Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

resource is in use-. svcmax-


  • This topic is locked This topic is locked
21 replies to this topic

#1 iverson3ai1

iverson3ai1

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 11 April 2018 - 02:17 PM

I get resource in use when using malware, adware cleaner, rkill and etc and even the recommend programs to clean malware. I cant even do a clean install of windows tells me resource is in use.  when I had these issues I was able to run those programs but for some reason now I cant. i ran roguekiller not sure how much it helped. 

 

 I also was able to do a rkill scan at one point and I have attached the log. also attached is the addition log for farbar. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by samira (administrator) on LAPTOP-PNLQ6NVK (11-04-2018 12:53:32)
Running from C:\Users\samira\Desktop
Loaded Profiles: samira (Available Profiles: samira)
Platform: Windows 10 Home Version 1607 14393.2125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Users\samira\AppData\Local\ntuserlitelist\dataup\dataup.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Windows\System32\tprdpw64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Postimage\postimage.exe
(Gadwin Systems) C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
() C:\Program Files (x86)\DFX\DFX.exe
() C:\Users\samira\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Syncios\androidnotifier.exe
() C:\Program Files (x86)\Syncios\adb.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Users\samira\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\samira\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\UpdateAssistant\UpdateAssistant.exe
() C:\Users\samira\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\samira\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.9126.2116\OfficeClickToRun.exe
() C:\Users\samira\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-24] (TOSHIBA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1328632 2015-12-04] ()
HKLM-x32\...\Run: [cpx] => "C:\Users\samira\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\samira\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [914432 2017-09-18] () <==== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [1910424 2017-10-29] ()
HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\...\Run: [Yahoo Messenger Updater] => C:\Users\samira\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115144 2016-08-19] (Yahoo!, Inc.)
HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\...\Run: [Postimage] => C:\Program Files (x86)\Postimage\postimage.exe [16306936 2013-07-21] ()
HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14439584 2014-10-15] (Gadwin Systems)
HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\...\MountPoints2: {d9d40ce4-db14-11e5-9be2-b88687af4808} - "E:\FIBPGuard.exe" 
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-05-10]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-05-10]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-05-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{26816337-827f-4445-b41a-5b79589618c3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{68ad80f6-0380-49cf-b82c-33fbada1d378}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{db68e767-767a-438d-a5be-f8c5b4f56eb5}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131400497315962051&GUID=7B8EBBD7-0BFE-4708-8B4A-2F04673F2CCA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131400497316073129&GUID=7B8EBBD7-0BFE-4708-8B4A-2F04673F2CCA
HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131411840087606516&GUID=7B8EBBD7-0BFE-4708-8B4A-2F04673F2CCA
SearchScopes: HKLM -> DefaultScope {B1D146DE-F381-4FF4-89CC-1F759B7B6C26} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {B1D146DE-F381-4FF4-89CC-1F759B7B6C26} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-05] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-05] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-11-13] (Belarc, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: ajyr5t44.default
FF ProfilePath: C:\Users\samira\AppData\Roaming\Mozilla\Firefox\Profiles\ajyr5t44.default [2018-04-11]
FF Extension: (rarchive) - C:\Users\samira\AppData\Roaming\Mozilla\Firefox\Profiles\ajyr5t44.default\Extensions\jid1-AusxzKACE9lLYQ@jetpack.xpi [2018-04-03] [Legacy]
FF Extension: (Photobucket Uploader) - C:\Users\samira\AppData\Roaming\Mozilla\Firefox\Profiles\ajyr5t44.default\Extensions\pbupload@photobucket.com.xpi [2016-03-10] [Legacy]
FF Extension: (Bulk Image Downloader) - C:\Users\samira\AppData\Roaming\Mozilla\Firefox\Profiles\ajyr5t44.default\Extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi [2016-03-18] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - 49023552\extensions\{jid1-vS7biDmom8YxhA@jetpack} => not found
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker => not found
FF HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox => not found
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-05] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-13] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxp://www.msn.com/","hxxps://search.yahoo.com/?type=953296&fr=yo-yhp-ch","hxxps://search.yahoo.com/?type=502468&fr=yo-yhp-ch"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: Default -> clock
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default [2018-04-11]
CHR Extension: (Slides) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-11]
CHR Extension: (Unofficial SmugMug extension for Chrome) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\acobflahofemoblocddilbgnokclnphd [2017-08-16]
CHR Extension: (I'm a Gentleman) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjaicccalbbickikgdegaihmajaidpd [2018-03-13]
CHR Extension: (Hotel Finder Extension - Best Hotel Deals) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\akldfbopmnooeckddkpknelejebkkdmn [2017-08-24]
CHR Extension: (Pokémon Quick Search) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\alddianiohkkfeccehnfhhjkecgnklnk [2016-12-15]
CHR Extension: (Video Downloader For Facebook) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobeeghhhohhefmlmbpmkcdndgebpfkf [2018-02-03]
CHR Extension: (Docs) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-11]
CHR Extension: (PriceBlink Coupons and Price Comparison) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2018-04-11]
CHR Extension: (Google Drive) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-10]
CHR Extension: (Stop Gif) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhafmmkaabjpkioljjlefoafmgaefdhh [2017-09-08]
CHR Extension: (YouTube) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-11]
CHR Extension: (Honey) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-04-11]
CHR Extension: (Expedia Member Only Deals) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfbpcgmafclgfmpoelldpmiolgblgbel [2017-08-08]
CHR Extension: (Friends Tracker) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnghoedoaldbfgcfjhmflaihgjnpoing [2018-01-27]
CHR Extension: (Adobe Acrobat) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (CopyFlickr) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpjbhchaakkfmhkmclejpeeigahhhlj [2017-08-06]
CHR Extension: (Picture Downloader Professional) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\eodejnpnekkneapkicljnillpeodnlak [2017-08-04]
CHR Extension: (Sheets) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-11]
CHR Extension: (Imgur Enhancement Suite) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommlafmebfpgefpkddhdfnlcdelacnm [2017-12-21]
CHR Extension: (Imgur Viewer) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\fonhhggcblkogdhakpmdihmmhgigdbdn [2018-03-08]
CHR Extension: (Flickr Downloadr) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmonoglnknhfnfgeopdjmhpilpejedj [2017-08-06]
CHR Extension: (Download Imgur Image or Video) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagbkbelhjabcheeplkkffnnghgpjkaf [2017-09-01]
CHR Extension: (Pricescout - Price Comparison & Coupons) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkjddnnlgmahpnjjkiolhoophlpibfn [2018-04-10]
CHR Extension: (Google Docs Offline) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Bookmark Manager) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-01-30]
CHR Extension: (Upload to Imgur - Right-click Imgur Uploader) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmpmjpekinnebjgnakcahjikbomnmlb [2017-08-30]
CHR Extension: (GPSWOX) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhgacgegdeciiindmnafdgpcppkoinpc [2017-10-14]
CHR Extension: (Imgur Gallery Downloader) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcjdhcncfdmmbfgpcbiggpgdplcofe [2017-08-30]
CHR Extension: (Cool Clock) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce [2018-03-08]
CHR Extension: (GPSLive GPS Tracking) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhlfpchfnmopddhgleijohcnjofobcg [2017-10-14]
CHR Extension: (Patr - Pats Flickr App) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplbmjolljikncjboeofgmjoaacheemi [2017-09-07]
CHR Extension: (VK gif autoplay) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlimlkjiamjlioaahgfjpgfnpfojfeid [2017-09-08]
CHR Extension: (Photobucket Album Downloader (Unlimit)) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmpbbfglflhdhbmimlcacoojpkeopelc [2017-11-07]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2018-03-24]
CHR Extension: (Imgur Album Horizontal Layout) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\kciiodahdkibgaahfdembjcegfmjoajn [2017-12-21]
CHR Extension: (Photobucket Hotlink Fix) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegnjbncdcliihbemealioapbifiaedg [2018-03-13]
CHR Extension: (Cently (Coupons at Checkout)) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2018-04-11]
CHR Extension: (One-Handed Image Downloader) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\keomfdkndnlioinbbbpeebongahgdgid [2016-01-10]
CHR Extension: (Popup Blocker Pro) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2018-04-08]
CHR Extension: (Googulator) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lchmgljjkaeadokijkhefbhpfbihhhda [2016-05-04]
CHR Extension: (Youtube Video Downloader) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldejniigjdlcbgakmhpebfffiapojdlp [2016-10-27]
CHR Extension: (Album & Photo Manager For Facebook) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2018-01-26]
CHR Extension: (Bookmark Checker) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnboppjpcdnckcklbmjmdahfkpmgglec [2017-06-25]
CHR Extension: (Flickr Photos Download) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lololjlfmciepidndppdjdkfgamdgfnj [2017-09-07]
CHR Extension: (Download Master) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2016-04-21]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcdpnidfhfjfbafmpppcplcejgepadbo [2018-02-03]
CHR Extension: (Play the GIF) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchecalpedamcfhiadokofgomojakmki [2017-09-08]
CHR Extension: (photobucket embed fix) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\naolkcpnnlofnnghnmfegnfnflicjjgj [2017-08-02]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-08-01]
CHR Extension: (Simple Image Viewer) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nigbplciepfdgfkgcglbkfieeopfjdil [2017-09-01]
CHR Extension: (SmugMugBrowser) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\njogfnamclfbaahhgpnamofgdjohbika [2017-08-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (imgur-folders) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\obegpbiegfmmdngbdclddnimilobhhop [2017-09-01]
CHR Extension: (Adblock Pro) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2017-11-13]
CHR Extension: (ManyContacts) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogdomlklpjpgjbognhdikbjnneaebdne [2017-05-14]
CHR Extension: (Recent Bookmarks) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\olndffocioplakeilhkgenfgdincjlpn [2017-07-02]
CHR Extension: (Flickr Snipr) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\omifiilgfoigpbeogjpmmdlionapemie [2017-08-06]
CHR Extension: (Gmail) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-11]
CHR Extension: (Chrome Media Router) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-24]
CHR Extension: (History Trends Unlimited) - C:\Users\samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmchffiealhkdloeffcdnbgdnedheme [2018-04-05]
CHR HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"drmkpro64" => service could not be unlocked. <==== ATTENTION
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-03-05] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe [108248 2015-03-18] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761608 2017-09-08] (Microsoft Corporation)
R2 Dataup; C:\Users\samira\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-05-13] (SurfRight B.V.)
R2 osrss; C:\WINDOWS\system32\osrss.dll [108584 2018-01-09] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [60432 2015-12-27] (Advanced Micro Devices, Inc.)
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-08] (Microsoft Corporation)
S2 GamesAppIntegrationService; no ImagePath
S2 windowsmanagementservice; C:\Users\samira\AppData\Local\gsbgiw\ct.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101104 2015-12-27] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [277240 2015-12-27] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows ® Win 7 DDK provider)
S1 MpKslea56fb0b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B600D6B6-364A-4113-91ED-FFC0CAFFAEE9}\MpKslea56fb0b.sys [44928 2017-09-16] () [File not signed]
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-16] (Realtek )
R3 RtkBtFilter2; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [65792 2015-12-27] (Realtek Microelectronics)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation )
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45720 2015-06-13] (Toshiba Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-04-11] ()
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [195936 2016-08-16] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-13] (Zemana Ltd.)
S1 bccrwpff; \??\C:\WINDOWS\system32\drivers\bccrwpff.sys [X]
R5 drmkpro64;  <==== ATTENTION: Locked Service <==== ATTENTION
S1 kqppwvfi; \??\C:\WINDOWS\system32\drivers\kqppwvfi.sys [X]
S1 nefggbbk; \??\C:\WINDOWS\system32\drivers\nefggbbk.sys [X]
S1 vuzaukjy; \??\C:\WINDOWS\system32\drivers\vuzaukjy.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
S1 zknbycqp; \??\C:\WINDOWS\system32\drivers\zknbycqp.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-11 12:46 - 2018-04-11 12:51 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\samira\Downloads\rkill.exe
2018-04-11 00:51 - 2018-04-11 12:52 - 000000036 _____ C:\WINDOWS\progress.ini
2018-04-10 17:08 - 2018-04-10 17:09 - 036606712 _____ (Adlice Software ) C:\Users\samira\Downloads\setup.exe
2018-04-10 17:00 - 2018-04-10 17:00 - 008222496 _____ (Malwarebytes) C:\Users\samira\Documents\AdwCleaner.exe
2018-04-10 16:53 - 2018-04-10 16:53 - 000000000 ____D C:\BIN64
2018-04-10 16:53 - 2018-04-10 16:53 - 000000000 ____D C:\bin32
2018-04-10 16:53 - 2018-04-09 14:08 - 001320128 _____ (Emsisoft Ltd) C:\start emergency kit scanner.exe
2018-04-10 16:53 - 2018-04-09 14:08 - 000468544 _____ (Emsisoft Ltd) C:\start commandline scanner.exe
2018-04-10 16:53 - 2015-12-09 08:23 - 000004314 _____ C:\readme.txt
2018-04-10 16:47 - 2018-04-10 16:50 - 324952232 _____ C:\Users\samira\Documents\EmsisoftEmergencyKit.exe
2018-04-08 15:18 - 2018-04-08 15:19 - 005800224 _____ (Enigma Software Group USA, LLC.) C:\Users\samira\Documents\SpyHunter-Installer.exe
2018-04-05 23:15 - 2018-04-11 12:58 - 000052287 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-04-05 23:07 - 2010-03-08 06:10 - 000013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
2018-04-05 22:06 - 2018-04-05 22:06 - 000376528 _____ (Microsoft Corporation) C:\Users\samira\Downloads\RefreshWindowsTool (1).exe
2018-04-05 22:06 - 2018-04-05 22:06 - 000000000 ____D C:\_491906_
2018-04-05 21:57 - 2018-04-05 21:57 - 000000000 ____D C:\$Windows.~WS
2018-04-05 20:35 - 2018-04-05 20:35 - 000376528 _____ (Microsoft Corporation) C:\Users\samira\Downloads\RefreshWindowsTool.exe
2018-04-05 20:35 - 2018-04-05 20:35 - 000000000 ____D C:\_269250_
2018-04-05 16:27 - 2018-04-05 16:55 - 000000000 ____D C:\Users\samira\AppData\Roaming\FreeFixer
2018-04-05 16:27 - 2018-04-05 16:27 - 000000000 ____D C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2018-04-05 16:27 - 2018-04-05 16:27 - 000000000 ____D C:\Users\samira\AppData\Local\FreeFixer
2018-04-05 16:27 - 2018-04-05 16:27 - 000000000 ____D C:\Program Files\FreeFixer
2018-04-05 16:26 - 2018-04-05 16:27 - 002736190 _____ (Kephyr) C:\Users\samira\Documents\freefixersetup.exe
2018-04-05 16:18 - 2018-04-05 16:20 - 000000000 ____D C:\ProgramData\SUPERSetup
2018-04-05 16:16 - 2018-04-05 16:18 - 032638224 _____ (SUPERAntiSpyware) C:\Users\samira\Documents\SUPERAntiSpywarePro.exe
2018-04-05 16:15 - 2018-04-05 16:15 - 000000000 ____D C:\MSI17517.tmp
2018-04-05 16:10 - 2018-04-05 16:10 - 000000000 ____D C:\MSI17513.tmp
2018-04-05 16:07 - 2018-04-05 16:07 - 002171200 _____ (Emsisoft Ltd) C:\Users\samira\Documents\EmsisoftAntiMalwareWebSetup.exe
2018-04-05 16:02 - 2018-04-05 16:02 - 000000000 ____D C:\Program Files (x86)\NoVirusThanks
2018-04-05 16:01 - 2018-04-05 16:01 - 000868560 _____ (NoVirusThanks Company Srl ) C:\Users\samira\Documents\zbot_remover_setup.exe
2018-04-05 15:57 - 2018-04-05 15:58 - 000178320 _____ (AVAST Software) C:\Users\samira\Documents\avast_free_antivirus_setup_online_cnet2.exe
2018-04-05 15:56 - 2018-04-05 15:56 - 000000000 ____D C:\MSI45600.tmp
2018-04-05 15:55 - 2018-04-05 15:55 - 000000000 ____D C:\MSI41379.tmp
2018-04-05 15:55 - 2017-01-12 21:15 - 005289984 _____ C:\Users\samira\Documents\msxml.msi
2018-04-05 15:36 - 2018-04-05 15:36 - 000004274 _____ C:\WINDOWS\System32\Tasks\TR_Updater
2018-04-05 15:36 - 2018-04-05 15:36 - 000004066 _____ C:\WINDOWS\System32\Tasks\TR_FastScan_Daily_samira
2018-04-05 15:36 - 2018-04-05 15:36 - 000003880 _____ C:\WINDOWS\System32\Tasks\TR_FastScan_AtLogon
2018-04-05 15:36 - 2018-04-05 15:36 - 000003790 _____ C:\WINDOWS\System32\Tasks\TR_AntiHijack
2018-04-05 15:36 - 2018-04-05 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2018-04-05 15:35 - 2018-04-05 15:35 - 010970704 _____ (Simply Super Software ) C:\Users\samira\Documents\trjsetup.exe
2018-04-03 20:07 - 2018-04-03 20:07 - 002403328 _____ (Farbar) C:\Users\samira\Desktop\FRST64.exe
2018-04-03 19:41 - 2018-04-03 19:42 - 014178840 _____ (Malwarebytes Corp.) C:\Users\samira\Documents\mbar-1.10.3.1001.exe
2018-03-30 19:20 - 2018-04-10 15:52 - 000000806 _____ C:\Users\samira\Desktop\Windows 10 Update Assistant.lnk
2018-03-30 18:51 - 2018-03-30 18:51 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-03-30 18:51 - 2018-03-30 18:51 - 000000000 ____D C:\MSIa9cf0.tmp
2018-03-30 18:50 - 2018-03-30 18:50 - 000000000 ____D C:\MSIa9cef.tmp
2018-03-27 18:36 - 2018-03-27 18:36 - 000000000 ____D C:\MSI52582.tmp
2018-03-27 18:35 - 2018-03-27 18:35 - 000000000 ____D C:\MSI52579.tmp
2018-03-24 01:10 - 2018-03-24 01:10 - 000008210 _____ C:\Users\samira\Downloads\5D42.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000014730 _____ C:\Users\samira\Downloads\343A.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000007361 _____ C:\Users\samira\Downloads\3B17.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000006649 _____ C:\Users\samira\Downloads\40B9.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000006385 _____ C:\Users\samira\Downloads\487D.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000006214 _____ C:\Users\samira\Downloads\3EB4.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000006177 _____ C:\Users\samira\Downloads\4782.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000004785 _____ C:\Users\samira\Downloads\3A99.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000004496 _____ C:\Users\samira\Downloads\4A73.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000003507 _____ C:\Users\samira\Downloads\3D6B.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000003287 _____ C:\Users\samira\Downloads\32F0.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000002506 _____ C:\Users\samira\Downloads\4A14.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000002428 _____ C:\Users\samira\Downloads\395F.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000002155 _____ C:\Users\samira\Downloads\3F61.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000002068 _____ C:\Users\samira\Downloads\4C4A.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001939 _____ C:\Users\samira\Downloads\3506.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001900 _____ C:\Users\samira\Downloads\4BCC.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001850 _____ C:\Users\samira\Downloads\4733.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001658 _____ C:\Users\samira\Downloads\3C60.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001631 _____ C:\Users\samira\Downloads\369E.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001352 _____ C:\Users\samira\Downloads\375B.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001301 _____ C:\Users\samira\Downloads\35E2.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000000555 _____ C:\Users\samira\Downloads\335E.tmp
2018-03-18 17:13 - 2018-03-06 02:10 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EOSNotify.exe
2018-03-17 17:33 - 2018-03-29 17:13 - 000064136 _____ C:\Users\samira\apr-easter2017mp-pi.html
2018-03-17 17:33 - 2018-03-25 19:27 - 000065150 _____ C:\Users\samira\apr-easter2017mp-pi.txt
2018-03-17 15:15 - 2018-03-02 05:07 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-17 15:15 - 2018-03-02 05:00 - 001859728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-03-17 15:15 - 2018-03-02 05:00 - 001293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-03-17 15:15 - 2018-03-02 04:59 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-03-17 15:15 - 2018-03-02 04:58 - 004260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-03-17 15:15 - 2018-03-02 04:57 - 022222944 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-17 15:15 - 2018-03-02 04:57 - 008175240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-17 15:15 - 2018-03-02 04:57 - 001477688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-17 15:15 - 2018-03-02 04:57 - 001454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-03-17 15:15 - 2018-03-02 04:57 - 001431696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-03-17 15:15 - 2018-03-02 04:57 - 001072240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-03-17 15:15 - 2018-03-02 04:51 - 002263832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-17 15:15 - 2018-03-02 04:49 - 002169848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-03-17 15:15 - 2018-03-02 04:48 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-03-17 15:15 - 2018-03-02 04:47 - 006674216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-17 15:15 - 2018-03-02 04:47 - 004023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-03-17 15:15 - 2018-03-02 04:47 - 001360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-03-17 15:15 - 2018-03-02 04:46 - 020969368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-17 15:15 - 2018-03-02 04:32 - 007627264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-03-17 15:15 - 2018-03-02 04:28 - 013879808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-03-17 15:15 - 2018-03-02 04:28 - 012350976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-03-17 15:15 - 2018-03-02 04:26 - 003307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-03-17 15:15 - 2018-03-02 04:25 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-03-17 15:15 - 2018-03-02 04:23 - 003778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-03-17 15:15 - 2018-03-02 04:21 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-17 15:15 - 2018-03-02 04:19 - 001908736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2018-03-17 15:15 - 2018-03-02 04:19 - 001078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-03-17 15:15 - 2018-03-02 04:18 - 001217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-03-17 15:15 - 2018-03-02 04:17 - 013443584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-03-17 15:15 - 2018-03-02 04:15 - 002483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-17 15:15 - 2018-03-02 04:14 - 002998784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-17 15:15 - 2018-03-02 04:14 - 000672256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2018-03-17 15:15 - 2018-03-02 04:14 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2018-03-17 15:15 - 2018-03-02 04:13 - 002359296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-17 15:15 - 2018-03-02 04:11 - 001369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2018-03-17 15:15 - 2018-03-02 04:11 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-03-17 15:15 - 2018-02-12 18:27 - 002529112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-03-17 15:15 - 2018-02-12 18:04 - 001544192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2018-03-17 15:15 - 2018-02-12 17:59 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2018-03-17 15:15 - 2018-02-12 17:50 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2018-03-17 15:15 - 2018-02-10 00:48 - 007216560 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-17 15:15 - 2018-02-10 00:46 - 001848576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-03-17 15:15 - 2018-02-10 00:30 - 005726408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-17 15:15 - 2018-02-10 00:28 - 001344440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-03-17 15:15 - 2018-02-10 00:02 - 001917440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2018-03-17 15:15 - 2018-02-10 00:01 - 001709568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2018-03-17 15:15 - 2018-02-10 00:00 - 001985024 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-03-17 15:15 - 2018-01-17 04:27 - 005691000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2018-03-17 15:15 - 2018-01-17 04:27 - 001341560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2018-03-17 15:15 - 2018-01-17 04:27 - 001049208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2018-03-17 15:15 - 2018-01-17 04:27 - 000934520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2018-03-17 15:15 - 2018-01-11 23:49 - 004756600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2018-03-17 15:15 - 2018-01-11 23:49 - 001007216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2018-03-17 15:15 - 2018-01-11 23:49 - 000854136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2018-03-17 15:15 - 2018-01-11 23:49 - 000694384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2018-03-17 15:15 - 2018-01-11 02:22 - 001261288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-03-17 15:15 - 2018-01-11 02:11 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-03-17 15:15 - 2018-01-01 01:09 - 000167840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-03-17 15:15 - 2018-01-01 00:38 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-03-17 15:15 - 2018-01-01 00:36 - 001512448 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-03-17 15:14 - 2018-03-02 05:10 - 000603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-03-17 15:14 - 2018-03-02 05:08 - 007812960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-17 15:14 - 2018-03-02 05:05 - 002681712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2018-03-17 15:14 - 2018-03-02 05:04 - 001177688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-17 15:14 - 2018-03-02 05:02 - 002761240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-17 15:14 - 2018-03-02 05:02 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-17 15:14 - 2018-03-02 05:01 - 002187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-17 15:14 - 2018-03-02 04:55 - 000387864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2018-03-17 15:14 - 2018-03-02 04:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-17 15:14 - 2018-03-02 04:25 - 018369024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-17 15:14 - 2018-03-02 04:24 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2018-03-17 15:14 - 2018-03-02 04:22 - 019416064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-17 15:14 - 2018-03-02 04:22 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2018-03-17 15:14 - 2018-03-02 04:21 - 001105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2018-03-17 15:14 - 2018-03-02 04:20 - 012201984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-17 15:14 - 2018-03-02 04:20 - 001790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2018-03-17 15:14 - 2018-03-02 04:19 - 008078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-03-17 15:14 - 2018-03-02 04:17 - 006066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-17 15:14 - 2018-03-02 04:16 - 013102080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-17 15:14 - 2018-03-02 04:16 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2018-03-17 15:14 - 2018-03-02 04:16 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2018-03-17 15:14 - 2018-03-02 04:16 - 000390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-03-17 15:14 - 2018-03-02 04:16 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-03-17 15:14 - 2018-03-02 04:16 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2018-03-17 15:14 - 2018-03-02 04:15 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-03-17 15:14 - 2018-03-02 04:14 - 008127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-17 15:14 - 2018-03-02 04:14 - 001388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2018-03-17 15:14 - 2018-03-02 04:14 - 000761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2018-03-17 15:14 - 2018-03-02 04:14 - 000558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-17 15:14 - 2018-03-02 04:14 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-03-17 15:14 - 2018-03-02 04:14 - 000437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2018-03-17 15:14 - 2018-03-02 04:13 - 001779200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-03-17 15:14 - 2018-03-02 04:12 - 004753408 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-17 15:14 - 2018-03-02 04:12 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2018-03-17 15:14 - 2018-03-02 04:12 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-03-17 15:14 - 2018-03-02 04:11 - 004476416 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2018-03-17 15:14 - 2018-03-02 04:11 - 004149760 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-17 15:14 - 2018-03-02 04:11 - 002896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-17 15:14 - 2018-03-02 04:11 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-03-17 15:14 - 2018-03-02 04:11 - 002097664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-03-17 15:14 - 2018-03-02 04:11 - 001636864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-03-17 15:14 - 2018-03-02 04:11 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-03-17 15:14 - 2018-03-02 04:11 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-03-17 15:14 - 2018-03-02 04:11 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2018-03-17 15:14 - 2018-03-02 04:10 - 001013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2018-03-17 15:14 - 2018-03-02 04:10 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-03-17 15:14 - 2018-02-12 18:30 - 000858456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2018-03-17 15:14 - 2018-02-12 17:48 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-03-17 15:14 - 2018-02-12 17:44 - 002820608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-03-17 15:14 - 2018-02-10 00:46 - 001277816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-03-17 15:14 - 2018-02-10 00:09 - 000712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-17 15:14 - 2018-02-10 00:03 - 001184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-03-17 15:14 - 2018-02-10 00:03 - 000441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2018-03-17 15:14 - 2018-02-10 00:00 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-03-17 15:14 - 2018-02-09 23:58 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2018-03-17 15:14 - 2018-01-01 00:47 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-03-17 15:14 - 2018-01-01 00:41 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-03-17 15:14 - 2018-01-01 00:40 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-03-17 15:14 - 2018-01-01 00:36 - 000944128 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-03-17 15:13 - 2018-03-02 04:53 - 005091840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-17 15:13 - 2018-03-02 04:28 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWGP.dll
2018-03-17 15:12 - 2018-03-02 04:49 - 000154424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpps.dll
2018-03-17 15:12 - 2018-03-02 04:35 - 005688832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-17 15:12 - 2018-03-02 04:30 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfp.dll
2018-03-17 15:12 - 2018-03-02 04:30 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-17 15:12 - 2018-03-02 04:29 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2018-03-17 15:12 - 2018-03-02 04:29 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-17 15:12 - 2018-03-02 04:28 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-17 15:12 - 2018-03-02 04:28 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2018-03-17 15:12 - 2018-03-02 04:27 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2018-03-17 15:12 - 2018-03-02 04:25 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2018-03-17 15:12 - 2018-03-02 04:24 - 007470080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-03-17 15:12 - 2018-03-02 04:24 - 001321984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-03-17 15:12 - 2018-03-02 04:22 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2018-03-17 15:12 - 2018-03-02 04:21 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2018-03-17 15:12 - 2018-03-02 04:21 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2018-03-17 15:12 - 2018-03-02 04:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vss_ps.dll
2018-03-17 15:12 - 2018-03-02 04:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-03-17 15:12 - 2018-03-02 04:17 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2018-03-17 15:12 - 2018-03-02 04:16 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2018-03-17 15:12 - 2018-03-02 04:16 - 002030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-03-17 15:12 - 2018-03-02 04:15 - 001601024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-03-17 15:12 - 2018-03-02 04:15 - 001509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-03-17 15:12 - 2018-03-02 04:15 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-03-17 15:12 - 2018-03-02 04:14 - 000709632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-03-17 15:12 - 2018-03-02 04:13 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2018-03-17 15:12 - 2018-02-12 18:20 - 000294952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2018-03-17 15:12 - 2018-02-12 18:04 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcbase.dll
2018-03-17 15:12 - 2018-02-12 18:03 - 002347008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2018-03-17 15:12 - 2018-02-12 18:02 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cic.dll
2018-03-17 15:12 - 2018-02-12 18:02 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcshext.dll
2018-03-17 15:12 - 2018-02-12 18:01 - 000554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-03-17 15:12 - 2018-02-12 17:58 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certenc.dll
2018-03-17 15:12 - 2018-02-12 17:55 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-03-17 15:12 - 2018-02-12 17:54 - 000303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-03-17 15:12 - 2018-02-12 17:54 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2018-03-17 15:12 - 2018-02-12 17:53 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-03-17 15:12 - 2018-02-12 17:51 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-03-17 15:12 - 2018-02-12 17:51 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2018-03-17 15:12 - 2018-02-12 17:50 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-03-17 15:12 - 2018-02-12 17:50 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-03-17 15:12 - 2018-02-10 00:29 - 000059936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-03-17 15:12 - 2018-02-10 00:09 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2018-03-17 15:12 - 2018-01-11 23:49 - 000066680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2018-03-17 15:12 - 2018-01-11 02:09 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-03-17 15:12 - 2018-01-11 02:07 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceCenter.dll
2018-03-17 15:12 - 2018-01-11 01:59 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netfxperf.dll
2018-03-17 15:12 - 2018-01-01 00:52 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2018-03-17 15:12 - 2018-01-01 00:52 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\traffic.dll
2018-03-17 15:12 - 2018-01-01 00:50 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2018-03-17 15:12 - 2018-01-01 00:50 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2018-03-17 15:12 - 2018-01-01 00:50 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2018-03-17 15:12 - 2018-01-01 00:50 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2018-03-17 15:12 - 2018-01-01 00:49 - 000152576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2018-03-17 15:12 - 2018-01-01 00:49 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2018-03-17 15:12 - 2018-01-01 00:49 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-03-17 15:12 - 2018-01-01 00:49 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2018-03-17 15:12 - 2018-01-01 00:48 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2018-03-17 15:12 - 2018-01-01 00:48 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2018-03-17 15:12 - 2018-01-01 00:48 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-03-17 15:12 - 2018-01-01 00:48 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2018-03-17 15:12 - 2018-01-01 00:48 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2018-03-17 15:12 - 2018-01-01 00:47 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2018-03-17 15:12 - 2018-01-01 00:46 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-03-17 15:12 - 2018-01-01 00:44 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdPnp.dll
2018-03-17 15:12 - 2018-01-01 00:42 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmiprop.dll
2018-03-17 15:12 - 2018-01-01 00:36 - 000885248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-03-17 15:11 - 2018-03-02 04:59 - 000791264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-17 15:11 - 2018-03-02 04:53 - 000263464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-03-17 15:11 - 2018-03-02 04:51 - 001504568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-03-17 15:11 - 2018-03-02 04:51 - 000975736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-03-17 15:11 - 2018-03-02 04:51 - 000861016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-03-17 15:11 - 2018-03-02 04:51 - 000781664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-03-17 15:11 - 2018-03-02 04:50 - 000272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-17 15:11 - 2018-03-02 04:49 - 000307304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2018-03-17 15:11 - 2018-03-02 04:31 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-03-17 15:11 - 2018-03-02 04:31 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2018-03-17 15:11 - 2018-03-02 04:30 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-03-17 15:11 - 2018-03-02 04:30 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2018-03-17 15:11 - 2018-03-02 04:30 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2018-03-17 15:11 - 2018-03-02 04:30 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2018-03-17 15:11 - 2018-03-02 04:30 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2018-03-17 15:11 - 2018-03-02 04:30 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2018-03-17 15:11 - 2018-03-02 04:29 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2018-03-17 15:11 - 2018-03-02 04:29 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2018-03-17 15:11 - 2018-03-02 04:29 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactActivation.dll
2018-03-17 15:11 - 2018-03-02 04:29 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2018-03-17 15:11 - 2018-03-02 04:28 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-03-17 15:11 - 2018-03-02 04:28 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2018-03-17 15:11 - 2018-03-02 04:28 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2018-03-17 15:11 - 2018-03-02 04:27 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2018-03-17 15:11 - 2018-03-02 04:27 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-03-17 15:11 - 2018-03-02 04:27 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2018-03-17 15:11 - 2018-03-02 04:27 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2018-03-17 15:11 - 2018-03-02 04:27 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2018-03-17 15:11 - 2018-03-02 04:27 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2018-03-17 15:11 - 2018-03-02 04:27 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2018-03-17 15:11 - 2018-03-02 04:27 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2018-03-17 15:11 - 2018-03-02 04:27 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-03-17 15:11 - 2018-03-02 04:26 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2018-03-17 15:11 - 2018-03-02 04:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-03-17 15:11 - 2018-03-02 04:26 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-03-17 15:11 - 2018-03-02 04:26 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2018-03-17 15:11 - 2018-03-02 04:26 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2018-03-17 15:11 - 2018-03-02 04:26 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2018-03-17 15:11 - 2018-03-02 04:26 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2018-03-17 15:11 - 2018-03-02 04:26 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2018-03-17 15:11 - 2018-03-02 04:26 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2018-03-17 15:11 - 2018-03-02 04:26 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2018-03-17 15:11 - 2018-03-02 04:25 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-17 15:11 - 2018-03-02 04:25 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2018-03-17 15:11 - 2018-03-02 04:25 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll
2018-03-17 15:11 - 2018-03-02 04:25 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-03-17 15:11 - 2018-03-02 04:25 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2018-03-17 15:11 - 2018-03-02 04:25 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2018-03-17 15:11 - 2018-03-02 04:25 - 000265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2018-03-17 15:11 - 2018-03-02 04:25 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2018-03-17 15:11 - 2018-03-02 04:25 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2018-03-17 15:11 - 2018-03-02 04:24 - 001078272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2018-03-17 15:11 - 2018-03-02 04:24 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-03-17 15:11 - 2018-03-02 04:24 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\racpldlg.dll
2018-03-17 15:11 - 2018-03-02 04:23 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-03-17 15:11 - 2018-03-02 04:23 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2018-03-17 15:11 - 2018-03-02 04:23 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2018-03-17 15:11 - 2018-03-02 04:23 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2018-03-17 15:11 - 2018-03-02 04:22 - 001243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2018-03-17 15:11 - 2018-03-02 04:22 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2018-03-17 15:11 - 2018-03-02 04:21 - 003521536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-03-17 15:11 - 2018-03-02 04:21 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2018-03-17 15:11 - 2018-03-02 04:21 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2018-03-17 15:11 - 2018-03-02 04:21 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2018-03-17 15:11 - 2018-03-02 04:20 - 002642944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-03-17 15:11 - 2018-03-02 04:20 - 000400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2018-03-17 15:11 - 2018-03-02 04:20 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2018-03-17 15:11 - 2018-03-02 04:20 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2018-03-17 15:11 - 2018-03-02 04:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2018-03-17 15:11 - 2018-03-02 04:19 - 000807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-03-17 15:11 - 2018-03-02 04:19 - 000715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-03-17 15:11 - 2018-03-02 04:19 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2018-03-17 15:11 - 2018-03-02 04:19 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdchange.exe
2018-03-17 15:11 - 2018-03-02 04:18 - 000819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2018-03-17 15:11 - 2018-03-02 04:18 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2018-03-17 15:11 - 2018-03-02 04:18 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-03-17 15:11 - 2018-03-02 04:18 - 000635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-17 15:11 - 2018-03-02 04:18 - 000592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2018-03-17 15:11 - 2018-03-02 04:18 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2018-03-17 15:11 - 2018-03-02 04:18 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2018-03-17 15:11 - 2018-03-02 04:18 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-17 15:11 - 2018-03-02 04:18 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2018-03-17 15:11 - 2018-03-02 04:18 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2018-03-17 15:11 - 2018-03-02 04:18 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-03-17 15:11 - 2018-03-02 04:18 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-03-17 15:11 - 2018-03-02 04:18 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-03-17 15:11 - 2018-03-02 04:17 - 000858624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2018-03-17 15:11 - 2018-03-02 04:17 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2018-03-17 15:11 - 2018-03-02 04:17 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-03-17 15:11 - 2018-03-02 04:17 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-03-17 15:11 - 2018-03-02 04:17 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2018-03-17 15:11 - 2018-03-02 04:17 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-17 15:11 - 2018-03-02 04:17 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-03-17 15:11 - 2018-03-02 04:17 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-03-17 15:11 - 2018-03-02 04:16 - 003663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-17 15:11 - 2018-03-02 04:16 - 003369984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-03-17 15:11 - 2018-03-02 04:16 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2018-03-17 15:11 - 2018-03-02 04:16 - 001534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2018-03-17 15:11 - 2018-03-02 04:16 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-03-17 15:11 - 2018-03-02 04:16 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2018-03-17 15:11 - 2018-03-02 04:16 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-03-17 15:11 - 2018-03-02 04:15 - 003479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-03-17 15:11 - 2018-03-02 04:15 - 001988608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-03-17 15:11 - 2018-03-02 04:15 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2018-03-17 15:11 - 2018-03-02 04:15 - 001656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2018-03-17 15:11 - 2018-03-02 04:15 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2018-03-17 15:11 - 2018-03-02 04:15 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2018-03-17 15:11 - 2018-03-02 04:15 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-03-17 15:11 - 2018-03-02 04:15 - 000858624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2018-03-17 15:11 - 2018-03-02 04:15 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-03-17 15:11 - 2018-03-02 04:15 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-03-17 15:11 - 2018-03-02 04:15 - 000712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2018-03-17 15:11 - 2018-03-02 04:15 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2018-03-17 15:11 - 2018-03-02 04:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-17 15:11 - 2018-03-02 04:15 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-03-17 15:11 - 2018-03-02 04:15 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-03-17 15:11 - 2018-03-02 04:14 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2018-03-17 15:11 - 2018-03-02 04:13 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-03-17 15:11 - 2018-02-12 18:28 - 000918296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-03-17 15:11 - 2018-02-12 18:21 - 000549080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-03-17 15:11 - 2018-02-12 18:21 - 000037192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2018-03-17 15:11 - 2018-02-12 18:17 - 000498920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2018-03-17 15:11 - 2018-02-12 18:01 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2018-03-17 15:11 - 2018-02-12 18:00 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-03-17 15:11 - 2018-02-12 18:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-03-17 15:11 - 2018-02-12 17:59 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2018-03-17 15:11 - 2018-02-12 17:58 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-03-17 15:11 - 2018-02-12 17:57 - 001323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-03-17 15:11 - 2018-02-12 17:57 - 001137664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-03-17 15:11 - 2018-02-12 17:57 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-03-17 15:11 - 2018-02-12 17:56 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2018-03-17 15:11 - 2018-02-12 17:56 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-03-17 15:11 - 2018-02-12 17:55 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.ProxyStub.dll
2018-03-17 15:11 - 2018-02-12 17:54 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pla.dll
2018-03-17 15:11 - 2018-02-12 17:54 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-03-17 15:11 - 2018-02-12 17:54 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-03-17 15:11 - 2018-02-12 17:51 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-03-17 15:11 - 2018-02-12 17:51 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-03-17 15:11 - 2018-02-12 17:49 - 002748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2018-03-17 15:11 - 2018-02-12 17:46 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2018-03-17 15:11 - 2018-02-10 00:12 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbeio.dll
2018-03-17 15:11 - 2018-02-10 00:10 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2018-03-17 15:11 - 2018-02-10 00:03 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2018-03-17 15:11 - 2018-02-10 00:02 - 000968704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-03-17 15:11 - 2018-02-10 00:02 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-03-17 15:11 - 2018-01-11 02:10 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2018-03-17 15:11 - 2018-01-11 02:10 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2018-03-17 15:11 - 2018-01-11 02:10 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll
2018-03-17 15:11 - 2018-01-11 02:10 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmplpxy.dll
2018-03-17 15:11 - 2018-01-11 02:09 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmprovhost.exe
2018-03-17 15:11 - 2018-01-01 01:08 - 000183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2018-03-17 15:11 - 2018-01-01 01:07 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-03-17 15:11 - 2018-01-01 01:05 - 000433824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-03-17 15:11 - 2018-01-01 01:05 - 000084656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-03-17 15:11 - 2018-01-01 01:05 - 000067104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2018-03-17 15:11 - 2018-01-01 00:52 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gmsaclient.dll
2018-03-17 15:11 - 2018-01-01 00:52 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-03-17 15:11 - 2018-01-01 00:51 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2018-03-17 15:11 - 2018-01-01 00:50 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ssdpapi.dll
2018-03-17 15:11 - 2018-01-01 00:50 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2018-03-17 15:11 - 2018-01-01 00:48 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-03-17 15:11 - 2018-01-01 00:46 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2018-03-17 15:11 - 2018-01-01 00:42 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-03-17 15:11 - 2018-01-01 00:42 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-03-17 15:11 - 2018-01-01 00:41 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWNet.dll
2018-03-17 15:11 - 2018-01-01 00:39 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-03-17 15:11 - 2018-01-01 00:35 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2018-03-17 15:11 - 2018-01-01 00:34 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvvmtransport.dll
2018-03-17 15:11 - 2018-01-01 00:34 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfhost.exe
2018-03-17 15:10 - 2018-03-02 05:00 - 002049512 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-03-17 15:10 - 2018-03-02 04:53 - 000982400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-03-17 15:10 - 2018-03-02 04:52 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-03-17 15:10 - 2018-03-02 04:52 - 000025440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFrameworkPS.dll
2018-03-17 15:10 - 2018-03-02 04:50 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-03-17 15:10 - 2018-03-02 04:47 - 001129064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-17 15:10 - 2018-03-02 04:47 - 000121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-03-17 15:10 - 2018-03-02 04:31 - 003690496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-17 15:10 - 2018-03-02 04:31 - 001631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2018-03-17 15:10 - 2018-03-02 04:30 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2018-03-17 15:10 - 2018-03-02 04:29 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2018-03-17 15:10 - 2018-03-02 04:28 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-03-17 15:10 - 2018-03-02 04:27 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2018-03-17 15:10 - 2018-03-02 04:27 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2018-03-17 15:10 - 2018-03-02 04:27 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2018-03-17 15:10 - 2018-03-02 04:26 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-03-17 15:10 - 2018-03-02 04:26 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2018-03-17 15:10 - 2018-03-02 04:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2018-03-17 15:10 - 2018-03-02 04:25 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2018-03-17 15:10 - 2018-03-02 04:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-03-17 15:10 - 2018-03-02 04:25 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-03-17 15:10 - 2018-03-02 04:24 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
2018-03-17 15:10 - 2018-03-02 04:23 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2018-03-17 15:10 - 2018-03-02 04:22 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-03-17 15:10 - 2018-03-02 04:22 - 000609792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2018-03-17 15:10 - 2018-03-02 04:22 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2018-03-17 15:10 - 2018-03-02 04:22 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2018-03-17 15:10 - 2018-03-02 04:21 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-03-17 15:10 - 2018-03-02 04:21 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2018-03-17 15:10 - 2018-03-02 04:21 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-03-17 15:10 - 2018-03-02 04:20 - 001221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-03-17 15:10 - 2018-03-02 04:20 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2018-03-17 15:10 - 2018-03-02 04:20 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-03-17 15:10 - 2018-03-02 04:20 - 000325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2018-03-17 15:10 - 2018-03-02 04:19 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2018-03-17 15:10 - 2018-03-02 04:19 - 000357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2018-03-17 15:10 - 2018-03-02 04:19 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2018-03-17 15:10 - 2018-03-02 04:19 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFrameworkInternalPS.dll
2018-03-17 15:10 - 2018-03-02 04:18 - 001247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-03-17 15:10 - 2018-03-02 04:18 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2018-03-17 15:10 - 2018-03-02 04:18 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2018-03-17 15:10 - 2018-03-02 04:18 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2018-03-17 15:10 - 2018-03-02 04:18 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2018-03-17 15:10 - 2018-03-02 04:18 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2018-03-17 15:10 - 2018-03-02 04:17 - 000413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-03-17 15:10 - 2018-03-02 04:17 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2018-03-17 15:10 - 2018-03-02 04:16 - 005061632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-03-17 15:10 - 2018-03-02 04:16 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2018-03-17 15:10 - 2018-03-02 04:15 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2018-03-17 15:10 - 2018-03-02 04:15 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2018-03-17 15:10 - 2018-03-02 04:15 - 000693760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-03-17 15:10 - 2018-03-02 04:15 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-03-17 15:10 - 2018-03-02 04:15 - 000654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2018-03-17 15:10 - 2018-03-02 04:14 - 003736064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2018-03-17 15:10 - 2018-02-12 18:21 - 000606552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2018-03-17 15:10 - 2018-02-12 18:21 - 000111960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2018-03-17 15:10 - 2018-02-12 18:19 - 004312752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-03-17 15:10 - 2018-02-12 18:19 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-17 15:10 - 2018-02-12 18:03 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2018-03-17 15:10 - 2018-02-12 18:02 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Management.Lockdown.dll
2018-03-17 15:10 - 2018-02-12 18:01 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2018-03-17 15:10 - 2018-02-12 18:00 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-03-17 15:10 - 2018-02-12 17:58 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2018-03-17 15:10 - 2018-02-12 17:53 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2018-03-17 15:10 - 2018-02-12 17:53 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
2018-03-17 15:10 - 2018-02-12 17:52 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2018-03-17 15:10 - 2018-02-12 17:48 - 002139136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-03-17 15:10 - 2018-02-12 17:48 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-03-17 15:10 - 2018-02-12 17:47 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2018-03-17 15:10 - 2018-02-12 17:46 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-03-17 15:10 - 2018-02-12 17:46 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-03-17 15:10 - 2018-02-10 00:30 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-03-17 15:10 - 2018-02-10 00:29 - 000139096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2018-03-17 15:10 - 2018-02-10 00:15 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-03-17 15:10 - 2018-02-10 00:14 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\accountaccessor.dll
2018-03-17 15:10 - 2018-02-10 00:12 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\syncutil.dll
2018-03-17 15:10 - 2018-02-10 00:09 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2018-03-17 15:10 - 2018-01-11 02:28 - 000250048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-03-17 15:10 - 2018-01-11 02:07 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2018-03-17 15:10 - 2018-01-11 02:07 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
2018-03-17 15:10 - 2018-01-01 01:24 - 000316760 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-03-17 15:10 - 2018-01-01 01:02 - 000546960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-03-17 15:10 - 2018-01-01 01:01 - 000415248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp110_win.dll
2018-03-17 15:10 - 2018-01-01 00:51 - 000037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-03-17 15:10 - 2018-01-01 00:50 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-03-17 15:10 - 2018-01-01 00:50 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2018-03-17 15:10 - 2018-01-01 00:50 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2018-03-17 15:10 - 2018-01-01 00:49 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-03-17 15:10 - 2018-01-01 00:49 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshqos.dll
2018-03-17 15:10 - 2018-01-01 00:48 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3dlg.dll
2018-03-17 15:10 - 2018-01-01 00:48 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2018-03-17 15:10 - 2018-01-01 00:47 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-03-17 15:10 - 2018-01-01 00:47 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2018-03-17 15:10 - 2018-01-01 00:46 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2018-03-17 15:10 - 2018-01-01 00:45 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-03-17 15:10 - 2018-01-01 00:42 - 000513024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2018-03-17 15:10 - 2018-01-01 00:41 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-03-17 15:10 - 2018-01-01 00:41 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2018-03-17 15:10 - 2018-01-01 00:39 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-03-17 15:10 - 2018-01-01 00:39 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-03-17 15:10 - 2018-01-01 00:36 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-03-17 15:09 - 2018-03-02 05:10 - 000199520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-17 15:09 - 2018-03-02 04:53 - 000869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2018-03-17 15:09 - 2018-03-02 04:51 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2018-03-17 15:09 - 2018-03-02 04:49 - 000846552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-03-17 15:09 - 2018-03-02 04:31 - 000313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-03-17 15:09 - 2018-03-02 04:26 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-17 15:09 - 2018-03-02 04:26 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2018-03-17 15:09 - 2018-03-02 04:26 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2018-03-17 15:09 - 2018-03-02 04:24 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2018-03-17 15:09 - 2018-03-02 04:22 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2018-03-17 15:09 - 2018-03-02 04:20 - 000271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2018-03-17 15:09 - 2018-03-02 04:20 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2018-03-17 15:09 - 2018-03-02 04:20 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CameraCaptureUI.dll
2018-03-17 15:09 - 2018-03-02 04:19 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2018-03-17 15:09 - 2018-03-02 04:19 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2018-03-17 15:09 - 2018-03-02 04:15 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2018-03-17 15:09 - 2018-03-02 04:15 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-03-17 15:09 - 2018-03-02 04:14 - 001577984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-03-17 15:09 - 2018-03-02 03:55 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-03-17 15:09 - 2018-02-12 18:44 - 000485648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-03-17 15:09 - 2018-02-12 18:22 - 000116568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-03-17 15:09 - 2018-02-12 18:21 - 000367208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-03-17 15:09 - 2018-02-12 18:19 - 000487104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-03-17 15:09 - 2018-02-12 18:19 - 000382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-03-17 15:09 - 2018-02-12 18:19 - 000076976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-03-17 15:09 - 2018-02-12 18:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2018-03-17 15:09 - 2018-02-12 18:01 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2018-03-17 15:09 - 2018-02-12 18:00 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2018-03-17 15:09 - 2018-02-12 17:59 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2018-03-17 15:09 - 2018-02-12 17:57 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2018-03-17 15:09 - 2018-02-12 17:53 - 003198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-17 15:09 - 2018-02-10 00:28 - 000962760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-03-17 15:09 - 2018-01-01 00:52 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshhyperv.dll
2018-03-17 15:09 - 2018-01-01 00:50 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2018-03-17 15:09 - 2018-01-01 00:49 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-03-17 15:09 - 2018-01-01 00:43 - 000746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2018-03-17 15:09 - 2018-01-01 00:42 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2018-03-16 20:07 - 2018-01-01 01:28 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-03-16 20:07 - 2018-01-01 01:25 - 000104280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-16 20:07 - 2018-01-01 01:20 - 000028448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2018-03-16 20:07 - 2018-01-01 00:51 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-03-16 20:07 - 2018-01-01 00:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys
2018-03-16 20:07 - 2018-01-01 00:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2018-03-16 20:07 - 2018-01-01 00:48 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-16 20:06 - 2018-03-02 05:01 - 000328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-03-16 20:06 - 2018-03-02 04:58 - 005091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-16 20:06 - 2018-03-02 04:24 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWGP.dll
2018-03-16 20:06 - 2018-03-02 04:24 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2018-03-16 20:06 - 2018-03-02 04:24 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-03-16 20:06 - 2018-03-02 04:23 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInputUap.dll
2018-03-16 20:06 - 2018-03-02 04:22 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-03-16 20:06 - 2018-03-02 04:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2018-03-16 20:06 - 2018-03-02 04:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2018-03-16 20:06 - 2018-03-02 04:19 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2018-03-16 20:06 - 2018-03-02 04:18 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-03-16 20:06 - 2018-03-02 04:17 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-03-16 20:06 - 2018-03-02 04:17 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-03-16 20:06 - 2018-03-02 04:16 - 001507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2018-03-16 20:06 - 2018-03-02 04:16 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-03-16 20:06 - 2018-03-02 04:16 - 000390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-03-16 20:06 - 2018-03-02 04:16 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-03-16 20:06 - 2018-03-02 04:15 - 000779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-03-16 20:06 - 2018-03-02 04:15 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2018-03-16 20:06 - 2018-03-02 04:15 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-03-16 20:06 - 2018-03-02 04:14 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2018-03-16 20:06 - 2018-03-02 04:14 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-03-16 20:06 - 2018-03-02 04:13 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-03-16 20:06 - 2018-03-02 04:13 - 002424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2018-03-16 20:06 - 2018-03-02 04:13 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2018-03-16 20:06 - 2018-03-02 04:12 - 004136960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-03-16 20:06 - 2018-03-02 04:12 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2018-03-16 20:06 - 2018-03-02 04:11 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2018-03-16 20:06 - 2018-03-02 04:11 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-03-16 20:06 - 2018-02-12 18:38 - 000082784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-16 20:06 - 2018-02-12 17:52 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-03-16 20:06 - 2018-02-12 17:49 - 000730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-03-16 20:06 - 2018-02-12 17:48 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-03-16 20:06 - 2018-02-10 00:03 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2018-03-16 20:06 - 2018-02-10 00:03 - 000634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-03-16 20:06 - 2018-01-01 01:21 - 000046936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2018-03-16 20:06 - 2018-01-01 01:21 - 000036184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2018-03-16 20:06 - 2018-01-01 01:20 - 000116568 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-03-16 20:06 - 2018-01-01 00:50 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys
2018-03-16 20:06 - 2018-01-01 00:50 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys
2018-03-16 20:06 - 2018-01-01 00:49 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys
2018-03-16 20:06 - 2018-01-01 00:47 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-03-16 20:06 - 2018-01-01 00:42 - 000152576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-03-16 20:06 - 2018-01-01 00:41 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-03-16 20:06 - 2018-01-01 00:36 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-03-16 20:04 - 2018-02-10 00:54 - 000191832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-16 20:04 - 2018-02-10 00:47 - 000130904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-16 20:04 - 2018-01-11 02:17 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netfxperf.dll
2018-03-16 20:03 - 2018-01-01 00:36 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-03-16 20:02 - 2018-03-02 05:02 - 000857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-03-16 20:02 - 2018-03-02 05:00 - 001739064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-03-16 20:02 - 2018-03-02 05:00 - 001157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-03-16 20:02 - 2018-03-02 05:00 - 000342448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-16 20:02 - 2018-03-02 05:00 - 000318776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-03-16 20:02 - 2018-03-02 04:59 - 000026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-03-16 20:02 - 2018-03-02 04:59 - 000022336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-03-16 20:02 - 2018-03-02 04:25 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-03-16 20:02 - 2018-03-02 04:25 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfp.dll
2018-03-16 20:02 - 2018-03-02 04:25 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-03-16 20:02 - 2018-03-02 04:25 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2018-03-16 20:02 - 2018-03-02 04:25 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-03-16 20:02 - 2018-03-02 04:25 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-03-16 20:02 - 2018-03-02 04:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-03-16 20:02 - 2018-03-02 04:24 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2018-03-16 20:02 - 2018-03-02 04:23 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2018-03-16 20:02 - 2018-03-02 04:23 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2018-03-16 20:02 - 2018-03-02 04:22 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2018-03-16 20:02 - 2018-03-02 04:22 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2018-03-16 20:02 - 2018-03-02 04:22 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2018-03-16 20:02 - 2018-03-02 04:21 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactActivation.dll
2018-03-16 20:02 - 2018-03-02 04:21 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2018-03-16 20:02 - 2018-03-02 04:20 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2018-03-16 20:02 - 2018-03-02 04:20 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2018-03-16 20:02 - 2018-03-02 04:20 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2018-03-16 20:02 - 2018-03-02 04:18 - 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2018-03-16 20:02 - 2018-03-02 04:18 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2018-03-16 20:02 - 2018-03-02 04:17 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2018-03-16 20:02 - 2018-03-02 04:16 - 004596736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-03-16 20:02 - 2018-03-02 04:16 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2018-03-16 20:02 - 2018-03-02 04:16 - 000418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2018-03-16 20:02 - 2018-03-02 04:16 - 000299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-16 20:02 - 2018-03-02 04:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2018-03-16 20:02 - 2018-03-02 04:15 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2018-03-16 20:02 - 2018-03-02 04:15 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2018-03-16 20:02 - 2018-03-02 04:15 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2018-03-16 20:02 - 2018-03-02 04:15 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2018-03-16 20:02 - 2018-03-02 04:15 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2018-03-16 20:02 - 2018-03-02 04:15 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-16 20:02 - 2018-03-02 04:14 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-03-16 20:02 - 2018-03-02 04:14 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll
2018-03-16 20:02 - 2018-03-02 04:14 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-16 20:02 - 2018-03-02 04:14 - 000245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-03-16 20:02 - 2018-03-02 04:14 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-03-16 20:02 - 2018-03-02 04:13 - 001146880 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2018-03-16 20:02 - 2018-03-02 04:13 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2018-03-16 20:02 - 2018-03-02 04:13 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-03-16 20:02 - 2018-03-02 04:12 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2018-03-16 20:02 - 2018-03-02 04:11 - 002321920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-03-16 20:02 - 2018-03-02 04:11 - 001515520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-16 20:02 - 2018-03-02 04:11 - 001328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2018-03-16 20:02 - 2018-03-02 04:11 - 001266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-03-16 20:02 - 2018-03-02 04:11 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-03-16 20:02 - 2018-03-02 04:11 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2018-03-16 20:02 - 2018-03-02 04:11 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-03-16 20:02 - 2018-03-02 04:10 - 004061184 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-03-16 20:02 - 2018-03-02 04:10 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-03-16 20:02 - 2018-03-02 04:10 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2018-03-16 20:02 - 2018-03-02 04:09 - 003616256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-16 20:02 - 2018-03-02 04:09 - 003497472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-16 20:02 - 2018-03-02 04:09 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2018-03-16 20:02 - 2018-03-02 04:09 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2018-03-16 20:02 - 2018-02-12 18:38 - 000423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-03-16 20:02 - 2018-02-12 18:37 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-03-16 20:02 - 2018-02-12 18:34 - 000409944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-03-16 20:02 - 2018-02-12 18:30 - 000044456 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2018-03-16 20:02 - 2018-02-12 18:27 - 000633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-03-16 20:02 - 2018-02-12 18:27 - 000584024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-03-16 20:02 - 2018-02-12 17:55 - 001914368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-03-16 20:02 - 2018-02-12 17:55 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-03-16 20:02 - 2018-02-12 17:55 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-03-16 20:02 - 2018-02-12 17:55 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-03-16 20:02 - 2018-02-12 17:54 - 001584640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-03-16 20:02 - 2018-02-12 17:54 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2018-03-16 20:02 - 2018-02-12 17:51 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2018-03-16 20:02 - 2018-02-12 17:48 - 000680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-03-16 20:02 - 2018-02-12 17:48 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2018-03-16 20:02 - 2018-02-12 17:48 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-03-16 20:02 - 2018-02-12 17:47 - 003135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2018-03-16 20:02 - 2018-02-12 17:47 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2018-03-16 20:02 - 2018-02-12 17:46 - 000574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2018-03-16 20:02 - 2018-02-12 17:46 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-03-16 20:02 - 2018-02-12 17:45 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-03-16 20:02 - 2018-02-12 17:43 - 001349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-03-16 20:02 - 2018-02-12 17:42 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2018-03-16 20:02 - 2018-02-10 00:04 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSSessionUX.dll
2018-03-16 20:02 - 2018-02-10 00:03 - 001293312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2018-03-16 20:02 - 2018-01-11 02:59 - 001416224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-03-16 20:02 - 2018-01-11 02:28 - 002715648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-03-16 20:02 - 2018-01-11 02:27 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2018-03-16 20:02 - 2018-01-11 02:26 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2018-03-16 20:02 - 2018-01-11 02:26 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2018-03-16 20:02 - 2018-01-11 02:26 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmprovhost.exe
2018-03-16 20:02 - 2018-01-11 02:26 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2018-03-16 20:02 - 2018-01-01 01:21 - 000527800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-03-16 20:02 - 2018-01-01 01:20 - 000085240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2018-03-16 20:02 - 2018-01-01 00:58 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-03-16 20:02 - 2018-01-01 00:49 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2018-03-16 20:02 - 2018-01-01 00:49 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2018-03-16 20:02 - 2018-01-01 00:48 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2018-03-16 20:02 - 2018-01-01 00:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpapi.dll
2018-03-16 20:02 - 2018-01-01 00:48 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-03-16 20:02 - 2018-01-01 00:48 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysntfy.dll
2018-03-16 20:02 - 2018-01-01 00:47 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2018-03-16 20:02 - 2018-01-01 00:44 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll
2018-03-16 20:02 - 2018-01-01 00:43 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2018-03-16 20:02 - 2018-01-01 00:42 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-03-16 20:02 - 2018-01-01 00:41 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-03-16 20:02 - 2018-01-01 00:41 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-03-16 20:02 - 2018-01-01 00:40 - 000678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-03-16 20:02 - 2018-01-01 00:40 - 000387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-03-16 20:02 - 2018-01-01 00:39 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2018-03-16 20:02 - 2018-01-01 00:38 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-03-16 20:02 - 2018-01-01 00:38 - 000283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2018-03-16 20:02 - 2018-01-01 00:37 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-03-16 20:02 - 2018-01-01 00:36 - 000948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-03-16 20:02 - 2018-01-01 00:35 - 000387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2018-03-16 20:02 - 2018-01-01 00:35 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvvmtransport.dll
2018-03-16 20:01 - 2018-03-02 05:04 - 000361312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-16 20:01 - 2018-03-02 05:03 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-03-16 20:01 - 2018-03-02 05:02 - 001000800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-03-16 20:01 - 2018-03-02 04:58 - 000092504 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-16 20:01 - 2018-03-02 04:27 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2018-03-16 20:01 - 2018-03-02 04:24 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-16 20:01 - 2018-03-02 04:22 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2018-03-16 20:01 - 2018-03-02 04:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-03-16 20:01 - 2018-03-02 04:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2018-03-16 20:01 - 2018-03-02 04:22 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2018-03-16 20:01 - 2018-03-02 04:22 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsExtensibilityHandlers.dll
2018-03-16 20:01 - 2018-03-02 04:22 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-16 20:01 - 2018-03-02 04:22 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-03-16 20:01 - 2018-03-02 04:21 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2018-03-16 20:01 - 2018-03-02 04:20 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-03-16 20:01 - 2018-03-02 04:20 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2018-03-16 20:01 - 2018-03-02 04:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2018-03-16 20:01 - 2018-03-02 04:20 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-16 20:01 - 2018-03-02 04:19 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-16 20:01 - 2018-03-02 04:19 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2018-03-16 20:01 - 2018-03-02 04:17 - 000980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-03-16 20:01 - 2018-03-02 04:17 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2018-03-16 20:01 - 2018-03-02 04:17 - 000418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2018-03-16 20:01 - 2018-03-02 04:17 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2018-03-16 20:01 - 2018-03-02 04:17 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2018-03-16 20:01 - 2018-03-02 04:17 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdchange.exe
2018-03-16 20:01 - 2018-03-02 04:16 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2018-03-16 20:01 - 2018-03-02 04:16 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2018-03-16 20:01 - 2018-03-02 04:15 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-16 20:01 - 2018-03-02 04:15 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-16 20:01 - 2018-03-02 04:15 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2018-03-16 20:01 - 2018-03-02 04:15 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2018-03-16 20:01 - 2018-03-02 04:15 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2018-03-16 20:01 - 2018-03-02 04:15 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2018-03-16 20:01 - 2018-03-02 04:14 - 004749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-03-16 20:01 - 2018-03-02 04:14 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-03-16 20:01 - 2018-03-02 04:14 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-03-16 20:01 - 2018-03-02 04:13 - 000967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2018-03-16 20:01 - 2018-03-02 04:13 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2018-03-16 20:01 - 2018-03-02 04:12 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-03-16 20:01 - 2018-03-02 04:11 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-03-16 20:01 - 2018-03-02 04:11 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2018-03-16 20:01 - 2018-03-02 04:11 - 001359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2018-03-16 20:01 - 2018-03-02 04:11 - 001294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2018-03-16 20:01 - 2018-03-02 04:11 - 000800256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-16 20:01 - 2018-03-02 04:11 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-03-16 20:01 - 2018-03-02 04:10 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-03-16 20:01 - 2018-03-02 04:10 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-03-16 20:01 - 2018-03-02 04:10 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2018-03-16 20:01 - 2018-03-02 04:10 - 000611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2018-03-16 20:01 - 2018-03-02 04:10 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-16 20:01 - 2018-03-02 04:10 - 000540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-03-16 20:01 - 2018-02-12 18:31 - 000681304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-03-16 20:01 - 2018-02-12 18:30 - 000509784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-03-16 20:01 - 2018-02-12 18:30 - 000449880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-03-16 20:01 - 2018-02-12 18:27 - 000142568 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2018-03-16 20:01 - 2018-02-12 17:56 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2018-03-16 20:01 - 2018-02-12 17:55 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-03-16 20:01 - 2018-02-12 17:55 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2018-03-16 20:01 - 2018-02-12 17:55 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Authentication.dll
2018-03-16 20:01 - 2018-02-12 17:54 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-03-16 20:01 - 2018-02-12 17:53 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2018-03-16 20:01 - 2018-02-12 17:52 - 000718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-03-16 20:01 - 2018-02-12 17:51 - 000702976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-03-16 20:01 - 2018-02-12 17:48 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll
2018-03-16 20:01 - 2018-02-12 17:47 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2018-03-16 20:01 - 2018-02-12 17:46 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-03-16 20:01 - 2018-02-12 17:46 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-03-16 20:01 - 2018-02-12 17:45 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-03-16 20:01 - 2018-02-12 17:44 - 002512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-03-16 20:01 - 2018-02-12 17:43 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-03-16 20:01 - 2018-02-12 17:43 - 000792576 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-03-16 20:01 - 2018-02-12 17:43 - 000730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2018-03-16 20:01 - 2018-02-10 00:45 - 001600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-03-16 20:01 - 2018-02-10 00:45 - 000743216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-03-16 20:01 - 2018-02-10 00:12 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbeio.dll
2018-03-16 20:01 - 2018-02-10 00:10 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2018-03-16 20:01 - 2018-02-10 00:04 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2018-03-16 20:01 - 2018-02-10 00:04 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-03-16 20:01 - 2018-01-17 04:27 - 000078448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2018-03-16 20:01 - 2018-01-11 03:03 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-03-16 20:01 - 2018-01-11 02:25 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-03-16 20:01 - 2018-01-11 02:23 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2018-03-16 20:01 - 2018-01-11 02:22 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-03-16 20:01 - 2018-01-11 02:20 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-03-16 20:01 - 2018-01-11 02:17 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2018-03-16 20:01 - 2018-01-11 02:17 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-03-16 20:01 - 2018-01-11 02:17 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-03-16 20:01 - 2018-01-01 01:24 - 000198848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-03-16 20:01 - 2018-01-01 01:23 - 000246864 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2018-03-16 20:01 - 2018-01-01 01:20 - 000103304 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-03-16 20:01 - 2018-01-01 00:58 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2018-03-16 20:01 - 2018-01-01 00:58 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-03-16 20:01 - 2018-01-01 00:49 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\gmsaclient.dll
2018-03-16 20:01 - 2018-01-01 00:48 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-03-16 20:01 - 2018-01-01 00:48 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2018-03-16 20:01 - 2018-01-01 00:43 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-03-16 20:01 - 2018-01-01 00:42 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2018-03-16 20:01 - 2018-01-01 00:41 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-03-16 20:01 - 2018-01-01 00:40 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-03-16 20:01 - 2018-01-01 00:40 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-03-16 20:01 - 2018-01-01 00:40 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-03-16 20:01 - 2018-01-01 00:39 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-03-16 20:01 - 2018-01-01 00:37 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-03-16 20:01 - 2018-01-01 00:36 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2018-03-16 20:00 - 2018-03-02 05:04 - 000168792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-16 20:00 - 2018-03-02 05:03 - 000658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-16 20:00 - 2018-03-02 05:00 - 000402264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-16 20:00 - 2018-03-02 04:59 - 002447208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-03-16 20:00 - 2018-03-02 04:59 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-16 20:00 - 2018-03-02 04:57 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-03-16 20:00 - 2018-03-02 04:23 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2018-03-16 20:00 - 2018-03-02 04:23 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-16 20:00 - 2018-03-02 04:21 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2018-03-16 20:00 - 2018-03-02 04:20 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2018-03-16 20:00 - 2018-03-02 04:19 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-03-16 20:00 - 2018-03-02 04:17 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2018-03-16 20:00 - 2018-03-02 04:17 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2018-03-16 20:00 - 2018-03-02 04:15 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2018-03-16 20:00 - 2018-03-02 04:15 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-03-16 20:00 - 2018-03-02 04:15 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2018-03-16 20:00 - 2018-03-02 04:15 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-03-16 20:00 - 2018-03-02 04:12 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2018-03-16 20:00 - 2018-03-02 04:12 - 001486336 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-16 20:00 - 2018-03-02 04:11 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-03-16 20:00 - 2018-03-02 04:11 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-03-16 20:00 - 2018-02-12 18:35 - 000468312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-03-16 20:00 - 2018-02-12 18:30 - 000155992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-03-16 20:00 - 2018-02-12 18:30 - 000148824 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2018-03-16 20:00 - 2018-02-12 18:29 - 000725672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-16 20:00 - 2018-02-12 17:59 - 002840576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2018-03-16 20:00 - 2018-02-12 17:59 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll
2018-03-16 20:00 - 2018-02-12 17:58 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\cic.dll
2018-03-16 20:00 - 2018-02-12 17:58 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcshext.dll
2018-03-16 20:00 - 2018-02-12 17:56 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2018-03-16 20:00 - 2018-02-12 17:56 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2018-03-16 20:00 - 2018-02-12 17:52 - 001457152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pla.dll
2018-03-16 20:00 - 2018-02-12 17:52 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-03-16 20:00 - 2018-02-12 17:52 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\correngine.dll
2018-03-16 20:00 - 2018-02-12 17:51 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-03-16 20:00 - 2018-02-12 17:48 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2018-03-16 20:00 - 2018-02-12 17:48 - 000441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2018-03-16 20:00 - 2018-02-12 17:47 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2018-03-16 20:00 - 2018-02-12 17:45 - 001037312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-03-16 20:00 - 2018-02-12 17:44 - 000723456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-03-16 20:00 - 2018-02-12 17:43 - 001131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-03-16 20:00 - 2018-02-12 17:43 - 000834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-03-16 20:00 - 2018-02-12 17:43 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-03-16 20:00 - 2018-02-12 17:43 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2018-03-16 20:00 - 2018-02-10 00:11 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2018-03-16 20:00 - 2018-02-10 00:07 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2018-03-16 20:00 - 2018-02-10 00:05 - 000741888 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2018-03-16 20:00 - 2018-02-10 00:05 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2018-03-16 20:00 - 2018-01-11 03:14 - 002254688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-03-16 20:00 - 2018-01-11 02:17 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-03-16 20:00 - 2018-01-11 02:11 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-03-16 20:00 - 2018-01-01 01:20 - 000160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2018-03-16 20:00 - 2018-01-01 01:19 - 000153432 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2018-03-16 20:00 - 2018-01-01 01:18 - 000588816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110_win.dll
2018-03-16 20:00 - 2018-01-01 00:50 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\traffic.dll
2018-03-16 20:00 - 2018-01-01 00:48 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshqos.dll
2018-03-16 20:00 - 2018-01-01 00:44 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll
2018-03-16 20:00 - 2018-01-01 00:42 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-03-16 20:00 - 2018-01-01 00:40 - 000597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-03-16 20:00 - 2018-01-01 00:40 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-03-16 20:00 - 2018-01-01 00:40 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-03-16 20:00 - 2018-01-01 00:39 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-03-16 20:00 - 2018-01-01 00:39 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-03-16 20:00 - 2018-01-01 00:38 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-03-16 20:00 - 2018-01-01 00:36 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-03-16 20:00 - 2018-01-01 00:36 - 000960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-03-16 19:59 - 2018-03-02 05:00 - 000036704 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkPS.dll
2018-03-16 19:59 - 2018-03-02 04:33 - 022574080 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-16 19:59 - 2018-03-02 04:23 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-03-16 19:59 - 2018-03-02 04:21 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2018-03-16 19:59 - 2018-03-02 04:21 - 000245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2018-03-16 19:59 - 2018-03-02 04:21 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsrchapi.dll
2018-03-16 19:59 - 2018-03-02 04:20 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcat.dll
2018-03-16 19:59 - 2018-03-02 04:20 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhmanagew.exe
2018-03-16 19:59 - 2018-03-02 04:20 - 000074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhevents.dll
2018-03-16 19:59 - 2018-03-02 04:20 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsrchph.dll
2018-03-16 19:59 - 2018-03-02 04:19 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhshl.dll
2018-03-16 19:59 - 2018-03-02 04:19 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhlisten.dll
2018-03-16 19:59 - 2018-03-02 04:19 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhtask.dll
2018-03-16 19:59 - 2018-03-02 04:19 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcleanup.dll
2018-03-16 19:59 - 2018-03-02 04:18 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-16 19:59 - 2018-03-02 04:18 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2018-03-16 19:59 - 2018-03-02 04:18 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhautoplay.dll
2018-03-16 19:59 - 2018-03-02 04:17 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2018-03-16 19:59 - 2018-03-02 04:17 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-03-16 19:59 - 2018-03-02 04:16 - 000464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-03-16 19:59 - 2018-03-02 04:16 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-03-16 19:59 - 2018-03-02 04:16 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-03-16 19:59 - 2018-03-02 04:15 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-03-16 19:59 - 2018-03-02 04:14 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-03-16 19:59 - 2018-03-02 04:14 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2018-03-16 19:59 - 2018-03-02 04:09 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-03-16 19:59 - 2018-02-12 18:27 - 001102680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-03-16 19:59 - 2018-02-12 17:55 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2018-03-16 19:59 - 2018-02-12 17:53 - 000730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-03-16 19:59 - 2018-02-12 17:51 - 000501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2018-03-16 19:59 - 2018-02-12 17:51 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-03-16 19:59 - 2018-02-12 17:50 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2018-03-16 19:59 - 2018-02-12 17:45 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2018-03-16 19:59 - 2018-02-12 17:43 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-03-16 19:59 - 2018-02-12 17:43 - 000261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-03-16 19:59 - 2018-02-10 00:53 - 000434520 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-03-16 19:59 - 2018-02-10 00:15 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-03-16 19:59 - 2018-02-10 00:04 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2018-03-16 19:59 - 2018-01-01 01:30 - 000379736 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-03-16 19:59 - 2018-01-01 01:22 - 000062808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-03-16 19:59 - 2018-01-01 01:18 - 000630080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-03-16 19:59 - 2018-01-01 00:49 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-03-16 19:59 - 2018-01-01 00:49 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2018-03-16 19:59 - 2018-01-01 00:49 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2018-03-16 19:59 - 2018-01-01 00:49 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2018-03-16 19:59 - 2018-01-01 00:49 - 000045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-03-16 19:59 - 2018-01-01 00:48 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2018-03-16 19:59 - 2018-01-01 00:48 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2018-03-16 19:59 - 2018-01-01 00:48 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2018-03-16 19:59 - 2018-01-01 00:48 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-03-16 19:59 - 2018-01-01 00:48 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2018-03-16 19:59 - 2018-01-01 00:48 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2018-03-16 19:59 - 2018-01-01 00:48 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2018-03-16 19:59 - 2018-01-01 00:47 - 000420352 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-03-16 19:59 - 2018-01-01 00:47 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2018-03-16 19:59 - 2018-01-01 00:47 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2018-03-16 19:59 - 2018-01-01 00:47 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-03-16 19:59 - 2018-01-01 00:47 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-03-16 19:59 - 2018-01-01 00:47 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2018-03-16 19:59 - 2018-01-01 00:47 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2018-03-16 19:59 - 2018-01-01 00:45 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPnp.dll
2018-03-16 19:59 - 2018-01-01 00:45 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-03-16 19:59 - 2018-01-01 00:44 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2018-03-16 19:59 - 2018-01-01 00:42 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2018-03-16 19:59 - 2018-01-01 00:41 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-03-16 19:59 - 2018-01-01 00:41 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2018-03-16 19:59 - 2018-01-01 00:39 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-03-16 19:59 - 2018-01-01 00:34 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-03-16 19:58 - 2018-03-02 05:13 - 002003288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-16 19:58 - 2018-03-02 05:13 - 001568608 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-16 19:58 - 2018-03-02 05:13 - 000749408 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-16 19:58 - 2018-03-02 05:13 - 000664416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-16 19:58 - 2018-03-02 05:13 - 000609112 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-16 19:58 - 2018-03-02 05:13 - 000389472 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-16 19:58 - 2018-03-02 05:13 - 000270688 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-16 19:58 - 2018-03-02 05:13 - 000246112 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-16 19:58 - 2018-03-02 05:13 - 000138080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-16 19:58 - 2018-03-02 05:13 - 000069984 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-16 19:58 - 2018-03-02 05:11 - 000461664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-16 19:58 - 2018-03-02 05:11 - 000035168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-16 19:58 - 2018-03-02 05:07 - 000100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2018-03-16 19:58 - 2018-03-02 05:03 - 000501080 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-16 19:58 - 2018-03-02 05:01 - 001070744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2018-03-16 19:58 - 2018-03-02 05:00 - 000119640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-16 19:58 - 2018-03-02 04:59 - 002916720 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-03-16 19:58 - 2018-03-02 04:59 - 001267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-03-16 19:58 - 2018-03-02 04:59 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-03-16 19:58 - 2018-03-02 04:57 - 000523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2018-03-16 19:58 - 2018-03-02 04:57 - 000160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2018-03-16 19:58 - 2018-03-02 04:55 - 000372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2018-03-16 19:58 - 2018-03-02 04:30 - 007219712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-16 19:58 - 2018-03-02 04:26 - 001631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-03-16 19:58 - 2018-03-02 04:24 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-16 19:58 - 2018-03-02 04:23 - 017202176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-03-16 19:58 - 2018-03-02 04:22 - 001639424 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-03-16 19:58 - 2018-03-02 04:22 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-03-16 19:58 - 2018-03-02 04:22 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-03-16 19:58 - 2018-03-02 04:22 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-03-16 19:58 - 2018-03-02 04:22 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2018-03-16 19:58 - 2018-03-02 04:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2018-03-16 19:58 - 2018-03-02 04:20 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2018-03-16 19:58 - 2018-03-02 04:19 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-03-16 19:58 - 2018-03-02 04:18 - 000493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-03-16 19:58 - 2018-03-02 04:18 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2018-03-16 19:58 - 2018-03-02 04:18 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll
2018-03-16 19:58 - 2018-03-02 04:18 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-16 19:58 - 2018-03-02 04:17 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-16 19:58 - 2018-03-02 04:17 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2018-03-16 19:58 - 2018-03-02 04:16 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2018-03-16 19:58 - 2018-03-02 04:16 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2018-03-16 19:58 - 2018-03-02 04:16 - 000460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2018-03-16 19:58 - 2018-03-02 04:16 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2018-03-16 19:58 - 2018-03-02 04:16 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2018-03-16 19:58 - 2018-03-02 04:16 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2018-03-16 19:58 - 2018-03-02 04:16 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2018-03-16 19:58 - 2018-03-02 04:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2018-03-16 19:58 - 2018-03-02 04:16 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2018-03-16 19:58 - 2018-03-02 04:15 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-03-16 19:58 - 2018-03-02 04:15 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2018-03-16 19:58 - 2018-03-02 04:15 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2018-03-16 19:58 - 2018-03-02 04:14 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2018-03-16 19:58 - 2018-03-02 04:13 - 005611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-03-16 19:58 - 2018-03-02 04:13 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-03-16 19:58 - 2018-03-02 04:13 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2018-03-16 19:58 - 2018-03-02 04:13 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2018-03-16 19:58 - 2018-03-02 04:10 - 003542528 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-03-16 19:58 - 2018-03-02 04:10 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2018-03-16 19:58 - 2018-03-02 04:09 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-03-16 19:58 - 2018-02-12 18:41 - 000590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-03-16 19:58 - 2018-02-12 18:39 - 001051616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-16 19:58 - 2018-02-12 18:39 - 000894640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-16 19:58 - 2018-02-12 18:38 - 001356360 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-16 19:58 - 2018-02-12 18:38 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-16 19:58 - 2018-02-12 18:30 - 000431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-03-16 19:58 - 2018-02-12 18:30 - 000385888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2018-03-16 19:58 - 2018-02-12 18:30 - 000038232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-03-16 19:58 - 2018-02-12 18:29 - 004675384 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-03-16 19:58 - 2018-02-12 18:29 - 000534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-03-16 19:58 - 2018-02-12 18:29 - 000418944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-03-16 19:58 - 2018-02-12 18:29 - 000369360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-03-16 19:58 - 2018-02-12 18:29 - 000089920 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-03-16 19:58 - 2018-02-12 17:57 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Lockdown.dll
2018-03-16 19:58 - 2018-02-12 17:56 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2018-03-16 19:58 - 2018-02-12 17:52 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-03-16 19:58 - 2018-02-12 17:52 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2018-03-16 19:58 - 2018-02-12 17:52 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certenc.dll
2018-03-16 19:58 - 2018-02-12 17:51 - 005114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-16 19:58 - 2018-02-12 17:51 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-03-16 19:58 - 2018-02-12 17:50 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagperf.dll
2018-03-16 19:58 - 2018-02-12 17:48 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2018-03-16 19:58 - 2018-02-12 17:48 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2018-03-16 19:58 - 2018-02-12 17:48 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll
2018-03-16 19:58 - 2018-02-12 17:47 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-03-16 19:58 - 2018-02-12 17:43 - 001708032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-03-16 19:58 - 2018-02-12 17:43 - 001421824 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-03-16 19:58 - 2018-02-12 17:43 - 001021952 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-03-16 19:58 - 2018-02-10 00:54 - 000037720 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_0C_8086.dll
2018-03-16 19:58 - 2018-02-10 00:52 - 000376664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-03-16 19:58 - 2018-02-10 00:47 - 000688480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-03-16 19:58 - 2018-02-10 00:47 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2018-03-16 19:58 - 2018-02-10 00:47 - 000070288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-03-16 19:58 - 2018-02-10 00:09 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2018-03-16 19:58 - 2018-02-10 00:02 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2018-03-16 19:58 - 2018-01-11 03:05 - 000267048 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-03-16 19:58 - 2018-01-11 02:19 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2018-03-16 19:58 - 2018-01-11 02:18 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
2018-03-16 19:58 - 2018-01-11 02:17 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2018-03-16 19:58 - 2018-01-01 01:22 - 000652344 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-03-16 19:58 - 2018-01-01 01:20 - 000020312 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhv1394.dll
2018-03-16 19:58 - 2018-01-01 00:50 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapAuthProxy.dll
2018-03-16 19:58 - 2018-01-01 00:49 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapPeerProxy.dll
2018-03-16 19:58 - 2018-01-01 00:48 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-03-16 19:58 - 2018-01-01 00:48 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-03-16 19:58 - 2018-01-01 00:48 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\container_xml.dll
2018-03-16 19:58 - 2018-01-01 00:48 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\efslsaext.dll
2018-03-16 19:58 - 2018-01-01 00:48 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2018-03-16 19:58 - 2018-01-01 00:48 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-03-16 19:58 - 2018-01-01 00:47 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-03-16 19:58 - 2018-01-01 00:47 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3dlg.dll
2018-03-16 19:58 - 2018-01-01 00:46 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-03-16 19:58 - 2018-01-01 00:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-03-16 19:58 - 2018-01-01 00:44 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2018-03-16 19:58 - 2018-01-01 00:43 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2018-03-16 19:58 - 2018-01-01 00:42 - 000590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-03-16 19:58 - 2018-01-01 00:42 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2018-03-16 19:58 - 2018-01-01 00:40 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-03-16 19:58 - 2018-01-01 00:40 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2018-03-16 19:58 - 2018-01-01 00:39 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-03-16 19:58 - 2018-01-01 00:36 - 000770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-03-16 19:57 - 2018-03-02 05:05 - 000705888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-16 19:57 - 2018-03-02 05:04 - 000764904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-03-16 19:57 - 2018-03-02 05:01 - 000948576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2018-03-16 19:57 - 2018-03-02 05:01 - 000022880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-16 19:57 - 2018-03-02 05:00 - 000178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2018-03-16 19:57 - 2018-03-02 04:59 - 001095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-16 19:57 - 2018-03-02 04:59 - 000987488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-16 19:57 - 2018-03-02 04:59 - 000812896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2018-03-16 19:57 - 2018-03-02 04:24 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-16 19:57 - 2018-03-02 04:22 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2018-03-16 19:57 - 2018-03-02 04:21 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2018-03-16 19:57 - 2018-03-02 04:21 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2018-03-16 19:57 - 2018-03-02 04:18 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2018-03-16 19:57 - 2018-03-02 04:11 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-03-16 19:57 - 2018-02-12 18:31 - 000714072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-16 19:57 - 2018-02-12 18:31 - 000146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-03-16 19:57 - 2018-02-12 18:30 - 000219480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-16 19:57 - 2018-02-12 18:29 - 000278360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-16 19:57 - 2018-02-12 17:57 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2018-03-16 19:57 - 2018-02-12 17:54 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2018-03-16 19:57 - 2018-02-12 17:53 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2018-03-16 19:57 - 2018-02-12 17:47 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2018-03-16 19:57 - 2018-02-10 00:13 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-16 19:57 - 2018-02-10 00:11 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2018-03-16 19:57 - 2018-01-11 03:20 - 000280408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-16 19:57 - 2018-01-11 03:06 - 000187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-16 19:57 - 2018-01-01 01:20 - 000079704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-03-16 19:57 - 2018-01-01 01:20 - 000031576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-03-16 19:57 - 2018-01-01 01:18 - 000456024 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-03-16 19:57 - 2018-01-01 01:18 - 000022224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumbase.dll
2018-03-16 19:57 - 2018-01-01 01:18 - 000015056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll
2018-03-16 19:57 - 2018-01-01 01:11 - 000110936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-03-16 19:57 - 2018-01-01 01:11 - 000053080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vdrvroot.sys
2018-03-16 19:57 - 2018-01-01 00:50 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll
2018-03-16 19:57 - 2018-01-01 00:49 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-03-16 19:57 - 2018-01-01 00:49 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-03-16 19:57 - 2018-01-01 00:49 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-03-16 19:57 - 2018-01-01 00:48 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-03-16 19:57 - 2018-01-01 00:48 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2018-03-16 19:57 - 2018-01-01 00:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2018-03-16 19:57 - 2018-01-01 00:45 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-03-16 19:57 - 2018-01-01 00:45 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimeprovider.dll
2018-03-16 19:57 - 2018-01-01 00:43 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll
2018-03-16 19:57 - 2018-01-01 00:42 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-03-16 19:57 - 2018-01-01 00:41 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2018-03-16 19:57 - 2018-01-01 00:39 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2018-03-16 19:56 - 2018-01-11 02:10 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-03-16 19:53 - 2018-03-16 19:53 - 000000000 ____D C:\MSI61ff9.tmp
2018-03-16 19:52 - 2018-03-16 19:52 - 000000000 ____D C:\MSI61ff0.tmp
2018-03-15 21:18 - 2018-03-15 21:18 - 000141500 _____ C:\Users\samira\4matpagepre.txt
2018-03-14 23:45 - 2018-03-15 21:15 - 000142076 _____ C:\Users\samira\4MATPAGEUPDATTED3-14.txt
2018-03-14 23:45 - 2018-03-15 21:13 - 000142076 _____ C:\Users\samira\4MATPAGEUPDATTED3-14.HTML
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-11 12:58 - 2017-05-20 23:57 - 000030865 _____ C:\Users\samira\Desktop\FRST.txt
2018-04-11 12:52 - 2016-09-27 00:19 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2018-04-11 12:52 - 2016-09-27 00:19 - 000001908 _____ C:\WINDOWS\diagerr.xml
2018-04-11 12:43 - 2018-01-20 17:29 - 000000000 ___HD C:\$GetCurrent
2018-04-11 12:42 - 2018-01-20 17:27 - 000000000 ____D C:\Windows10Upgrade
2018-04-11 12:40 - 2015-12-27 13:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-11 12:38 - 2017-05-06 20:18 - 000000000 ____D C:\Users\samira\AppData\Local\ntuserlitelist
2018-04-11 12:36 - 2015-12-27 20:42 - 000000000 ____D C:\Users\samira\AppData\Roaming\Skype
2018-04-11 12:32 - 2016-09-27 00:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-11 12:31 - 2016-09-26 23:35 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-04-11 12:31 - 2016-07-16 02:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-04-11 12:30 - 2016-07-16 07:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-11 08:00 - 2016-09-26 23:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-11 05:06 - 2017-10-11 19:45 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-11 05:05 - 2015-12-27 13:04 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-11 01:01 - 2017-05-23 17:00 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-04-11 00:59 - 2016-07-16 07:45 - 000000000 ____D C:\WINDOWS\INF
2018-04-11 00:48 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-11 00:48 - 2015-07-28 13:38 - 007743653 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2018-04-11 00:27 - 2017-05-13 13:29 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-11 00:27 - 2016-02-13 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
2018-04-11 00:27 - 2016-01-25 10:24 - 000001055 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2018-04-10 17:09 - 2017-05-23 16:59 - 000000910 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-04-10 17:09 - 2017-05-23 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-04-10 17:09 - 2017-05-23 16:59 - 000000000 ____D C:\Program Files\RogueKiller
2018-04-10 15:52 - 2018-01-20 17:27 - 000000818 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-04-10 15:51 - 2016-07-16 07:47 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-09 19:04 - 2017-05-21 21:00 - 000000000 ____D C:\WINDOWS\pss
2018-04-09 19:03 - 2017-05-21 21:03 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-04-08 19:46 - 2015-07-28 13:52 - 000000000 ____D C:\ProgramData\Temp
2018-04-08 16:21 - 2017-05-23 17:00 - 000000000 ____D C:\ProgramData\RogueKiller
2018-04-08 15:57 - 2016-09-26 23:41 - 000000000 ____D C:\Users\samira
2018-04-07 23:41 - 2017-05-27 20:17 - 000000000 ____D C:\Users\samira\AppData\Local\CrashDumps
2018-04-06 19:28 - 2017-05-27 17:25 - 000001285 _____ C:\Users\samira\Desktop\My DAP Downloads.lnk
2018-04-06 18:36 - 2016-09-26 23:40 - 002050412 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-05 15:36 - 2017-05-13 11:47 - 000000000 ____D C:\Program Files (x86)\Trojan Remover
2018-04-05 15:24 - 2016-03-25 22:54 - 000000000 ____D C:\Users\samira\Desktop\josh music
2018-04-03 20:31 - 2017-05-20 23:56 - 000000000 ____D C:\FRST
2018-04-03 20:30 - 2017-05-21 00:03 - 000054988 _____ C:\Users\samira\Desktop\Addition.txt
2018-04-03 19:52 - 2017-11-04 13:50 - 000000000 ____D C:\Users\samira\AppData\Local\IIIQF
2018-04-03 19:24 - 2015-07-28 13:13 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-04-03 19:18 - 2016-09-26 23:31 - 000384992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-03 19:14 - 2016-07-16 07:47 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-04-03 19:13 - 2016-07-16 07:47 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-04-03 19:13 - 2016-07-16 07:47 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-04-03 19:13 - 2016-07-16 07:47 - 000000000 ___RD C:\WINDOWS\MiracastView
2018-04-03 19:13 - 2016-07-16 07:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-04-03 19:13 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-04-03 19:13 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-04-03 19:13 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-04-03 19:13 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-04-03 19:13 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-04-03 19:13 - 2016-07-16 07:47 - 000000000 ____D C:\PerfLogs
2018-04-02 22:06 - 2015-12-26 13:05 - 000000000 ____D C:\Users\samira\Documents\My PSP Files
2018-04-02 20:27 - 2016-07-16 07:49 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-04-02 20:27 - 2016-07-16 07:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-02 19:50 - 2017-06-12 20:58 - 000000000 ____D C:\Users\samira\Desktop\tinapics
2018-03-31 21:33 - 2016-03-05 23:07 - 000000000 ____D C:\Users\samira\Documents\CyberLink
2018-03-30 19:29 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-30 16:02 - 2016-12-19 10:32 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-30 16:02 - 2015-07-28 12:59 - 000414716 ____N C:\WINDOWS\Minidump\033018-40906-01.dmp
2018-03-28 04:33 - 2017-07-17 21:03 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4187541878-1249685236-2864717600-1001
2018-03-28 04:33 - 2015-12-25 20:28 - 000002381 _____ C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-28 04:33 - 2015-12-25 20:28 - 000000000 ___RD C:\Users\samira\OneDrive
2018-03-27 18:36 - 2017-09-28 21:49 - 000000000 ____D C:\Program Files\rempl
2018-03-24 16:49 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-24 16:49 - 2015-07-28 12:59 - 000401076 ____N C:\WINDOWS\Minidump\032418-75796-01.dmp
2018-03-24 01:07 - 2017-03-24 15:04 - 000000000 ____D C:\Users\samira\Desktop\jfd
2018-03-24 01:07 - 2015-12-26 13:23 - 000000000 ____D C:\Users\samira\easter
2018-03-22 21:00 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-20 21:21 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\rescache
2018-03-17 17:44 - 2017-09-04 15:41 - 000000000 ____D C:\Users\samira\archived mp
2018-03-13 18:36 - 2015-12-26 13:23 - 000000000 ____D C:\Users\samira\pb new
 
==================== Files in the root of some directories =======
 
2017-09-26 14:32 - 2017-09-26 14:43 - 161567408 _____ (Kaspersky Lab) C:\Users\samira\kfa18.0.0.405aben_es_fr_12643.exe
2018-03-08 17:43 - 2018-03-08 17:44 - 031425176 _____ (Addin Technology Inc.                                       ) C:\Users\samira\KutoolsforExcelSetup.exe
2018-03-10 19:48 - 2018-03-10 19:49 - 082088248 _____ (Pearson                                                     ) C:\Users\samira\testnav-1.6.5.exe
2017-04-13 14:34 - 2017-04-13 14:34 - 007639040 _____ () C:\Program Files (x86)\GUTE0EA.tmp
2017-01-04 22:55 - 2017-01-04 22:55 - 000140288 _____ () C:\Users\samira\AppData\Roaming\Installer.dat
2017-05-18 16:37 - 2017-05-23 18:51 - 000000115 _____ () C:\Users\samira\AppData\Roaming\LogFile.txt
2016-04-30 14:24 - 2016-05-04 16:24 - 000000101 _____ () C:\Users\samira\AppData\Roaming\WB.CFG
 
Files to move or delete:
====================
C:\Users\samira\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
 
 
Some files in TEMP:
====================
2018-04-08 16:20 - 2017-09-07 02:03 - 001887408 _____ (Microsoft Corporation) C:\Users\samira\AppData\Local\Temp\dllnt_dump.dll
2018-04-05 21:56 - 2018-04-05 22:08 - 018309328 _____ (Microsoft Corporation) C:\Users\samira\AppData\Local\Temp\MediaCreationTool.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\ndistpr64.sys -> Access Denied <======= ATTENTION
 
BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully
 
LastRegBack: 2018-04-11 06:39
 
==================== End of FRST.txt ============================
 
 
 
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,218 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:12 PM

Posted 11 April 2018 - 02:45 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)

The computer is infected with the SmartService Rootkit.

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds]Upon completion of the scan or after the reboot, two files named mbar-log.txt and system-log.txt will be created. Both files can be found in the extracted MBAR folder on your Desktop.

Please attach both files in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 iverson3ai1

iverson3ai1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 13 April 2018 - 04:02 PM

Hi, 

 

Sorry for the delay in response. The scan is taking an long time after 8 hours it's still scanning and sometimes says not responding is this normal?

 

I might start the scan again and let it just sit most of the day and see what happens if it;s okay it might be like a day or two until I respond but i just wanted to give you an update. if I can get the scan to complete.  I see in step 7 after i complete the initial scan and reboot if nessecary that it says this Malwarebytes functionality should be restored. You must run a Malwarebytes custom scan with rootkit on so any remaining detections are removed. Do i need to run another scan before i sent you the logs? 

 

Thanks,

 

Samira

 

 



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,218 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:12 PM

Posted 13 April 2018 - 05:08 PM

Lets use another approach:

 

You will need another computer to download FRST64 to a USB drive, run FRST64 in the Recovery Environment, then back in Normal Mode.

Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

Please also download the attached file Attached File  Fixlist.txt   934bytes   2 downloads and save it in the same location the FRST64 is saved in the flash drive.

Boot to the Recovery Console's Command prompt in the infected computer.

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums

Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums
After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:

  • Insert the USB drive containing FRST64 and the Fixlist
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First press the Scan button. That will deactivate the rootkit, once the scan is finished, press the Fix button.
  • These actions will make two logs, a Fixlog.txt and a FRST.txt logs in the flash drive. Please copy and paste them in your reply.

Once finished in the Recovery Environment, restart the computer in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

I will expect the following reports:

Frst.txt produced in the Recovery Console
Fixlog.txt produced in the Recovery Console
Frst.txt produced in Normal Mode
Addition.txt produced in Normal Mode

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,218 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:12 PM

Posted 15 April 2018 - 02:38 PM

Any progress?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 iverson3ai1

iverson3ai1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 16 April 2018 - 04:24 PM

Hi Sorry. 

 

I dont have another computer and tired at work today to put it on the flash drive but couldnt. I am going to try another computer tomorrow at work as i was extremely busy today.  but to be honest on of my other flash drives i have tired booting from it to run  kapersey disk rescue disk and a lot of those boot options didnt work. 

 

Sorry for the delay i have been extremely busy this weekend. 

 

Fyi for malware rootkit it does show at least 4,425 infected files. is it possible the slowness is because of updates and my computer wanting me to update to the new windows 10

 

i have tired reformatting it wont let me. 

 

i also do have trojan remover on my laptop should i delete it?


Edited by iverson3ai1, 16 April 2018 - 04:30 PM.


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,218 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:12 PM

Posted 16 April 2018 - 04:48 PM

FRST already fix an area that will be helpful to reach the Recovery Environment.

 

BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully

 

 

The rootkit will not allow you to perform certain tasks. It is like a Security Program to protect malware. You must remove the rootkit first. The above is the right alternative.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 iverson3ai1

iverson3ai1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 18 April 2018 - 07:08 PM

For some reason I can't get into recovery enviroment but I can boot my computer in safe mode. i have tired options 1 2 6 and  7.

 

 

I am not even sure how I can get into boot option if it's through settings then recovery and update than it won't have i tired it multiple times before today.

 

i am not sure if it;s because of updates. 



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,218 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:12 PM

Posted 18 April 2018 - 07:47 PM

Try this batch file. Attached File  boot_into_RE_2.zip   1.26KB   1 downloads

Extract its contents to the desktop, then right click on it and select "Run as Administrator". Follow the prompts.

There is a Black out in the island will come back tomorrow.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 iverson3ai1

iverson3ai1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 19 April 2018 - 07:31 PM

attached are my logs. 

 

i also want to know since now i can boot into recovery mode would it be best for me to reformat my laptop. i do have everything backed up.

 

Thank you for all of your help 

Attached Files



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,218 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:12 PM

Posted 19 April 2018 - 09:54 PM

It is up to you. You did not, however, run the Fixlist as suggested,  consequently the rootkit still present. I don't know if having this rootkit present may affect a reinstall.

 

Save the Fixlist.txt to a USB drive next to FRST, then open FRST in the Recovery Environment and click on the Fix button. If successful, you may then attempt to reformat and reinstall.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 iverson3ai1

iverson3ai1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 20 April 2018 - 09:29 PM

I am sorry when i printed out the directions it didnt show run fix. attached are my new logs. i checked and my ccleaner does open now. i have yet to check any other programs. 

 

Please let me know what I should do next and if my computer is clean. I do know eventually I will need to do the windows 10 update and my believe because of the rootkit it wouldnt let me do it. 

 

Thank you for all of your help 

Attached Files



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,218 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:12 PM

Posted 20 April 2018 - 11:53 PM

  • Highlight the entire content of the quote box below.

Start::
HKLM-x32\...\Run: [cpx] => "C:\Users\samira\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\samira\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [914432 2017-09-18] () <==== ATTENTION
R2 Dataup; C:\Users\samira\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\samira\AppData\Local\gsbgiw\ct.exe [X] <==== ATTENTION
R5 drmkpro64; <==== ATTENTION: Locked Service <==== ATTENTION
C:\WINDOWS\system32\drivers\ndistpr64.sys
Task: {45764896-6E66-42C7-B067-FEBF3937E650} - \IntegrationManager -> No File <==== ATTENTION
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll => No File
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
Task: {45764896-6E66-42C7-B067-FEBF3937E650} - \IntegrationManager -> No File <==== ATTENTION
Shortcut: C:\Users\samira\bm ppt\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\?hr?m? ?pp L?un?h?r.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Y?utub? Vid?? D?wnl??d?r.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
2018-04-19 19:27 - 2016-11-11 05:26 - 000034816 _____ (Microsoft Corporation) C:\Users\samira\AppData\Local\Temp\3891.exe
2018-04-19 19:40 - 2016-11-11 05:26 - 000034816 _____ (Microsoft Corporation) C:\Users\samira\AppData\Local\Temp\6504.exe
2018-04-08 16:20 - 2017-09-07 02:03 - 001887408 _____ (Microsoft Corporation) C:\Users\samira\AppData\Local\Temp\dllnt_dump.dll
2018-04-13 02:45 - 2018-04-13 02:45 - 000000000 ____D C:\MSI7fa9e.tmp
2018-04-13 02:42 - 2018-04-13 02:42 - 000000000 ____D C:\MSI7fa95.tmp
2018-04-05 16:15 - 2018-04-05 16:15 - 000000000 ____D C:\MSI17517.tmp
2018-04-05 16:10 - 2018-04-05 16:10 - 000000000 ____D C:\MSI17513.tmp
2018-04-05 15:56 - 2018-04-05 15:56 - 000000000 ____D C:\MSI45600.tmp
2018-04-05 15:55 - 2018-04-05 15:55 - 000000000 ____D C:\MSI41379.tmp
2018-03-30 18:51 - 2018-03-30 18:51 - 000000000 ____D C:\MSIa9cf0.tmp
2018-03-30 18:50 - 2018-03-30 18:50 - 000000000 ____D C:\MSIa9cef.tmp
2018-03-27 18:36 - 2018-03-27 18:36 - 000000000 ____D C:\MSI52582.tmp
2018-03-27 18:35 - 2018-03-27 18:35 - 000000000 ____D C:\MSI52579.tmp
2018-03-24 01:10 - 2018-03-24 01:10 - 000008210 _____ C:\Users\samira\Downloads\5D42.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000014730 _____ C:\Users\samira\Downloads\343A.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000007361 _____ C:\Users\samira\Downloads\3B17.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000006649 _____ C:\Users\samira\Downloads\40B9.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000006385 _____ C:\Users\samira\Downloads\487D.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000006214 _____ C:\Users\samira\Downloads\3EB4.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000006177 _____ C:\Users\samira\Downloads\4782.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000004785 _____ C:\Users\samira\Downloads\3A99.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000004496 _____ C:\Users\samira\Downloads\4A73.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000003507 _____ C:\Users\samira\Downloads\3D6B.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000003287 _____ C:\Users\samira\Downloads\32F0.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000002506 _____ C:\Users\samira\Downloads\4A14.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000002428 _____ C:\Users\samira\Downloads\395F.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000002155 _____ C:\Users\samira\Downloads\3F61.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000002068 _____ C:\Users\samira\Downloads\4C4A.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001939 _____ C:\Users\samira\Downloads\3506.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001900 _____ C:\Users\samira\Downloads\4BCC.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001850 _____ C:\Users\samira\Downloads\4733.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001658 _____ C:\Users\samira\Downloads\3C60.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001631 _____ C:\Users\samira\Downloads\369E.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001352 _____ C:\Users\samira\Downloads\375B.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001301 _____ C:\Users\samira\Downloads\35E2.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000000555 _____ C:\Users\samira\Downloads\335E.tmp
2017-04-13 14:34 - 2017-04-13 14:34 - 007639040 _____ () C:\Program Files (x86)\GUTE0EA.tmp
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\?hr?m? ?pp L?un?h?r.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Y?utub? Vid?? D?wnl??d?r.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
ShortcutWithArgument: C:\Users\samira\Desktop\tinapics\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKBGjchx1sXu%2BaKTeJwQFrH9vzxHFxJ0WZTDdHvKSp%2F%2B4tg5JZhf%2F3gJTYHDOdyBc%3D
ShortcutWithArgument: C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Flickr Downloadr.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fpmonoglnknhfnfgeopdjmhpilpejedj
ShortcutWithArgument: C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Simple Image Viewer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nigbplciepfdgfkgcglbkfieeopfjdil
ShortcutWithArgument: C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\SmugMugBrowser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=njogfnamclfbaahhgpnamofgdjohbika
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

favicon-32x32.png Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-1878.1878-3.4.5.2467.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg

  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.
 
RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 iverson3ai1

iverson3ai1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 21 April 2018 - 05:18 PM

Hi.  here are the results from my scan. also doing this process somehow my google chrome history got deleted is that normal? I also believe my chrome needs to be updated is it okay for me update it?

 

Fixlog results

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2018
Ran by samira (21-04-2018 10:40:54) Run:2
Running from C:\Users\samira\Desktop\FRST-OlderVersion
Loaded Profiles: samira (Available Profiles: samira)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [cpx] => "C:\Users\samira\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\samira\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [914432 2017-09-18] () <==== ATTENTION
R2 Dataup; C:\Users\samira\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\samira\AppData\Local\gsbgiw\ct.exe [X] <==== ATTENTION
R5 drmkpro64; <==== ATTENTION: Locked Service <==== ATTENTION
C:\WINDOWS\system32\drivers\ndistpr64.sys
Task: {45764896-6E66-42C7-B067-FEBF3937E650} - \IntegrationManager -> No File <==== ATTENTION
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll => No File
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
Task: {45764896-6E66-42C7-B067-FEBF3937E650} - \IntegrationManager -> No File <==== ATTENTION
Shortcut: C:\Users\samira\bm ppt\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\?hr?m? ?pp L?un?h?r.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Y?utub? Vid?? D?wnl??d?r.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
2018-04-19 19:27 - 2016-11-11 05:26 - 000034816 _____ (Microsoft Corporation) C:\Users\samira\AppData\Local\Temp\3891.exe
2018-04-19 19:40 - 2016-11-11 05:26 - 000034816 _____ (Microsoft Corporation) C:\Users\samira\AppData\Local\Temp\6504.exe
2018-04-08 16:20 - 2017-09-07 02:03 - 001887408 _____ (Microsoft Corporation) C:\Users\samira\AppData\Local\Temp\dllnt_dump.dll
2018-04-13 02:45 - 2018-04-13 02:45 - 000000000 ____D C:\MSI7fa9e.tmp
2018-04-13 02:42 - 2018-04-13 02:42 - 000000000 ____D C:\MSI7fa95.tmp
2018-04-05 16:15 - 2018-04-05 16:15 - 000000000 ____D C:\MSI17517.tmp
2018-04-05 16:10 - 2018-04-05 16:10 - 000000000 ____D C:\MSI17513.tmp
2018-04-05 15:56 - 2018-04-05 15:56 - 000000000 ____D C:\MSI45600.tmp
2018-04-05 15:55 - 2018-04-05 15:55 - 000000000 ____D C:\MSI41379.tmp
2018-03-30 18:51 - 2018-03-30 18:51 - 000000000 ____D C:\MSIa9cf0.tmp
2018-03-30 18:50 - 2018-03-30 18:50 - 000000000 ____D C:\MSIa9cef.tmp
2018-03-27 18:36 - 2018-03-27 18:36 - 000000000 ____D C:\MSI52582.tmp
2018-03-27 18:35 - 2018-03-27 18:35 - 000000000 ____D C:\MSI52579.tmp
2018-03-24 01:10 - 2018-03-24 01:10 - 000008210 _____ C:\Users\samira\Downloads\5D42.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000014730 _____ C:\Users\samira\Downloads\343A.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000007361 _____ C:\Users\samira\Downloads\3B17.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000006649 _____ C:\Users\samira\Downloads\40B9.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000006385 _____ C:\Users\samira\Downloads\487D.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000006214 _____ C:\Users\samira\Downloads\3EB4.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000006177 _____ C:\Users\samira\Downloads\4782.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000004785 _____ C:\Users\samira\Downloads\3A99.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000004496 _____ C:\Users\samira\Downloads\4A73.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000003507 _____ C:\Users\samira\Downloads\3D6B.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000003287 _____ C:\Users\samira\Downloads\32F0.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000002506 _____ C:\Users\samira\Downloads\4A14.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000002428 _____ C:\Users\samira\Downloads\395F.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000002155 _____ C:\Users\samira\Downloads\3F61.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000002068 _____ C:\Users\samira\Downloads\4C4A.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001939 _____ C:\Users\samira\Downloads\3506.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001900 _____ C:\Users\samira\Downloads\4BCC.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001850 _____ C:\Users\samira\Downloads\4733.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001658 _____ C:\Users\samira\Downloads\3C60.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001631 _____ C:\Users\samira\Downloads\369E.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001352 _____ C:\Users\samira\Downloads\375B.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000001301 _____ C:\Users\samira\Downloads\35E2.tmp
2018-03-24 00:32 - 2018-03-24 00:32 - 000000555 _____ C:\Users\samira\Downloads\335E.tmp
2017-04-13 14:34 - 2017-04-13 14:34 - 007639040 _____ () C:\Program Files (x86)\GUTE0EA.tmp
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\?hr?m? ?pp L?un?h?r.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Y?utub? Vid?? D?wnl??d?r.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\samira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
ShortcutWithArgument: C:\Users\samira\Desktop\tinapics\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKBGjchx1sXu%2BaKTeJwQFrH9vzxHFxJ0WZTDdHvKSp%2F%2B4tg5JZhf%2F3gJTYHDOdyBc%3D
ShortcutWithArgument: C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Flickr Downloadr.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fpmonoglnknhfnfgeopdjmhpilpejedj
ShortcutWithArgument: C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Simple Image Viewer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nigbplciepfdgfkgcglbkfieeopfjdil
ShortcutWithArgument: C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\SmugMugBrowser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=njogfnamclfbaahhgpnamofgdjohbika
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx" => not found
"HKLM\System\CurrentControlSet\Services\Dataup" => removed successfully
Dataup => service removed successfully
windowsmanagementservice => service not found.
drmkpro64 => service not found.
"C:\WINDOWS\system32\drivers\ndistpr64.sys" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45764896-6E66-42C7-B067-FEBF3937E650}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45764896-6E66-42C7-B067-FEBF3937E650}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntegrationManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BtSendToMenuEx" => removed successfully
HKLM\Software\Classes\CLSID\{CF24E6B8-F148-4BCB-9108-ADF313966E80} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45764896-6E66-42C7-B067-FEBF3937E650} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntegrationManager => could not remove. Access Denied.
"C:\Users\samira\bm ppt\Int?rn?t ??pl?r?r.lnk" => Could not move.
"C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\?hr?m? ?pp L?un?h?r.lnk" => Could not move.
"C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Y?utub? Vid?? D?wnl??d?r.lnk" => Could not move.
"C:\Users\samira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk" => Could not move.
"C:\Users\samira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk" => Could not move.
C:\Users\samira\AppData\Local\Temp\3891.exe => moved successfully
C:\Users\samira\AppData\Local\Temp\6504.exe => moved successfully
C:\Users\samira\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\MSI7fa9e.tmp => moved successfully
C:\MSI7fa95.tmp => moved successfully
C:\MSI17517.tmp => moved successfully
C:\MSI17513.tmp => moved successfully
C:\MSI45600.tmp => moved successfully
C:\MSI41379.tmp => moved successfully
C:\MSIa9cf0.tmp => moved successfully
C:\MSIa9cef.tmp => moved successfully
C:\MSI52582.tmp => moved successfully
C:\MSI52579.tmp => moved successfully
"C:\Users\samira\Downloads\5D42.tmp" => not found
"C:\Users\samira\Downloads\343A.tmp" => not found
"C:\Users\samira\Downloads\3B17.tmp" => not found
"C:\Users\samira\Downloads\40B9.tmp" => not found
"C:\Users\samira\Downloads\487D.tmp" => not found
"C:\Users\samira\Downloads\3EB4.tmp" => not found
"C:\Users\samira\Downloads\4782.tmp" => not found
"C:\Users\samira\Downloads\3A99.tmp" => not found
"C:\Users\samira\Downloads\4A73.tmp" => not found
"C:\Users\samira\Downloads\3D6B.tmp" => not found
"C:\Users\samira\Downloads\32F0.tmp" => not found
"C:\Users\samira\Downloads\4A14.tmp" => not found
"C:\Users\samira\Downloads\395F.tmp" => not found
"C:\Users\samira\Downloads\3F61.tmp" => not found
"C:\Users\samira\Downloads\4C4A.tmp" => not found
"C:\Users\samira\Downloads\3506.tmp" => not found
"C:\Users\samira\Downloads\4BCC.tmp" => not found
"C:\Users\samira\Downloads\4733.tmp" => not found
"C:\Users\samira\Downloads\3C60.tmp" => not found
"C:\Users\samira\Downloads\369E.tmp" => not found
"C:\Users\samira\Downloads\375B.tmp" => not found
"C:\Users\samira\Downloads\35E2.tmp" => not found
"C:\Users\samira\Downloads\335E.tmp" => not found
C:\Program Files (x86)\GUTE0EA.tmp => moved successfully
"C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\?hr?m? ?pp L?un?h?r.lnk" => Could not move.
"C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Y?utub? Vid?? D?wnl??d?r.lnk" => Could not move.
"C:\Users\samira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk" => Could not move.
"C:\Users\samira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk" => Could not move.
C:\Users\samira\Desktop\tinapics\Google Chrome.lnk => Shortcut argument removed successfully
C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Flickr Downloadr.lnk => Shortcut argument removed successfully
C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Simple Image Viewer.lnk => Shortcut argument removed successfully
C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\SmugMugBrowser.lnk => Shortcut argument removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {07383AB3-9A95-4B0C-95A3-EEE964479E7C}.
Unable to cancel {F2293790-58FF-465D-99CD-1B0BAA479130}.
Unable to cancel {29D69168-223D-4FF7-95CD-9FAEE9947746}.
Unable to cancel {2AE40555-86D3-48FA-870B-ACA1F15FFDDF}.
Unable to cancel {294052FC-14E8-4937-987D-7394595D5B30}.
Unable to cancel {CF8A9374-3B7A-492E-A0B5-A2F5D0580650}.
Unable to cancel {F36E84E2-27AC-4E12-B60D-A00B3E02958D}.
Unable to cancel {00F7FCBA-5A86-44F0-9120-39604B51B440}.
Unable to cancel {6C7BEFAF-B29C-4F27-897D-11BE9BB7C637}.
Unable to cancel {631BA126-4D2C-4629-BAB3-70B6593B9DF9}.
{2B5C1655-14CB-45C6-827E-7632698A511D} canceled.
Unable to cancel {62101133-23D4-44F9-97F8-F0A3DD7D5430}.
Unable to cancel {BA76DCF1-ED0C-465D-81CF-A92EE8A26D18}.
Unable to cancel {2A46AA20-3183-4522-90BB-E8CCEBF80AFC}.
Unable to cancel {199C44D7-D259-45D2-BA6B-A00ECBA88BD7}.
Unable to cancel {3DA7D71C-4E09-487E-A4F9-903C76782693}.
1 out of 16 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 69703 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 145669416 B
Java, Flash, Steam htmlcache => 4264 B
Windows/system/drivers => 135279572 B
Edge => 6791120 B
Chrome => 80979888 B
Firefox => 20837580 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 44282 B
NetworkService => 222185244 B
samira => 159869382 B
 
RecycleBin => 2619552 B
EmptyTemp: => 738.5 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-04-2018 10:51:15)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntegrationManager => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45764896-6E66-42C7-B067-FEBF3937E650} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntegrationManager => could not remove. Access Denied.
 
==== End of Fixlog 10:51:20 ====
 
 
adware cleaner log
# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-19.1
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-21-2018
# Duration: 00:04:57
# OS:       Windows 10 Home
# Cleaned:  52
# Failed:   0
 
 
***** [ Services ] *****
 
Deleted       YahooAUService
 
***** [ Folders ] *****
 
Deleted       C:\Windows\System32\config\systemprofile\AppData\Local\ntuserlitelist
Deleted       C:\Users\Public\Desktop\..\App Explorer
Deleted       C:\Users\samira\Xmas
Deleted       C:\Users\Public\Pokki
Deleted       C:\Users\samira\AppData\LocalLow\Speedbit
Deleted       C:\Windows\System32\sstmp
Deleted       C:\Windows\Syswow64\sstmp
Deleted       C:\uninst
Deleted       C:\Program Files (x86)\SecurityXploded
Deleted       C:\Users\samira\AppData\Local\llssoft
 
***** [ Files ] *****
 
Deleted       C:\TOSTACK
Deleted       C:\Windows\System32\Tasks_Migrated\App Explorer
Deleted       C:\Users\samira\AppData\Roaming\Installer.dat
Deleted       C:\Users\samira\Documents\SpyHunter-Installer.exe
Deleted       C:\Users\samira\Downloads\SpyHunter-Installer.exe
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\en.bytefence.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com
Deleted       HKLM\Software\Wow6432Node\mbs_install
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{80107F16-CB2E-42AB-AB9D-6C11540D5A8B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4187541878-1249685236-2864717600-1001\Software\SpeedBit
Deleted       HKLM\SOFTWARE\Classes\Applications\Setup_WinThruster_2016.exe
Deleted       HKLM\SOFTWARE\Classes\Applications\WinThrusterSetup.exe
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext|DisableAddonLoadTimePerformanceNotifications
Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext|DisableAddonLoadTimePerformanceNotifications
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted       HKLM\Software\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted       HKLM\Software\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Deleted       HKLM\Software\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Deleted       HKLM\Software\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Deleted       HKLM\Software\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Deleted       HKLM\Software\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchUrl|Default
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\Dataup
 
***** [ Chromium (and derivatives) ] *****
 
Deleted       Search Manager
 
***** [ Chromium URLs ] *****
 
Deleted       Web
Deleted       FindWide
Deleted       Ask Search
Deleted       Ask
Deleted       AVG Secure Search
Deleted       AOL
Deleted       Softonic EN
Deleted       Softonic EN
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
 
malware log
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/21/18
Scan Time: 11:37 AM
Log File: df3b6428-4579-11e8-8110-2c600cb4d6c5.json
Administrator: Yes
 
-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4514
License: Trial
 
-System Information-
OS: Windows 10 (Build 14393.2189)
CPU: x64
File System: NTFS
User: LAPTOP-PNLQ6NVK\samira
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 432809
Threats Detected: 25
Threats Quarantined: 25
Time Elapsed: 56 min, 5 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 3
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarantined, [6569], [425124],1.0.4514
PUP.Optional.SafeSearch.ChrPRST, HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gdfjhiclilbjdpeejgcgebmmihkkofji, Quarantined, [307], [450495],1.0.4514
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\CONSOLE\TASKENG.EXE, Quarantined, [6569], [425125],1.0.4514
 
Registry Value: 3
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Quarantined, [6569], [425126],1.0.4514
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Quarantined, [6569], [425124],1.0.4514
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-4187541878-1249685236-2864717600-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarantined, [6569], [425125],1.0.4514
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 1
Adware.ConvertAd.Generic, C:\PROGRAM FILES (X86)\49169d39-dbc8-4901-901c-2406bc6774121483584891, Quarantined, [821], [385005],1.0.4514
 
File: 18
Adware.ConvertAd.Generic, C:\PROGRAM FILES (X86)\49169d39-dbc8-4901-901c-2406bc6774121483584891\kns49169d39-dbc8-4901-901c-2406bc677412.tmpfs, Quarantined, [821], [385005],1.0.4514
PUP.Optional.SafeSearch.ChrPRST, C:\USERS\SAMIRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [307], [450495],1.0.4514
PUP.Optional.SafeSearch.ChrPRST, C:\USERS\SAMIRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [307], [450495],1.0.4514
PUP.Optional.SafeSearch.ChrPRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Quarantined, [307], [-1],0.0.0
PUP.Optional.SafeSearch.ChrPRST, C:\PROGRAMDATA\NTUSER.POL, Quarantined, [307], [-1],0.0.0
Rootkit.Agent.PUA, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\NDISTPR64.SYS-K.MBAM, Delete-on-Reboot, [381], [384893],1.0.4514
Trojan.Agent, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\3B8F39FA6E1A6931.VIR, Delete-on-Reboot, [380], [451214],1.0.4514
Trojan.Agent, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\61A84CA9A3B5F38B.VIR, Quarantined, [380], [451214],1.0.4514
Adware.Yelloader, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\1C2C0A71A1922E40.VIR, Delete-on-Reboot, [2499], [431046],1.0.4514
Trojan.Agent, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\847C3E2652D330AC.VIR, Delete-on-Reboot, [380], [432061],1.0.4514
Adware.PCHealthBoost, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\305CD03A96E73825.VIR, Quarantined, [15011], [472289],1.0.4514
Adware.Yelloader, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\66C2F76CFDEDE2A7.VIR, Quarantined, [2499], [377106],1.0.4514
Adware.Yelloader, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\77171C53084A15F0.VIR, Quarantined, [2499], [377106],1.0.4514
Adware.Yelloader, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\EB2098D850AA089C.VIR, Delete-on-Reboot, [2499], [431046],1.0.4514
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\OOSPERMOGRENI\OOSPERMOGRENI.EXE, Quarantined, [0], [392686],1.0.4514
PUP.Optional.InstallCore, C:\USERS\SAMIRA\DOWNLOADS\POWERISO-64-FULLACTIVATED.ACE, Quarantined, [385], [80770],1.0.4514
PUP.Optional.Plumbytes, C:\USERS\SAMIRA\DOWNLOADS\ANTIMALWARESETUP.EXE, Quarantined, [3536], [123575],1.0.4514
Adware.Yelloader, C:\USERS\SAMIRA\APPDATA\LOCAL\YGLOG\RZPEKF, Delete-on-Reboot, [2499], [404612],1.0.4514
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 
 
rogue killer
RogueKiller V12.12.13.0 (x64) [Apr 16 2018] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : samira [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 04/21/2018 13:07:50 (Duration : 04:34:19)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Deleted
[PUP.Gen0][Chrome:Addon] Default : Video Downloader professional [elicpjhcidhpjomhibiffojpinpmmpil] -> ERROR [2]
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 475857 MB
3 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 975124480 | Size: 805 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
 

 

 

Attached Files



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,218 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:12 PM

Posted 21 April 2018 - 06:33 PM

That was a good cleanup. How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users