers\dptf_acpi.sys 225C4E9280B2AE38DCAA5E2FEFC437C2
C:\WINDOWS\System32\drivers\dptf_cpu.sys 4DD17AA07FA0A75E79B47E5B7F18964D
C:\WINDOWS\System32\drivers\drmkaud.sys F4800922F4ABA619585CE320A72E6389
C:\WINDOWS\System32\drivers\dxgkrnl.sys 0DF6B436F579E1DD23C8EBD61EE749E8
C:\WINDOWS\System32\drivers\evbda.sys C99D40C97841E0A7F0F90B8629593A97
C:\WINDOWS\System32\drivers\EhStorClass.sys 260BBD6B1ED06298E509B452354EDB91
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys F3BEBDC1B9DBA32F183079EAE6244837
C:\WINDOWS\System32\drivers\errdev.sys 1B63CA857FD03FD0A5A1379F2996784F
C:\WINDOWS\system32\DRIVERS\esif_lf.sys A63C10A6A6B09FED00046DDD313C2CC1
C:\Windows\System32\Drivers\exfat.sys F1ACA42D448E3986565EA54275EEEA65
C:\Windows\System32\Drivers\fastfat.sys 0AF4B36754A6EAE794EE4398E219A9E1
C:\WINDOWS\System32\drivers\fdc.sys 7CD8426A33F06EB72BFEC51F7C264AF8
C:\WINDOWS\System32\drivers\filecrypt.sys DE51BBBCF358188F9736F031546F9908
C:\WINDOWS\System32\drivers\fileinfo.sys 822F664952B0F8D11BB6BD2F11779602
C:\WINDOWS\System32\drivers\filetrace.sys 5A4935682A0D47A4EAC4BE3C2ACF74D6
C:\WINDOWS\System32\drivers\flpydisk.sys 60641F22D1D38EAD197C25F0339C9712
C:\WINDOWS\System32\drivers\fltmgr.sys 56F9EAA7099159759B2F6C523007A13F
C:\WINDOWS\System32\drivers\FsDepends.sys 5D8A0E58E3F82583697E3F07052435AA
C:\Windows\System32\Drivers\Fs_Rec.sys BB82CC2F51F7C3D5DCD13FA3B040D8F8
C:\WINDOWS\System32\DRIVERS\fvevol.sys 69C669540A850553AF9589DB05A2A7D0
C:\WINDOWS\System32\drivers\vmgencounter.sys 3B5DDF1061930A0A891FA63DB0CB878B
C:\WINDOWS\System32\drivers\genericusbfn.sys 8B34E3F794F652082D7E8AF112F71681
C:\WINDOWS\System32\Drivers\msgpioclx.sys 127C23F4720C8902A3AB0FEE12205317
C:\WINDOWS\System32\drivers\gpuenergydrv.sys C7DEA3458E50B691E69EFF0B47CBCCDB
C:\WINDOWS\System32\drivers\HDAudBus.sys 99A34FD1F6431A10D8C3BB50E170D0F2
C:\WINDOWS\System32\drivers\HidBatt.sys 2443FC6EEB9CF092B62127D867901B02
C:\WINDOWS\System32\drivers\hidbth.sys 205043CDC16ADE85E252DD54AE925161
C:\WINDOWS\System32\drivers\hidi2c.sys B521DDDC9038C066B1B957BF063A531A
C:\WINDOWS\System32\drivers\hidinterrupt.sys 5AC0EBFA76E93273A806176D3178E986
C:\WINDOWS\System32\drivers\hidir.sys 366AC0E05EBF5D5C375F65CD8BC7F0DF
C:\WINDOWS\System32\drivers\hidusb.sys 7CB54D02746024648FCE184FC3F941FF
C:\WINDOWS\System32\drivers\HpSAMD.sys 835FB95D85D362057A72D21A48C2C7F8
C:\WINDOWS\System32\drivers\HTTP.sys 717D6E92D0143BCC4C36976BFFD94753
C:\WINDOWS\System32\drivers\hvservice.sys 9F2CFC90306532866C62BDCDFD2532AA
C:\WINDOWS\System32\Drivers\mshwnclx.sys 3737FE486929AFC48F1D10677B698E52
C:\WINDOWS\System32\drivers\hwpolicy.sys 3C65EBF7F1BFD98426C355D66876ECEE
C:\WINDOWS\System32\drivers\hyperkbd.sys 7E00234C67A322988AFEA717D5609C9E
C:\WINDOWS\System32\drivers\HyperVideo.sys FBF5BB641DE99AE1DF4835E88D4F8993
C:\WINDOWS\System32\drivers\i8042prt.sys 56FF074E50F9042FD2856AB3418F4B18
C:\WINDOWS\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7
C:\WINDOWS\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys 435883A27A376B125BD4DF888417C85F
C:\WINDOWS\System32\drivers\iaStorV.sys 7118E4390C4ACDE61E280CE52BCAF44E
C:\WINDOWS\System32\drivers\ibbus.sys 9DBE8C359ABACE1BE1BBAB687D114506
C:\WINDOWS\system32\DRIVERS\ibtusb.sys 18F7B1E3C5DE1CC8B3D2BBF90F7350EF
C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys 254233E3FC59503A4B616A7ED47EAB3F
C:\WINDOWS\System32\drivers\IndirectKmd.sys 42CAF6216A6E516DC56BA319ACC7EEC5
C:\WINDOWS\system32\drivers\RTKVHD64.sys F36520B0C0832D8A9E04C3443468BD2B
C:\WINDOWS\system32\DRIVERS\IntcDAud.sys E300D1E37B737ED14F7A08CD5604E5D9
C:\WINDOWS\System32\drivers\intelide.sys 40943C1CD031ACE06A8374AD56B9E5EA
C:\WINDOWS\System32\drivers\intelpep.sys 327D9CCF5492543AEF3979F9EEAD02BE
C:\WINDOWS\System32\drivers\intelppm.sys 10F2757836F41BFAEA2AE19F6FE869B2
C:\WINDOWS\System32\drivers\invdimm.sys 8387E90B551B9B7F32EDC69909591E9E
C:\WINDOWS\System32\drivers\iorate.sys E207078E0E1BB3524277DB9077E4148E
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys FD8F64B7B345E539F2EA7F72846F83B4
C:\WINDOWS\System32\drivers\IPMIDrv.sys 8AAB863E72A4F9C578FED2EE3541545B
C:\WINDOWS\System32\drivers\ipnat.sys 7BEC2AF23F586EFF0DB4DBF4331B0C70
C:\WINDOWS\System32\drivers\ipt.sys 35A54F19E703D4FE5919F812F6CC5D0A
C:\WINDOWS\system32\drivers\irda.sys 359CDDBC825959DA28FA886B3C271B53
C:\WINDOWS\System32\drivers\irenum.sys F88664A2A82DDA456180FFF95A771765
C:\WINDOWS\System32\drivers\isapnp.sys 2296B158C43C306B0AC5B4D57EA9F0E1
C:\WINDOWS\System32\drivers\msiscsi.sys 2DC0765992CFECE3B13F3BFD20E69DCC
C:\WINDOWS\System32\drivers\kbdclass.sys E320F986BBE0CD9324EA0A193EBF29B1
C:\WINDOWS\System32\drivers\kbdhid.sys AFF5DDCC1A79217C9526FF5E01A69E89
C:\WINDOWS\System32\drivers\kdnic.sys 916E62AF3386F7A74603E5C545F6FF2D
C:\WINDOWS\System32\Drivers\ksecdd.sys 69FA8BEBADF807089FEFCD3F59CFAC1E
C:\WINDOWS\System32\Drivers\ksecpkg.sys C1081E2B36F77781167FD9401119B98E
C:\WINDOWS\system32\drivers\ksthunk.sys DD8C4726127CFE313233372D70787C37
C:\WINDOWS\System32\drivers\lltdio.sys CB5A6E117502156794F0DA9E61506006
C:\WINDOWS\System32\drivers\lsi_sas.sys 20048BEE892138A745B1C23EBB0E069F
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 9EAB16572B576979D585DDEDB12417CD
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 3B7B359C0870317106DF3438D4FF491D
C:\WINDOWS\System32\drivers\lsi_sss.sys 2DE03BA338A4B0ACDB416A30F1C7D56F
C:\WINDOWS\system32\drivers\luafv.sys 9A497169E145FCE2D8AA7DBC67377F64
C:\WINDOWS\System32\drivers\mausbhost.sys BF56CB9D02DEE8CA9CBA50220BE16F15
C:\WINDOWS\System32\drivers\mausbip.sys 01BDEE1FFF6D2216797DFEE4ABD937D9
C:\WINDOWS\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221
C:\WINDOWS\System32\drivers\megasas.sys C7B8B5053D646CBD30BE1BA6B487D396
C:\WINDOWS\System32\drivers\MegaSas2i.sys EB8ED3204499DDB2D3BA094A4563EE3E
C:\WINDOWS\System32\drivers\megasr.sys F1C1D4E752DE1D58295040E5BE8813AF
C:\WINDOWS\System32\drivers\mlx4_bus.sys 16B078D1089FEA98710C9D07C152DCEE
C:\WINDOWS\system32\drivers\mmcss.sys 20C57CE47B1A877C48A4B68E9A4E21FA
C:\WINDOWS\System32\drivers\modem.sys A4467A5C080318F0CCCF5ED463821F8B
C:\WINDOWS\System32\drivers\monitor.sys 78BE85C1F1C7F3AF6C87BCE127007D5A
C:\WINDOWS\System32\drivers\mouclass.sys 8E262B34A8BD184B4B3025AA8C396B00
C:\WINDOWS\System32\drivers\mouhid.sys C094A555F148495EA130D3BBC5232D5E
C:\WINDOWS\System32\drivers\mountmgr.sys 6434BC884502E95EEA2379C92DD22B60
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl1878536b.sys AA12FAF01013F63348B722D3588550FF
C:\WINDOWS\System32\drivers\mpsdrv.sys F36E4074C66DD31855A8D79EF0AE8066
C:\WINDOWS\system32\drivers\mrxdav.sys 215D672CB71987CD98EB2298EFB84DDC
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 34898F29BF0E9A84E183046318D17814
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys 6537678DEEA2A5B079052D75E21E46DA
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 87FF93E7420C9068C0D5B2F3109809F4
C:\WINDOWS\System32\drivers\bridge.sys 167408B38458ECAE545C57527BC99024
C:\Windows\System32\Drivers\Msfs.sys AE111778CA6AC08862B3C713F0413333
C:\WINDOWS\System32\drivers\msgpiowin32.sys 6DDDFCAB646BBBCFC583135C4430E10F
C:\WINDOWS\System32\drivers\mshidkmdf.sys 01C6A86BEA8279E557A5056148F068BF
C:\WINDOWS\System32\drivers\mshidumdf.sys F65ABC7DE945047147F17330F79732CB
C:\WINDOWS\System32\drivers\msisadrv.sys 05B23012427801E710BDD12720B9020B
C:\WINDOWS\System32\drivers\MSKSSRV.sys B25B2CD3E052D68075A3814AAA0C6421
C:\WINDOWS\System32\drivers\mslldp.sys C3F5EA6B9041A30B4F11BE2E7863E487
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 601D666820F0408B896791D19BE6D258
C:\WINDOWS\System32\drivers\MSPQM.sys 46E61FBA0097E48E5628C74A3F72233A
C:\Windows\System32\Drivers\MsRPC.sys 4EB9B77179BDEE89C496E60D4BF85CC1
C:\WINDOWS\System32\drivers\mssmbios.sys CBD56E0B55FB3672BA80382EC2F8835C
C:\WINDOWS\System32\drivers\MSTEE.sys 5734B2A36D3BB13A638E5305EEEC582D
C:\WINDOWS\System32\drivers\MTConfig.sys 85270E0DC6907C6B99F72A36F17AED34
C:\WINDOWS\System32\Drivers\mup.sys DB5B1539F5EBB3DD3A7ED25ADBC4D6D9
C:\WINDOWS\System32\drivers\mvumis.sys 3C57FF3BCF496D24C39C2198158864BB
C:\WINDOWS\System32\DRIVERS\nwifi.sys 8A9CD53B0FBE679116638120CCBB201E
C:\WINDOWS\System32\drivers\ndfltr.sys 77B047B109CE758A017F58FAE5038D0D
C:\WINDOWS\System32\drivers\ndis.sys 7FF306C78B0DC31192657B47539D5688
C:\WINDOWS\System32\drivers\ndiscap.sys 067AE5BA349CC35AF8975D22DC483DDF
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 6FC4D7EB5D38CFB7966405036116F065
C:\WINDOWS\System32\DRIVERS\ndistapi.sys ED7CC4E16B76B2603C9F827188EA63B4
C:\WINDOWS\System32\drivers\ndisuio.sys 8D977AFC195A3F4B15B05D02B2BD0292
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys DC1D26D62F40B7552BCF49D92774F0C5
C:\WINDOWS\System32\drivers\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\NDProxy.sys 8ABF5B8D5839F8DAE2E0D3165AE732F6
C:\WINDOWS\System32\drivers\Ndu.sys A791792DC412CCD83DA0AF6871682552
C:\WINDOWS\System32\drivers\NetAdapterCx.sys BE79982A50AC88BC0765F3AFECFCB596
C:\WINDOWS\System32\drivers\netbios.sys E899D26A0C2555AC30ACDD526056E51F
C:\WINDOWS\System32\DRIVERS\netbt.sys 7FC54F2AF5EC52C7AC05AD90FFC757E6
C:\WINDOWS\System32\drivers\netvsc.sys 680EB4AEA08EAC80C384E90E430DF16D
C:\WINDOWS\system32\DRIVERS\Netwtw04.sys 117446A20C33D5AF536D9F08907FBBB3
C:\Windows\System32\Drivers\Npfs.sys 84EB8F01B140618518AFF30B9951F132
C:\WINDOWS\System32\drivers\npsvctrig.sys 5CB8082E51DE7D19042F0FF8C517CB0D
C:\WINDOWS\System32\drivers\nsiproxy.sys 958921BB7AE2671983743FDA0DD587C4
C:\Windows\System32\Drivers\NTFS.sys E20EC8E25969ABD9F5FED6EDEA57EC0C
C:\Windows\System32\Drivers\Null.sys 0D1E03A5F87F4DE04D97622C686910A2
C:\WINDOWS\System32\drivers\nvdimmn.sys 532F27A2B62D70C327E763F035AED6C1
C:\WINDOWS\System32\drivers\nvraid.sys 7E04652EB1A476BC0A72ECDC613AF0C5
C:\WINDOWS\System32\drivers\nvstor.sys 880B3E874914DAEF97119876543AE117
C:\WINDOWS\System32\drivers\parport.sys 2E07EC2C1622F5E7B535D62DCD61F3AB
C:\WINDOWS\System32\drivers\partmgr.sys 023DDF9DE429B2E6F0BADA72AA98EF8B
C:\WINDOWS\System32\drivers\pci.sys 9BF965EE361849567DB1664BEDFA9569
C:\WINDOWS\System32\drivers\pciide.sys E5AF806815ED797086629741F29E4156
C:\WINDOWS\System32\drivers\pcmcia.sys 2A631D447B988AFBE847CBAA8E5CC298
C:\WINDOWS\System32\drivers\pcw.sys ACD510CF2B631A2D36B2CFB7D31E22FD
C:\WINDOWS\System32\drivers\pdc.sys 1796112EB89559910BC18865A29C8894
C:\WINDOWS\System32\drivers\peauth.sys F21127EDE5D72090A1B029AFF4AFFD17
C:\WINDOWS\System32\drivers\percsas2i.sys 35FD028E4323018202C0B7D115FD3AEF
C:\WINDOWS\System32\drivers\percsas3i.sys F9F3D8BE9BC9241CC726197261362AC4
C:\WINDOWS\System32\drivers\pmem.sys 36D43EA5517F3F4AAAC8EE061C957EF1
C:\WINDOWS\System32\drivers\pnpmem.sys 59048555B59FD69287CFAB6022B5CC86
C:\WINDOWS\System32\drivers\raspptp.sys AACA74DEF7BE3DED322411787494878B
C:\WINDOWS\System32\drivers\processr.sys B1111C47F128C946BDC87A18E44007EB
C:\WINDOWS\System32\drivers\pacer.sys 5818FE76C3C6AE0CA723EBE483BF447F
C:\WINDOWS\system32\drivers\qwavedrv.sys 16F9A6B593B52EB18F7ECB9D251BDF7A
C:\WINDOWS\System32\DRIVERS\ramdisk.sys 13600C467512147E99052806F2C1307A
C:\WINDOWS\System32\DRIVERS\rasacd.sys F57D1DE0C9522BCD590A69D044641B5A
C:\WINDOWS\System32\drivers\AgileVpn.sys ED0EE10911C16AD8B21B9003C90E968F
C:\WINDOWS\System32\drivers\rasl2tp.sys E0220BB6580D34001D4D1D133052DAA4
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 12EE1D92F4E5FAE4B6F65195A2016CE5
C:\WINDOWS\System32\drivers\rassstp.sys 91CE469015979E5B3C3DBC2C41A476E8
C:\WINDOWS\System32\DRIVERS\rdbss.sys 4525664EFB5EB71D4B155405F78D93DB
C:\WINDOWS\System32\drivers\rdpbus.sys 8A5285B38A203D15110E142DE68406DD
C:\WINDOWS\System32\drivers\rdpdr.sys DF83769C92527DB50653F8FB57D001FF
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 4D1A63ACEC42A88E52AFC4E84A8CE9EE
C:\WINDOWS\System32\drivers\rdyboost.sys 12AF835862F2B6B2FB9DEA8BA2288587
C:\Windows\System32\Drivers\ReFS.sys FB0577F6BC9E07549CEACF5224327499
C:\Windows\System32\Drivers\ReFSv1.sys 4136BCA61BCDCC79DCE145F9CB639CD6
C:\WINDOWS\System32\drivers\rfcomm.sys 5BF7698021DB13B55753FD921BEBE318
C:\WINDOWS\System32\drivers\rhproxy.sys BBC228CA2F96B784B01FE7F1C5E3CFBB
C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys CA864D504A5E56AF84A491B4AA1F8A98
C:\WINDOWS\System32\drivers\rspndr.sys 27B80E5766B114621980F82FB78E912A
C:\WINDOWS\System32\drivers\vms3cap.sys F0FA6B67B16EEFDEF8E8AFAD47A4F9B8
C:\WINDOWS\System32\drivers\sbp2port.sys 324FA3C337EB54B43448F7B08444DC8D
C:\WINDOWS\System32\DRIVERS\scfilter.sys 62A33CE69DB508BCEC63F4D3BFF400CE
C:\WINDOWS\System32\drivers\scmbus.sys 7B057373146CC4E5A1F1DA665EA55DC7
C:\WINDOWS\System32\drivers\sdbus.sys 0FB6CCFA52FE5AD0B8D86E8AB370EF34
C:\WINDOWS\System32\drivers\SDFRd.sys 6D3853838864886B4F10B074282772E0
C:\WINDOWS\System32\drivers\sdstor.sys C289832A3174DC9D393C7603C511DF79
C:\WINDOWS\System32\drivers\SerCx.sys 75A27472AFD009255DBDE52038E3BDB5
C:\WINDOWS\System32\drivers\SerCx2.sys 84005F54308109A022413D628E966412
C:\WINDOWS\System32\drivers\serenum.sys 40384793F74CFFA45BCC38DF65E978EC
C:\WINDOWS\System32\drivers\serial.sys 699470AD24D67908991A777716A352FD
C:\WINDOWS\System32\drivers\sermouse.sys 92453F065F52A8EF0328A926B2C9502F
C:\WINDOWS\System32\drivers\sfloppy.sys 1D8920C40F19B5FBA5F4897779840AD1
C:\WINDOWS\System32\drivers\SiSRaid2.sys A871F9CC9CF388DC7193D22EF8D8C8DF
C:\WINDOWS\System32\drivers\sisraid4.sys D30FC341550CC364880950152AE8B1C5
C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys 0AB5FBC526DC0CBE9033CE78284C7201
C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys ADFE78C4F1A328EC5BEC6EB4BC41EF06
C:\WINDOWS\System32\drivers\spaceport.sys B2ABF0F8A49752B5CD9DEE2EADF7416A
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys CCECE7E96B4F7B0E9F0FC82F6DADA917
C:\WINDOWS\System32\drivers\SpbCx.sys 545507AF670BC88B89200A118513ED9A
C:\WINDOWS\System32\DRIVERS\srv2.sys 41181D890542EB0E8D9822F73F9FD5D7
C:\WINDOWS\System32\DRIVERS\srvnet.sys 43480B3EE4D23F5AA8EE7C6D83B09487
C:\WINDOWS\System32\drivers\stexstor.sys 162A805E13B3C0DD06AE8B6FC1900156
C:\WINDOWS\System32\drivers\storahci.sys DD1F00B80DDD12252B7B228ABCE181A9
C:\WINDOWS\System32\drivers\vmstorfl.sys A12CFAAA0F113A25D8CEFE58B1CBB207
C:\WINDOWS\System32\drivers\stornvme.sys B6F8D1FA73F6E102AEA60D2BBD1DDF78
C:\WINDOWS\System32\drivers\storqosflt.sys 57377953F5688158054BC8CB5A243115
C:\WINDOWS\System32\drivers\storufs.sys B59D29E535AF7E82717C2AD2C57EEC67
C:\WINDOWS\System32\drivers\storvsc.sys 9B431079624306B5659B3B7208A71C75
C:\WINDOWS\System32\drivers\swenum.sys 027B27E4B9DB3931D64159B81BD915A0
C:\WINDOWS\System32\drivers\Synth3dVsc.sys AB15F9FDCD11D5283891BC956E8C5C95
C:\WINDOWS\System32\drivers\SynTP.sys 347F4B8DC1CAA234474AE79BF5207E2B
C:\WINDOWS\System32\drivers\tcpip.sys 9900BD38D592CF4EE6F2EAE3847A24D8
C:\WINDOWS\System32\drivers\tcpip.sys 9900BD38D592CF4EE6F2EAE3847A24D8
C:\WINDOWS\System32\drivers\tcpipreg.sys 74A1BF4093FA7B7D6C9366A39911A78E
C:\WINDOWS\system32\DRIVERS\tdx.sys 571D82ABAC428D902ACA0CF60373C039
C:\WINDOWS\System32\drivers\terminpt.sys B4B68E1DB59456419D9E49645729502A
C:\WINDOWS\System32\drivers\tpm.sys 1658D060057C85DEC82BFCB018C4C22F
C:\WINDOWS\System32\drivers\tsusbflt.sys 8D811209E34358EAD3FD8E40F657E59C
C:\WINDOWS\System32\drivers\TsUsbGD.sys 68DE1735FB020AE8948BD7B60F2EBD3B
C:\WINDOWS\System32\drivers\tunnel.sys ACD39B0E5CFDA7B1AB7DF33FC5CC0E46
C:\WINDOWS\System32\drivers\TXEIx64.sys 2CC59847A4E1B1829114C2607BA38794
C:\WINDOWS\System32\drivers\uaspstor.sys 04FC2C7F73AE58BF0DD674164E28A6DF
C:\WINDOWS\System32\Drivers\UcmCx.sys E437FC4B1833F6B745184F78C4921FB8
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 950A3E42167904CAB9AA64863C31CEB5
C:\WINDOWS\System32\drivers\UcmUcsi.sys 149CBBB74DFC3E52F242029A27B0F8EB
C:\WINDOWS\System32\drivers\ucx01000.sys E6E91B3980A495D2A9D28A09580EA993
C:\WINDOWS\System32\drivers\udecx.sys DACA289DFFA7658C04FEF6DCFA2AA9CE
C:\WINDOWS\System32\DRIVERS\udfs.sys 12383D410AEF99AD6979A8EFD3D61888
C:\WINDOWS\System32\drivers\UEFI.sys AB7FE51D818B6059C2F56FA62268CCAC
C:\WINDOWS\System32\drivers\ufx01000.sys 58447F28E697A93521DD20530A8D50ED
C:\WINDOWS\System32\drivers\UfxChipidea.sys 69ED2D00A7787D9D84E6C90CE0B02B2D
C:\WINDOWS\System32\drivers\ufxsynopsys.sys F061EC57330FBC597A4E7298BE667780
C:\WINDOWS\System32\drivers\umbus.sys D40BCED160D332005AF612E1228825E6
C:\WINDOWS\System32\drivers\umpass.sys 64CF24D7B1FA4975C52A31BF4C82EB73
C:\WINDOWS\System32\drivers\urschipidea.sys ACE4C3B4C7D17B154FFC5BBE5F7A9835
C:\WINDOWS\System32\drivers\urscx01000.sys ECE40EB976A5ACB366808AECF6B235BA
C:\WINDOWS\System32\drivers\urssynopsys.sys EB738F830D3E7EA62A218F101EF91FD4
C:\WINDOWS\System32\drivers\usbccgp.sys B43E28E5CF868517EEC0923AB2BC366B
C:\WINDOWS\System32\drivers\usbcir.sys 1080D80B5F6D249F23BAE1C0C36233A4
C:\WINDOWS\System32\drivers\usbehci.sys EE162DA2C92026A5B96ED89737975AA8
C:\WINDOWS\System32\drivers\usbhub.sys C27FEE9758E3BEDE4D48B5EDBE1122CF
C:\WINDOWS\System32\drivers\UsbHub3.sys 4FA9C956E569D0D380C2859542361780
C:\WINDOWS\System32\drivers\usbohci.sys 44B954306BB2B311E070EDA276FECAB1
C:\WINDOWS\System32\drivers\usbprint.sys EEF26F9034F0608B93D4D239534BB0BA
C:\WINDOWS\System32\drivers\usbser.sys 913CFF365DB1803525DBD2AA8B8188B4
C:\WINDOWS\System32\drivers\USBSTOR.SYS 441CAE778B6A1FF6E618E37814A7A52A
C:\WINDOWS\System32\drivers\usbuhci.sys 2D6BB2157B37B2D9DABF8C218F2A805B
C:\WINDOWS\System32\Drivers\usbvideo.sys 68788AE61B2E6A7D97CAD73B632F5BF5
C:\WINDOWS\System32\drivers\USBXHCI.SYS 41E5A6188180DC72BCECA999ED2532D4
C:\WINDOWS\System32\drivers\vdrvroot.sys C77C537077822D8EA529AD4EBFD971D6
C:\WINDOWS\System32\drivers\VerifierExt.sys 9D4EEE333603F3675685F644053499D5
C:\WINDOWS\System32\drivers\vhdmp.sys 9240C24121E3A581F8BC198413AEA06E
C:\WINDOWS\System32\drivers\vhf.sys E10FEBB566E1F0A3936AB304F338637E
C:\WINDOWS\System32\drivers\vmbus.sys 079B4378614A40A308F9C721A50C7B87
C:\WINDOWS\System32\drivers\VMBusHID.sys DC9E0600B356258E31403789119C78A9
C:\WINDOWS\System32\drivers\vmgid.sys B24F74B2710B66F647419697BDB9E163
C:\WINDOWS\System32\drivers\vnvdimm.sys D81F6B790519A60F3D1788B45D04B749
C:\WINDOWS\System32\drivers\volmgr.sys C9052650BBF2124CD525A26D5C2A6671
C:\WINDOWS\System32\drivers\volmgrx.sys 6D6CACED512C1EF1FEAC215E37E3A9BC
C:\WINDOWS\System32\drivers\volsnap.sys 5B27846CF4B1C21AFB3A35A8336BA02F
C:\WINDOWS\System32\drivers\volume.sys 72A95A844D6BAF2924A4C15BEDFD6BCA
C:\WINDOWS\System32\drivers\vpci.sys 702273C7C1BE9D366BAF1305D382F03C
C:\WINDOWS\System32\drivers\vsmraid.sys 075CE3C9E77D2666AFA888951E5F07A9
C:\WINDOWS\System32\drivers\vstxraid.sys 26D00E85BE4726B114335250FCDEDA89
C:\WINDOWS\System32\drivers\vwifibus.sys 3DFDB573E4D49EA8F416B573525B7A86
C:\WINDOWS\System32\drivers\vwififlt.sys A40FA64655AB5B8773A96A821616C5FC
C:\WINDOWS\System32\drivers\vwifimp.sys 0D34F98DBDF09D239533AC345C360F03
C:\WINDOWS\System32\drivers\wacompen.sys 5B5430522E0BDF2A753D758710BE7C5E
C:\WINDOWS\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\WINDOWS\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\WINDOWS\system32\drivers\wcifs.sys 520E4FD6B5BF5349DD1499F2AEFB7C50
C:\WINDOWS\system32\drivers\wcnfs.sys 9DE3FDFF295F2534DF0A8B6FC4F06355
C:\WINDOWS\System32\drivers\WdBoot.sys 6FD8F1FBED780A7F3DF329C834E52AC5
C:\WINDOWS\System32\drivers\Wdf01000.sys FCC960498E3CD899F0A429F7CF9E77AD
C:\WINDOWS\System32\drivers\WdFilter.sys 7D182F0F227FC141C5D2085175BE05F6
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 2D50C46EFE924BC24F63A45D2DB1AA3A
C:\WINDOWS\System32\Drivers\WdNisDrv.sys 0D38C257A7B34A818726BA2F323B196E
C:\WINDOWS\System32\drivers\wdnsfltr.sys DF58AA71FBA55E15F572C93447696DEC
C:\WINDOWS\System32\drivers\wfplwfs.sys 8E101DF42D36E04EC610581BA478B38F
C:\WINDOWS\System32\drivers\wimmount.sys C8D3FC38426E990E2787771678B19C6D
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys 0484B0D01EA6F7017519EBDDBADE759D
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 813EE0F4D4B8D599DB1968682D080732
C:\WINDOWS\System32\drivers\winmad.sys E23475E9150E6A50B12DB176EA5CDD56
C:\WINDOWS\System32\drivers\winnat.sys EABEF39BBEEDB3845C36893931DADCD1
C:\WINDOWS\System32\drivers\WinUSB.SYS E92F3539C4758F6A9F4B80CBAC75B3E6
C:\WINDOWS\System32\drivers\winverbs.sys 59126AFCC64270747B5CC9B44A4A48F4
C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys 569FB3D619213F226CBB60F9CB8FE1BD
C:\WINDOWS\System32\drivers\wmiacpi.sys E8C793ED028E132771988760819E3754
C:\Windows\System32\Drivers\Wof.sys 8D6E6F6C233AF450C50FA615530B44D2
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 9EAE1EF282864674355B4B81DF6AE935
C:\WINDOWS\system32\drivers\ws2ifsl.sys 367B3ED0C688AFE28C376B0230814567
C:\WINDOWS\System32\drivers\WudfPf.sys BD5E68B369DF3453A0A87663C6C5476D
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\System32\drivers\xboxgip.sys 2244A4CEFE8F9C74091369ACE2E9EBC6
C:\WINDOWS\System32\drivers\xinputhid.sys 4A91B49C6B1E41151D47CB919ADF013A

#9 SomeTiredPerson

SomeTiredPerson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 22 January 2018 - 05:38 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by pp (22-01-2018 13:43:40)
Running from C:\Users\pp\Desktop
Windows 10 Home Version 1709 16299.192 (X64) (2018-01-21 18:31:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3542715463-485064358-3187586401-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3542715463-485064358-3187586401-503 - Limited - Disabled)
Guest (S-1-5-21-3542715463-485064358-3187586401-501 - Limited - Enabled)
pp (S-1-5-21-3542715463-485064358-3187586401-1001 - Administrator - Enabled) => C:\Users\pp
WDAGUtilityAccount (S-1-5-21-3542715463-485064358-3187586401-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.29092 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8295 - Realtek Semiconductor Corp.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3542715463-485064358-3187586401-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\pp\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3542715463-485064358-3187586401-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\pp\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3542715463-485064358-3187586401-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\pp\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {718189C6-6925-4756-AE67-80D2D73C739E} - System32\Tasks\S-1-5-21-3542715463-485064358-3187586401-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {7D527D1A-0942-47C0-BB18-D11004D5AD35} - System32\Tasks\RtHDVBg_Session => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-11-09] (Realtek Semiconductor)
Task: {BD7F36FA-EBD4-4ED7-94EF-31AC5F4DA65D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2017-11-09] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-01-16 13:59 - 2017-11-26 04:23 - 011044864 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-01-16 13:59 - 2017-11-26 04:01 - 001804288 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-22 05:25 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-29 06:43 - 2017-09-29 06:43 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-29 06:43 - 2017-09-29 06:43 - 010628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-09-29 06:43 - 2017-09-29 06:43 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-09-29 06:43 - 2017-09-29 06:43 - 000766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-01-21 09:58 - 2018-01-21 09:55 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3542715463-485064358-3187586401-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3542715463-485064358-3187586401-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{68F56392-D39D-4E95-A6D6-6026BF6608BB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{01C4FF4A-B125-4EEF-AA7B-2EAC9BD1A39E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

22-01-2018 08:46:26 ok?

==================== Faulty Device Manager Devices =============

Name: Intel® Wireless Bluetooth®
Description: Intel® Wireless Bluetooth®
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Wi-Fi Direct Virtual Adapter
Description: Microsoft Wi-Fi Direct Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2018 09:06:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmc.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 620

Start Time: 01d393a106a60380

Termination Time: 4294967295

Application Path: C:\Windows\System32\mmc.exe

Report Id: 026ec656-7012-4654-8d7c-e5b21e8a6b3e

Faulting package full name:

Faulting package-relative application ID:

Error: (01/22/2018 04:18:22 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8db63db6-4f8f-46d6-a448-66444faaaa72;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (01/21/2018 11:50:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8db63db6-4f8f-46d6-a448-66444faaaa72;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/21/2018 11:47:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 10.0.16299.15, time stamp: 0x5098c662
Faulting module name: ntdll.dll, version: 10.0.16299.192, time stamp: 0x6dead514
Exception code: 0xc0000409
Fault offset: 0x0000000000090d8f
Faulting process id: 0x1fd8
Faulting application start time: 0x01d392e92e26e55a
Faulting application path: C:\WINDOWS\system32\mmc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: cc4c2bac-4e46-4373-b8c2-4e488837294e
Faulting package full name:
Faulting package-relative application ID:

Error: (01/21/2018 10:44:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.16299.15, time stamp: 0x7640753d
Faulting module name: CoreUIComponents.dll, version: 10.0.16299.15, time stamp: 0x35d247d6
Exception code: 0xc0000005
Fault offset: 0x000000000008e1f4
Faulting process id: 0x994
Faulting application start time: 0x01d392e6e971df05
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
Report Id: 0a6e3cfd-2fc6-4a1e-8211-43a05d3c2f37
Faulting package full name: windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (01/21/2018 10:36:13 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (592,P,0) TILEREPOSITORYS-1-5-21-3542715463-485064358-3187586401-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (01/22/2018 04:21:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/22/2018 04:18:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/22/2018 04:18:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 11:49:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 11:49:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 10:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 10:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 10:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 10:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/21/2018 10:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU N3060 @ 1.60GHz
Percentage of memory in use: 49%
Total physical RAM: 4001.58 MB
Available physical RAM: 2024.33 MB
Total Virtual: 5409.58 MB
Available Virtual: 2821.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:28.52 GB) (Free:12.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 29.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


Users shortcut scan result (x64) Version: 21.01.2018
Ran by pp (22-01-2018 13:43:57)
Running from C:\Users\pp\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\pp\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\pp\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\pp\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\pp\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\pp\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\pp ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\Links\Desktop.lnk -> C:\Users\pp\Desktop ()
Shortcut: C:\Users\pp\Links\Downloads.lnk -> C:\Users\pp\Downloads ()
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) -> /LAUNCH_BY_STARTMENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe () -> /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\pp\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\pp\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\Users\pp\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

==================== End of Shortcut.txt =============================

#10 SomeTiredPerson

SomeTiredPerson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 22 January 2018 - 05:52 PM

Sorry about the formatting. I am trying to do all of this from a phone and I didn't like the whitelist before. To note, I should not be on any actively controlled domain. I also have never used ANY cloud storage or any remote to local programs. Whatever is doing this eventually shoves me into a group policy hell hole. Most if not all the crt are imported via a safe search DNS in Boulder CO. Yes I do have their information.

I have never used any virtualized hardware. How is it that these system accounts are signing in locally and calling for RPC?

I never used any encryption or moved any files to locations on any network.

I can't think of anything else as of right this minute, so if you have any questions please let me know. I am all ears.

Thank you all so much for your time and have a great day.

#11 SomeTiredPerson

SomeTiredPerson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 22 January 2018 - 09:05 PM

Group Policy User Restrictions.. This laptop is Home Edition. What now? I dare fire up main rig? Am I doing something wrong? Is that why nobody helping?

#12 SomeTiredPerson

SomeTiredPerson
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 24 January 2018 - 09:57 AM

Since you are probably following this, I wasn't amused guys. Two weeks! Well I am going to walk away and take further steps to plug up this network. I will not explain how you did it, because I am sure that you would just love that. You had your laugh. I am still not laughing. Close this topic whenever you want mods. Money isn't issue. Its the time. Wasn't a learning experience.

 

Here is one for you. Crime and Punishment - Dostoevsky have a read.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:55 PM

Posted 24 January 2018 - 10:24 AM

Greetings.

If you want the topic closed I will be happy to do that. If you still want assistance please run a fresh FRST scan, leave the default settings, agree to withhold the type of commenting toward the volunteers here at BleepingComputer as you posted this morning, and I would be happy to try to assist. Do not run or post anything except that which is requested.

Let me know what you decide.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:55 PM

Posted 26 January 2018 - 10:03 AM

Since you have viewed this topic after I posted and have not responded I will assume you would rather not continue with this topic.

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Edited by Oh My!, 26 January 2018 - 10:04 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users