Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unauthorized but not flagged account access - Malware?


  • This topic is locked This topic is locked
15 replies to this topic

#1 iker42

iker42

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 28 May 2018 - 11:14 AM

I've had issues with someone accessing my Google account from a VPN IP (UK, New York City) without triggering any of googles security flags including 2FA. Now this morning they accessed my Paypal without any security flags and they had the ability to change my account password. This leads me to believe that that PC has been infected with malware that MWB cannot detect. I've ran a number of scans and now I'm turning to you. 

 

Here are my FRST logs. Thank you for your time and assistance. 

 

FRST.txt log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by MikeA (administrator) on MIS3 (28-05-2018 11:56:39)
Running from C:\Users\mikea\Downloads
Loaded Profiles: MikeA (Available Profiles: auxadmin & MikeA & admin)
Platform: Windows 10 Pro Version 1803 17134.81 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\igfxCUIService.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\IntelCpHDCPSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(OSBASE) C:\Windows\System32\ddmgr.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MsMpEng.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\IntelCpHeciSvc.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1111\DSAPI.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1111\Phobos.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Cisco Systems, Inc) C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CiscoJabber.exe
(Brio) C:\Program Files\FolderSize\FolderSize.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(WebEx) C:\Program Files (x86)\Cisco Systems\Cisco Jabber\x64\wbxcOIEx64.exe
(Nenad Hrg SoftwareOK) C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopOK_x64.exe
(Sennheiser Communications) C:\Program Files (x86)\Sennheiser\SoftphoneSDK\SecomSDK.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Duet, Inc.) C:\Program Files\Kairos\Duet Display\duet.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_desktop.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8830744 2016-11-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1437976 2016-11-02] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-08-18] (Intel Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Greenshot)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [724400 2016-07-24] (Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [132856 2017-05-18] (Intel)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1176208 2017-11-09] (Intel Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112104 2018-01-08] (VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM-x32\...\Run: [Duet Display] => C:\Program Files\Kairos\Duet Display\duet.exe [2106360 2018-03-13] (Duet, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-166812146-971143260-1179000955-2659\...\Run: [Cisco Jabber] => C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CiscoJabber.exe [169560 2017-09-25] (Cisco Systems, Inc)
HKU\S-1-5-21-166812146-971143260-1179000955-2659\...\Run: [Folder Size] => C:\Program Files\FolderSize\FolderSize.exe [169472 2013-02-13] (Brio)
HKU\S-1-5-21-166812146-971143260-1179000955-2659\...\Policies\Explorer: [ConfirmFileDelete] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2017-07-31]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopOK_x64.exe [2017-04-19] (Nenad Hrg SoftwareOK)
Startup: C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2016.lnk [2018-05-04]
ShortcutTarget: Outlook 2016.lnk -> C:\Windows\Installer\{90160000-0012-0000-1000-0000000FF1CE}\outicon.exe ()
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1    vmware-localhost
Tcpip\..\Interfaces\{a0ccaad0-beeb-4052-b561-23ae6d26a64a}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{e324d560-50f6-4fbd-9892-25b85f20eb19}: [NameServer] 10.0.0.7,10.0.0.8
 
Internet Explorer:
==================
HKU\S-1-5-21-166812146-971143260-1179000955-2659\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-f8f2a690
HKU\S-1-5-21-166812146-971143260-1179000955-2659\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKU\S-1-5-21-166812146-971143260-1179000955-2659 -> {68C824D4-0B0F-4F9B-B202-C88733E02A69} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll [2018-05-16] (EJIE Technology)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-30] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-30] (Oracle Corporation)
BHO-x32: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper32.dll [2018-05-16] (EJIE Technology)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
 
Edge: 
======
Edge Extension: (AutoFormFill) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [2018-04-11]
Edge Extension: (LearningTools) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [2018-04-11]
 
FireFox:
========
FF DefaultProfile: cisco.default
FF ProfilePath: C:\Users\mikea\AppData\Roaming\Mozilla\Firefox\Profiles\cisco.default [2018-05-24]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-01-23] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-20] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2014-10-30] (VMware, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-166812146-971143260-1179000955-2659: @citrixonline.com/appdetectorplugin -> C:\Users\mikea\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-07-29] (Citrix Online)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default [2018-05-28]
CHR Extension: (SQLite Viewer with Google Drive) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaeojgplhedihcdhfcgodiepddeecepl [2017-11-20]
CHR Extension: (cPanel) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ablhdjboaniefejbodoachlgadjnkced [2018-05-04]
CHR Extension: (Ripple (XRP) Price Ticker) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aceanfmobdgdiifkcnobhdoadjphmccd [2018-01-15]
CHR Extension: (CloudTrax) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\akbnongdneingfbddlhihjgokjcpdidn [2018-05-04]
CHR Extension: (Google Drive) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-21]
CHR Extension: (Chester County Department of Emergenc...) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbacnijdfbcihkmdeklemalpckjeikkm [2017-10-30]
CHR Extension: (MEGA) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2018-05-24]
CHR Extension: (WMMR) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjpmocjdkfnmkmeafadlmhoghmkeiekd [2018-05-04]
CHR Extension: (YouTube) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-21]
CHR Extension: (CUC) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceeanidgeajbboaocdocpnpnnplmbbdh [2018-05-07]
CHR Extension: (uBlock Origin) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-05-28]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2017-12-30]
CHR Extension: (Spiceworks - Dashboard) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\daljkbdnajgagciipongndpagfhibhdc [2017-11-16]
CHR Extension: (Skedda) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlhlaejehkjfinjdlpiegklmoanianip [2018-05-04]
CHR Extension: (Jabber Call) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\felnfjenhdokeebbbbakdolpghmceefo [2017-09-26]
CHR Extension: (Chrome Remote Desktop) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-02-14]
CHR Extension: (WHM) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbleollflnencaenekbbacgkbebookfd [2018-05-04]
CHR Extension: (Amazon™ Sort - Number of Reviews) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepimngelnnmpbpklphhbbmalefoploi [2017-11-21]
CHR Extension: (Teamwork) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\hikiaheobklndbeljgccmmpekhaljeij [2018-05-04]
CHR Extension: (vSphere) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinfghlknhookbpkababcpfpbjcflgpl [2018-05-09]
CHR Extension: (Moraware JobTracker - Jobs) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdmkkekjdabekicmdimkaholdmmhpaco [2018-04-03]
CHR Extension: (Slack) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeogkiiogjbmhklcnbgkdcjoioegiknm [2017-07-26]
CHR Extension: (cPanel) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\khbbefochopcmbaiopekgmhhhkiamgmf [2018-02-16]
CHR Extension: (YouTube TV - Watch & DVR Live Sports,...) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiemjbkkegajmpbobdfngbmjccjhnofh [2018-05-11]
CHR Extension: (Yammer) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\laipjomfabglokiemfjfcpnbggfafegg [2018-05-08]
CHR Extension: (WHM Login) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcoaokpldaopnebcfmieiocmapmlggf [2018-02-15]
CHR Extension: (Crypto Ticker) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlbponfieopeapilgijoffpadgnjgef [2018-04-30]
CHR Extension: (Welcome to Zoho Reports) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcendhinfcbonacmnnbjbhllpdlfmkin [2017-11-20]
CHR Extension: (Coinbase BTC, ETH and LTC Ticker) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfoihmgadcjlpehaenaclbcldkndjnll [2018-01-12]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-07-24]
CHR Extension: (Tickets) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjmcjcigjknnkiifgkmmhbckkhgepnno [2017-09-06]
CHR Extension: (Teamwork) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlgpoaaholkggnajjheejndodnapiaph [2017-09-12]
CHR Extension: (Umbrella) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngeekmlhhppadhibcemgbkmckompalll [2018-05-04]
CHR Extension: (Zoho) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhfemjfjakdbjnaljcbohpdliggdgnm [2018-05-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (CV Licenses) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pamkapglanpmfbbnahicjalakkngagnj [2018-04-03]
CHR Extension: (CUCM) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\papjedcglkgolepjoblmecoghncpbmhf [2018-05-07]
CHR Extension: (vSphereFlash) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfkjmmclnjpdipohbdcgepmlpihpebf [2018-03-30]
CHR Extension: (Gmail) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-21]
CHR Extension: (vSphere) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkdbabcdkdeokkbincpijihmjkpdlegn [2017-10-19]
CHR Extension: (Chrome Media Router) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-27]
CHR Extension: (Sticky Notes - Just popped up!) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpdjbappofmfbgdmhoaabefbobddchk [2018-03-16]
CHR Extension: (Cryptocurrency Portfolio) - C:\Users\mikea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaenlogfahpkkmmhbenkendmhcaebo [2017-11-27]
CHR HKU\S-1-5-21-166812146-971143260-1179000955-2659\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kcehcblfpidimbihdfophhhdejckolgh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [302952 2018-02-10] (AOMEI Tech Co., Ltd.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe [71000 2018-03-06] (Google Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-29] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-05-21] (Dropbox, Inc.)
R2 ddmgr; C:\WINDOWS\system32\ddmgr.exe [1691072 2018-03-13] (OSBASE)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2018-02-10] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3346320 2018-02-10] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2018-02-10] (Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1111\DSAPI.exe [930112 2018-05-16] (PC-Doctor, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [21240 2017-05-18] (Intel)
S3 DuetUpdater; C:\Program Files\Kairos\Duet Display\DuetUpdater.exe [902136 2018-03-21] (Kairos)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
R2 HCloverService; C:\Program Files (x86)\Clover\CloverSvc.dll [735592 2018-05-16] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-08-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel® Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [318744 2016-11-02] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [220440 2017-07-18] (Stardock Software, Inc)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [43480 2018-05-11] (Dell Inc.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12443624 2018-01-08] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-04-25] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-04-25] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe [437392 2016-10-10] (Wondershare)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-21] ()
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-21] ()
S3 ampa; C:\WINDOWS\system32\ampa.sys [19568 2015-11-10] () [File not signed]
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [19568 2015-11-10] () [File not signed]
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2017-09-01] ()
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2018-02-10] (Dell Inc.)
R4 ddkmd; C:\WINDOWS\system32\drivers\ddkmd.sys [295248 2018-03-13] (OSBASE)
R0 ddkmdldr; C:\WINDOWS\System32\drivers\ddkmdldr.sys [31568 2018-03-13] (OSBASE)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-02-10] (Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 duetbus; C:\WINDOWS\System32\drivers\duetbus.sys [32512 2017-09-20] (Duet, Inc.)
S3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c65x64.sys [488736 2015-08-03] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTDVHD64.sys [2687520 2016-11-02] (Realtek Semiconductor Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-05-07] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-05-25] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-05-25] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-07] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-05-28] (Malwarebytes)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 vmsmp; C:\WINDOWS\System32\drivers\vmswitch.sys [1777152 2018-05-24] (Microsoft Corporation)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-05-24] (Microsoft Corporation)
R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-05-24] (Microsoft Corporation)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-02] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-04-25] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313888 2018-04-25] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-25] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-28 11:56 - 2018-05-28 11:56 - 000032547 _____ C:\Users\mikea\Downloads\FRST.txt
2018-05-28 11:55 - 2018-05-28 11:56 - 000000000 ____D C:\FRST
2018-05-28 11:54 - 2018-05-28 11:54 - 002413056 _____ (Farbar) C:\Users\mikea\Downloads\FRST64.exe
2018-05-25 16:52 - 2018-05-28 09:20 - 000000000 ____D C:\Users\mikea\AppData\Local\D3DSCache
2018-05-25 12:15 - 2018-05-25 12:15 - 014665728 _____ C:\Users\mikea\Downloads\Administrative Templates (.admx) for Windows 10 April 2018 Update.msi
2018-05-25 12:11 - 2018-05-25 12:11 - 005377024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gppref.dll
2018-05-25 12:11 - 2018-05-25 12:11 - 005012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gppref.dll
2018-05-25 12:11 - 2018-05-25 12:11 - 003228160 _____ (Microsoft Corporation) C:\WINDOWS\system32\propshts.dll
2018-05-25 12:11 - 2018-05-25 12:11 - 002518528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propshts.dll
2018-05-25 12:11 - 2018-05-25 12:11 - 000764416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefbr.dll
2018-05-25 12:11 - 2018-05-25 12:11 - 000608256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefbr.dll
2018-05-25 12:11 - 2018-05-25 12:11 - 000281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpregistrybrowser.dll
2018-05-25 12:11 - 2018-05-25 12:11 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpregistrybrowser.dll
2018-05-25 12:11 - 2018-05-25 12:11 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcn.dll
2018-05-25 12:11 - 2018-05-25 12:11 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcn.dll
2018-05-25 12:11 - 2018-05-25 12:11 - 000001315 _____ C:\WINDOWS\DfsrAdmin.exe.config
2018-05-25 12:11 - 2018-05-25 12:11 - 000001311 _____ C:\WINDOWS\system32\DfsMgmt.dll.config
2018-05-25 12:11 - 2018-05-25 12:11 - 000000764 _____ C:\WINDOWS\system32\dsac.exe.config
2018-05-25 12:11 - 2018-05-25 12:11 - 000000000 ____D C:\WINDOWS\ADFS
2018-05-25 12:10 - 2018-03-24 14:36 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\LbfoAdminLib.dll
2018-05-25 12:10 - 2018-03-24 14:36 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Windows.DeploymentServices.ServerManager.Plugin.dll
2018-05-25 12:10 - 2018-03-24 14:36 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsdiag.dll
2018-05-25 12:10 - 2018-03-24 14:36 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServerManager.exe
2018-05-25 12:10 - 2018-03-24 14:36 - 000183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Windows.ServerManager.DhcpServer.Plugin.dll
2018-05-25 12:10 - 2018-03-24 14:36 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\LbfoAdmin.exe
2018-05-25 12:10 - 2018-03-24 14:36 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\VLHelper.dll
2018-05-25 12:10 - 2018-03-24 14:36 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtedit.exe
2018-05-25 12:10 - 2018-03-24 14:36 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Windows.ServerManager.NetworkController.Plugin.dll
2018-05-25 12:10 - 2018-03-24 14:27 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShieldingDataFileWizard.exe
2018-05-25 12:10 - 2018-03-24 14:27 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TemplateDiskWizard.exe
2018-05-25 12:10 - 2018-03-24 14:26 - 000558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.IdentityServer.ApplicationProxy.Management.ViewModel.dll
2018-05-25 12:10 - 2018-03-24 14:26 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.IdentityServer.ApplicationProxy.Management.Utils.dll
2018-05-25 12:10 - 2018-03-24 14:26 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.IdentityServer.ApplicationProxy.Management.Common.dll
2018-05-25 12:10 - 2018-03-24 14:26 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Interop.DfsrHelper.dll
2018-05-25 12:10 - 2018-03-24 14:26 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSDeployRes.dll
2018-05-25 12:10 - 2018-03-23 18:51 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Interop.DfsrHelper.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstlsapi.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipamres.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SVMProvisioning.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SusNativeCommon.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsPubIconHelper.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DfsRes.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtpm.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrvMgrInst.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsacn.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rrasprxy.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\FcSrv_ps.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfscmd.exe
2018-05-25 12:10 - 2018-03-23 12:36 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\redircmp.exe
2018-05-25 12:10 - 2018-03-23 12:36 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\HostGuardianServiceClientResources.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\FssmInst.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BPAInst.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\nfsclusrc.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSDeployRes.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsDeployRes.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\HardenedFabricNativeResources.dll
2018-05-25 12:10 - 2018-03-23 12:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fssmres.dll
2018-05-25 12:10 - 2018-03-23 12:35 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\damgmtres.dll
2018-05-25 12:10 - 2018-03-23 12:35 - 000278016 _____ C:\WINDOWS\system32\PtpTemplateNative.dll
2018-05-25 12:10 - 2018-03-23 12:35 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendom.exe
2018-05-25 12:10 - 2018-03-23 12:35 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ippromon.dll
2018-05-25 12:10 - 2018-03-23 12:35 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\GPOAdminCommon.dll
2018-05-25 12:10 - 2018-03-23 12:35 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\certxds.dll
2018-05-25 12:10 - 2018-03-23 12:35 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsquery.exe
2018-05-25 12:10 - 2018-03-23 12:35 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsdiagres.dll
2018-05-25 12:10 - 2018-03-23 12:35 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntfrsapi.dll
2018-05-25 12:10 - 2018-03-23 12:35 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\netdom.exe
2018-05-25 12:10 - 2018-03-23 12:35 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\svrmgrnc.dll
2018-05-25 12:10 - 2018-03-23 12:35 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpfixup.exe
2018-05-25 12:10 - 2018-03-23 12:35 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsacls.exe
2018-05-25 12:10 - 2018-03-23 12:35 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\csvde.exe
2018-05-25 12:10 - 2018-03-23 12:35 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeAducExt.dll
2018-05-25 12:10 - 2018-03-23 12:35 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsmove.exe
2018-05-25 12:10 - 2018-03-23 12:35 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfsfrsHost.exe
2018-05-25 12:10 - 2018-03-23 12:35 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AagMmcRes.dll
2018-05-25 12:10 - 2018-03-23 12:35 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdmsInst.dll
2018-05-25 12:10 - 2018-03-23 12:35 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MuxInst.dll
2018-05-25 12:10 - 2018-03-23 12:35 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EssentialsConfigPluginNative.dll
2018-05-25 12:10 - 2018-03-23 12:35 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\redirusr.exe
2018-05-25 12:10 - 2018-03-23 12:35 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSEDeployRes.dll
2018-05-25 12:10 - 2018-03-23 12:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdmsres.dll
2018-05-25 12:10 - 2018-03-23 12:34 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkiview.dll
2018-05-25 12:10 - 2018-03-23 12:34 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicMgr.exe
2018-05-25 12:10 - 2018-03-23 12:34 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\OCSPAdminNative.dll
2018-05-25 12:10 - 2018-03-23 12:34 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsuiwiz.dll
2018-05-25 12:10 - 2018-03-23 12:34 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\domadmin.dll
2018-05-25 12:10 - 2018-03-23 12:34 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ocsprevp.dll
2018-05-25 12:10 - 2018-03-23 12:34 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TlsBrand.dll
2018-05-25 12:10 - 2018-03-23 12:34 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsget.exe
2018-05-25 12:10 - 2018-03-23 12:34 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtrfiltr.dll
2018-05-25 12:10 - 2018-03-23 12:34 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsadd.exe
2018-05-25 12:10 - 2018-03-23 12:34 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsmod.exe
2018-05-25 12:10 - 2018-03-23 12:34 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlbs.exe
2018-05-25 12:10 - 2018-03-23 12:34 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlb.exe
2018-05-25 12:10 - 2018-03-23 12:34 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPrepSrv.dll
2018-05-25 12:10 - 2018-03-23 12:34 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsrm.exe
2018-05-25 12:10 - 2018-03-23 12:33 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lrwizdll.dll
2018-05-25 12:10 - 2018-03-23 12:33 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\certtmpl.dll
2018-05-25 12:10 - 2018-03-23 12:33 - 000455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlbmgr.exe
2018-05-25 12:10 - 2018-03-23 12:33 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\schmmgmt.dll
2018-05-25 12:10 - 2018-03-23 12:33 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipmontr.dll
2018-05-25 12:10 - 2018-03-23 12:33 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\capesnpn.dll
2018-05-25 12:10 - 2018-03-23 12:33 - 000212480 _____ (Microsoft Corporation) C:\WINDOWS\system32\certpdef.dll
2018-05-25 12:10 - 2018-03-23 12:33 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfsncimprov.dll
2018-05-25 12:10 - 2018-03-23 12:33 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsuserex.dll
2018-05-25 12:10 - 2018-03-23 12:33 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmclusex.dll
2018-05-25 12:10 - 2018-03-23 12:32 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certadm.dll
2018-05-25 12:10 - 2018-03-23 12:32 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ldifde.exe
2018-05-25 12:10 - 2018-03-23 10:03 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendom.exe
2018-05-25 12:10 - 2018-03-23 10:03 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntfrsapi.dll
2018-05-25 12:10 - 2018-03-23 10:03 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netdom.exe
2018-05-25 12:10 - 2018-03-23 10:03 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpfixup.exe
2018-05-25 12:10 - 2018-03-23 10:03 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dfsfrsHost.exe
2018-05-25 12:10 - 2018-03-23 10:03 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nfsclusrc.dll
2018-05-25 12:10 - 2018-03-23 10:02 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GPOAdminCommon.dll
2018-05-25 12:10 - 2018-03-23 10:02 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DfsRes.dll
2018-05-25 12:10 - 2018-03-23 10:02 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ldifde.exe
2018-05-25 12:10 - 2018-03-23 10:02 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\csvde.exe
2018-05-25 12:10 - 2018-03-23 10:02 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPrepSrv.dll
2018-05-25 12:10 - 2018-03-23 10:02 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\redirusr.exe
2018-05-25 12:10 - 2018-03-23 10:01 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsacls.exe
2018-05-25 12:10 - 2018-03-23 10:01 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\redircmp.exe
2018-05-25 12:10 - 2018-03-23 10:01 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FcSrv_ps.dll
2018-05-25 12:10 - 2018-02-09 18:13 - 000146446 _____ C:\WINDOWS\SysWOW64\gpmc.msc
2018-05-25 12:10 - 2018-02-09 18:13 - 000146019 _____ C:\WINDOWS\SysWOW64\gptedit.msc
2018-05-25 12:10 - 2018-02-09 18:11 - 000268640 _____ C:\WINDOWS\SysWOW64\dfsrHealthReport.xsl
2018-05-25 12:10 - 2018-02-09 18:11 - 000155741 _____ C:\WINDOWS\SysWOW64\dfsrPropagationReport.xsl
2018-05-25 12:10 - 2018-02-09 18:11 - 000055953 _____ C:\WINDOWS\SysWOW64\dfsmgmt.msc
2018-05-25 12:10 - 2017-11-02 20:27 - 000151743 _____ C:\WINDOWS\system32\FailoverClusters.SnapInHelper.msc
2018-05-25 12:10 - 2017-11-02 20:26 - 000268640 _____ C:\WINDOWS\system32\dfsrHealthReport.xsl
2018-05-25 12:10 - 2017-11-02 20:25 - 000115237 _____ C:\WINDOWS\system32\lsdiag.msc
2018-05-25 12:10 - 2017-11-02 20:25 - 000055953 _____ C:\WINDOWS\system32\dfsmgmt.msc
2018-05-25 12:10 - 2017-11-02 20:24 - 000092554 _____ C:\WINDOWS\system32\ocsp.msc
2018-05-25 12:10 - 2017-11-02 20:23 - 000146446 _____ C:\WINDOWS\system32\gpmc.msc
2018-05-25 12:10 - 2017-11-02 20:23 - 000146019 _____ C:\WINDOWS\system32\gptedit.msc
2018-05-25 12:10 - 2017-11-02 20:22 - 000155741 _____ C:\WINDOWS\system32\dfsrPropagationReport.xsl
2018-05-25 12:10 - 2017-11-02 20:22 - 000034000 _____ C:\WINDOWS\system32\rrasmgmt.msc
2018-05-25 12:10 - 2017-11-02 20:20 - 000144354 _____ C:\WINDOWS\system32\pkiview.msc
2018-05-25 12:10 - 2017-11-02 20:19 - 000115860 _____ C:\WINDOWS\system32\tsgateway.msc
2018-05-25 12:10 - 2017-11-02 20:19 - 000108461 _____ C:\WINDOWS\system32\fsrm.msc
2018-05-25 12:10 - 2017-11-02 20:19 - 000092853 _____ C:\WINDOWS\system32\certsrv.msc
2018-05-25 12:10 - 2017-11-02 20:18 - 000003034 _____ C:\WINDOWS\system32\DefaultParameters.xml
2018-05-25 12:10 - 2017-11-02 20:16 - 000146654 _____ C:\WINDOWS\system32\dhcpmgmt.msc
2018-05-25 12:10 - 2017-11-02 20:16 - 000093590 _____ C:\WINDOWS\system32\LServer_PKConfig.xml
2018-05-25 12:10 - 2017-11-02 20:12 - 000150924 _____ C:\WINDOWS\system32\CluAdmin.msc
2018-05-25 12:10 - 2017-11-02 20:12 - 000144951 _____ C:\WINDOWS\system32\domain.msc
2018-05-25 12:10 - 2017-11-02 20:11 - 000145293 _____ C:\WINDOWS\system32\certtmpl.msc
2018-05-25 12:09 - 2018-03-24 14:36 - 005548544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Windows.ServerManager.Plugins.Ipam.dll
2018-05-25 12:09 - 2018-03-24 14:36 - 002164224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipamapi.dll
2018-05-25 12:09 - 2018-03-24 14:36 - 000449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Vmw.exe
2018-05-25 12:09 - 2018-03-24 14:36 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Windows.ServerManager.NPASRole.Plugin.dll
2018-05-25 12:09 - 2018-03-24 14:36 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\HgsClientWmi.dll
2018-05-25 12:09 - 2018-03-24 14:27 - 008584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\RAMgmtUI.exe
2018-05-25 12:09 - 2018-03-24 14:26 - 009604608 _____ (Microsoft Corporation) C:\WINDOWS\system32\damgmt.dll
2018-05-25 12:09 - 2018-03-24 14:26 - 004129280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsac.exe
2018-05-25 12:09 - 2018-03-24 14:26 - 000512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClusterUpdateUI.exe
2018-05-25 12:09 - 2018-03-24 14:26 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\DfsrAdmin.exe
2018-05-25 12:09 - 2018-03-23 12:50 - 000001152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Server Manager.lnk
2018-05-25 12:09 - 2018-03-23 12:35 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\repadmin.exe
2018-05-25 12:09 - 2018-03-23 12:35 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfsutil.exe
2018-05-25 12:09 - 2018-03-23 12:34 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ldp.exe
2018-05-25 12:09 - 2018-03-23 12:34 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpmon.dll
2018-05-25 12:09 - 2018-03-23 12:34 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsmgmt.exe
2018-05-25 12:09 - 2018-03-23 12:34 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\dirquota.exe
2018-05-25 12:09 - 2018-03-23 12:34 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\filescrn.exe
2018-05-25 12:09 - 2018-03-23 12:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\storrept.exe
2018-05-25 12:09 - 2018-03-23 12:33 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsiedit.dll
2018-05-25 12:09 - 2018-03-23 12:33 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\GPRSoP.dll
2018-05-25 12:09 - 2018-03-23 12:33 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnscmd.exe
2018-05-25 12:09 - 2018-03-23 12:33 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsutil.exe
2018-05-25 12:09 - 2018-03-23 12:33 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsdbutil.exe
2018-05-25 12:09 - 2018-03-23 12:33 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\DfsDiag.exe
2018-05-25 12:09 - 2018-03-23 12:32 - 001705984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsmgr.dll
2018-05-25 12:09 - 2018-03-23 12:32 - 001637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcpromoui.dll
2018-05-25 12:09 - 2018-03-23 12:32 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpme.dll
2018-05-25 12:09 - 2018-03-23 12:31 - 001116672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsadmin.dll
2018-05-25 12:09 - 2018-03-23 12:31 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DfsrHelper.dll
2018-05-25 12:09 - 2018-03-23 12:30 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpmgmt.dll
2018-05-25 12:09 - 2018-03-23 12:30 - 001834496 _____ (Microsoft Corporation) C:\WINDOWS\system32\GPOAdmin.dll
2018-05-25 12:09 - 2018-03-23 12:30 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\system32\adprop.dll
2018-05-25 12:09 - 2018-03-23 12:30 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipsnap.dll
2018-05-25 12:09 - 2018-03-23 12:30 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcdiag.exe
2018-05-25 12:09 - 2018-03-23 12:29 - 002355200 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfsrdiag.exe
2018-05-25 12:09 - 2018-03-23 12:29 - 001380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprsnap.dll
2018-05-25 12:09 - 2018-03-23 12:29 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcpromocmd.dll
2018-05-25 12:09 - 2018-03-23 12:29 - 001243136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvrcimprov.dll
2018-05-25 12:09 - 2018-03-23 12:28 - 003921408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsnap.dll
2018-05-25 12:09 - 2018-03-23 12:28 - 001203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\GPOAdminCustom.dll
2018-05-25 12:09 - 2018-03-23 12:28 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmmc.dll
2018-05-25 12:09 - 2018-03-23 10:02 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ldp.exe
2018-05-25 12:09 - 2018-03-23 10:02 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpmon.dll
2018-05-25 12:09 - 2018-03-23 10:02 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsmgmt.exe
2018-05-25 12:09 - 2018-03-23 10:01 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpme.dll
2018-05-25 12:09 - 2018-03-23 10:01 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GPRSoP.dll
2018-05-25 12:09 - 2018-03-23 10:01 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcdiag.exe
2018-05-25 12:09 - 2018-03-23 10:01 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdsutil.exe
2018-05-25 12:09 - 2018-03-23 10:01 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\repadmin.exe
2018-05-25 12:09 - 2018-03-23 10:01 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsdbutil.exe
2018-05-25 12:09 - 2018-03-23 10:00 - 001711104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpmgmt.dll
2018-05-25 12:09 - 2018-03-23 10:00 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DfsrHelper.dll
2018-05-25 12:09 - 2018-03-23 09:59 - 001466880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GPOAdmin.dll
2018-05-25 12:09 - 2018-03-23 09:58 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GPOAdminCustom.dll
2018-05-25 12:09 - 2018-02-09 18:13 - 000146712 _____ C:\WINDOWS\SysWOW64\gpme.msc
2018-05-25 12:09 - 2017-11-02 20:23 - 000146712 _____ C:\WINDOWS\system32\gpme.msc
2018-05-25 12:09 - 2017-11-02 20:20 - 000145017 _____ C:\WINDOWS\system32\dsa.msc
2018-05-25 12:09 - 2017-11-02 20:19 - 000001151 _____ C:\WINDOWS\system32\ClusterUpdateUI.exe.config
2018-05-25 12:09 - 2017-11-02 20:13 - 000145867 _____ C:\WINDOWS\system32\dnsmgmt.msc
2018-05-25 12:07 - 2018-05-25 12:08 - 099675084 _____ C:\Users\mikea\Downloads\WindowsTH-RSAT_WS_1803-x64.msu
2018-05-25 02:15 - 2018-05-24 22:24 - 000000000 ____D C:\Windows.old
2018-05-24 22:33 - 2018-05-28 10:41 - 000002236 __RSH C:\Users\mikea\ntuser.pol
2018-05-24 22:33 - 2018-05-24 22:33 - 000000020 ___SH C:\Users\mikea\ntuser.ini
2018-05-24 22:24 - 2018-05-27 22:14 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E85D5562-96A7-4DE7-BA1B-73995C4E023D}
2018-05-24 22:24 - 2018-05-25 16:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-24 22:24 - 2018-05-25 15:34 - 000004238 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-05-24 22:24 - 2018-05-24 22:24 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2018-05-24 22:24 - 2018-05-24 22:24 - 000015243 _____ C:\WINDOWS\diagerr.xml
2018-05-24 22:24 - 2018-05-24 22:24 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-05-24 22:24 - 2018-05-24 22:24 - 000003438 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-24 22:24 - 2018-05-24 22:24 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-24 22:24 - 2018-05-24 22:24 - 000003238 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-166812146-971143260-1179000955-2659
2018-05-24 22:24 - 2018-05-24 22:24 - 000003214 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-24 22:24 - 2018-05-24 22:24 - 000003142 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-166812146-971143260-1179000955-2659
2018-05-24 22:24 - 2018-05-24 22:24 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-24 22:24 - 2018-05-24 22:24 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2018-05-24 22:24 - 2018-05-24 22:24 - 000003012 _____ C:\WINDOWS\System32\Tasks\Optimize Push Notification Data File-S-1-5-21-166812146-971143260-1179000955-2659
2018-05-24 22:24 - 2018-05-24 22:24 - 000002808 _____ C:\WINDOWS\System32\Tasks\DuetUpdater
2018-05-24 22:24 - 2018-05-24 22:24 - 000002768 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-05-24 22:24 - 2018-05-24 22:24 - 000002758 _____ C:\WINDOWS\System32\Tasks\iToolsDaemon
2018-05-24 22:24 - 2018-05-24 22:24 - 000002756 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-GREENELL-MikeA
2018-05-24 22:24 - 2018-05-24 22:24 - 000002730 _____ C:\WINDOWS\System32\Tasks\File Cleanup
2018-05-24 22:24 - 2018-05-24 22:24 - 000002710 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-GREENELL-MikeA
2018-05-24 22:24 - 2018-05-24 22:24 - 000002584 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2018-05-24 22:24 - 2018-05-24 22:24 - 000002492 _____ C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2018-05-24 22:24 - 2018-05-24 22:24 - 000002310 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller
2018-05-24 22:24 - 2018-05-24 22:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2018-05-24 22:24 - 2018-05-24 22:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2018-05-24 22:24 - 2018-05-24 22:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2018-05-24 22:18 - 2018-05-24 22:18 - 000000000 ____D C:\ProgramData\USOShared
2018-05-24 22:18 - 2018-04-11 19:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-24 22:17 - 2018-05-28 10:41 - 000000000 ____D C:\Users\mikea
2018-05-24 22:17 - 2018-05-25 17:03 - 000000000 ____D C:\Users\mikea\AppData\Roaming\VMware
2018-05-24 22:17 - 2018-05-25 16:45 - 000934208 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-24 22:17 - 2018-05-24 22:22 - 000000000 ____D C:\Users\auxadmin
2018-05-24 22:17 - 2018-05-24 22:20 - 000000000 ____D C:\Users\admin
2018-05-24 22:17 - 2018-05-24 22:19 - 000000000 ____D C:\Users\mikea\AppData\Local\Microsoft Help
2018-05-24 22:17 - 2018-05-24 22:19 - 000000000 ____D C:\Users\auxadmin\AppData\Roaming\VMware
2018-05-24 22:17 - 2018-05-24 22:17 - 000000000 ____D C:\Program Files\Waves
2018-05-24 22:17 - 2018-04-11 19:34 - 000001105 _____ C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-24 22:17 - 2018-04-11 19:34 - 000001105 _____ C:\Users\auxadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-24 22:17 - 2018-04-11 19:34 - 000001105 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-24 22:17 - 2018-03-22 05:01 - 000144832 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-05-24 22:17 - 2017-12-04 13:07 - 000000000 ____D C:\Users\admin\AppData\Roaming\VMware
2018-05-24 22:17 - 2016-08-08 13:13 - 000000000 ____D C:\Users\auxadmin\AppData\Local\Microsoft Help
2018-05-24 22:17 - 2016-08-08 13:13 - 000000000 ____D C:\Users\admin\AppData\Local\Microsoft Help
2018-05-24 22:16 - 2018-05-28 11:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-24 22:16 - 2018-05-24 22:20 - 000420752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-24 22:08 - 2018-05-28 09:48 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-05-24 22:08 - 2018-05-25 16:40 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-05-24 22:08 - 2018-05-25 16:40 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-05-24 22:08 - 2018-05-25 02:15 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-24 22:08 - 2018-05-24 22:08 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2018-05-24 22:08 - 2018-05-07 23:52 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-24 22:08 - 2018-05-07 23:52 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-05-24 22:08 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-24 22:07 - 2018-05-24 22:08 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-24 22:04 - 2018-05-24 22:04 - 025844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 022709248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 022001664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 007582720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 006816848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 006567904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 006527568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 004787960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 004563968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 004402768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 004372480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 003733312 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002896896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002836376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002536056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002486984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-05-24 22:04 - 2018-05-24 22:04 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-05-24 22:04 - 2018-05-24 22:04 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001462288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-24 22:04 - 2018-05-24 22:04 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001209792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-05-24 22:04 - 2018-05-24 22:04 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-24 22:04 - 2018-05-24 22:04 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001021336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lxcore.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001017056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000988128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-05-24 22:04 - 2018-05-24 22:04 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-05-24 22:04 - 2018-05-24 22:04 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000861608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000826776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000792984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000748504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000722288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000713368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 000707480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-24 22:04 - 2018-05-24 22:04 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000652184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-24 22:04 - 2018-05-24 22:04 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000457144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 000416120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000413080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000399768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000193936 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-05-24 22:04 - 2018-05-24 22:04 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-05-24 22:04 - 2018-05-24 22:04 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
2018-05-24 22:04 - 2018-05-24 22:04 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-05-24 22:04 - 2018-05-24 22:04 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-24 22:04 - 2018-05-24 22:04 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-05-24 21:59 - 2018-05-24 21:59 - 000000000 ___SD C:\WINDOWS\system32\lxss
2018-05-24 21:59 - 2018-05-24 21:59 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-24 21:59 - 2018-05-24 21:59 - 000000000 ____D C:\Program Files\MSBuild
2018-05-24 21:59 - 2018-05-24 21:59 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-24 21:59 - 2018-05-24 21:59 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-24 21:59 - 2018-05-24 21:59 - 000000000 ____D C:\inetpub
2018-05-24 21:58 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-24 21:58 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-24 21:58 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-24 21:58 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-24 21:58 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-24 21:58 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-24 21:57 - 2018-04-11 06:48 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-24 21:57 - 2018-04-11 06:45 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-24 21:57 - 2018-04-11 06:41 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-24 21:57 - 2018-04-11 05:14 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-24 21:57 - 2018-04-11 05:12 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-24 21:57 - 2018-04-11 05:09 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-24 21:57 - 2017-10-29 18:03 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-24 21:57 - 2017-10-29 16:42 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-24 21:47 - 2018-05-24 21:47 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-24 21:20 - 2018-05-24 22:33 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-24 16:15 - 2018-05-24 16:15 - 000274432 _____ C:\Users\mikea\Downloads\FolderSize-2.6-x86.msi
2018-05-23 15:43 - 2018-05-23 15:43 - 000000000 ____D C:\Users\mikea\Start10Ctrlpnl
2018-05-23 15:41 - 2018-05-23 15:41 - 000000000 ____D C:\Users\mikea\Downloads\Stardock
2018-05-23 14:25 - 2018-05-23 14:25 - 000001370 _____ C:\Users\mikea\Desktop\NewPhones.xlsx.lnk
2018-05-23 13:38 - 2018-05-25 02:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-22 16:52 - 2018-05-22 17:04 - 000000135 _____ C:\Users\mikea\Desktop\InforAddOpp.txt
2018-05-21 15:26 - 2018-05-21 15:26 - 001963696 _____ (Softaken Software ) C:\Users\mikea\Downloads\split-pst (1).exe
2018-05-21 13:06 - 2018-05-21 13:06 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-05-21 13:06 - 2018-05-21 13:06 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-05-21 13:06 - 2018-05-21 13:06 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-05-21 13:06 - 2018-05-21 13:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-05-21 09:42 - 2018-05-21 09:42 - 000294912 _____ C:\Users\mikea\Downloads\FolderSize-2.6-x64.msi
2018-05-21 09:42 - 2018-05-21 09:42 - 000000000 ____D C:\Program Files\FolderSize
2018-05-19 23:34 - 2018-05-26 12:57 - 000000036 _____ C:\Users\mikea\Desktop\to do .txt
2018-05-18 10:21 - 2016-10-17 04:41 - 000024064 _____ (horst Schaeffer) C:\WINDOWS\system32\delage64.exe
2018-05-18 09:57 - 2018-05-21 09:54 - 007911088 _____ (Tim Kosse) C:\Users\mikea\Downloads\FileZilla_3.33.0_win64-setup.exe
2018-05-18 09:24 - 2018-05-18 09:24 - 015813432 _____ (Piriform Ltd) C:\Users\mikea\Downloads\ccsetup542.exe
2018-05-17 10:18 - 2018-05-18 00:00 - 000000000 ____D C:\Users\mikea\Downloads\Batch
2018-05-16 16:54 - 2018-05-16 16:54 - 000000000 ____D C:\ProgramData\Emsisoft
2018-05-16 15:34 - 2018-05-21 11:00 - 000002241 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2018-05-16 14:30 - 2018-05-16 16:44 - 000000000 ____D C:\Users\mikea\Downloads\delage64
2018-05-16 14:29 - 2018-05-16 14:29 - 000019779 _____ C:\Users\mikea\Downloads\delage64.zip
2018-05-16 10:23 - 2018-05-17 12:39 - 000013000 _____ C:\Users\mikea\AppData\Local\WinStudio.9.3.0.49.Profile
2018-05-16 09:52 - 2018-05-25 02:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover
2018-05-16 09:50 - 2018-05-16 09:50 - 006962024 _____ (ejie.me) C:\Users\mikea\Downloads\setup_clover@3.4.3.exe
2018-05-15 14:05 - 2018-05-15 14:05 - 000002234 _____ C:\Users\mikea\AppData\Local\recently-used.xbel
2018-05-15 13:22 - 2018-05-15 13:22 - 001949479 _____ C:\Users\mikea\Downloads\706090 Melndez.zip
2018-05-15 10:06 - 2018-05-15 10:07 - 000543483 _____ C:\Users\mikea\Downloads\Windows6.1-KB2852386-x64.msu
2018-05-15 08:41 - 2018-05-15 08:41 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-05-15 08:40 - 2018-05-15 09:19 - 000000000 ____D C:\ProgramData\RogueKiller
2018-05-15 08:38 - 2018-05-15 08:38 - 027045960 _____ (Adlice Software) C:\Users\mikea\Downloads\RogueKiller_portable64.exe
2018-05-15 08:36 - 2018-05-15 08:36 - 007271632 _____ (Malwarebytes) C:\Users\mikea\Downloads\AdwCleaner.exe
2018-05-11 13:39 - 2018-05-21 11:00 - 000002875 _____ C:\Users\mikea\Desktop\Chrome Remote Desktop.lnk
2018-05-11 12:21 - 2018-05-25 02:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia
2018-05-11 12:21 - 2018-05-11 12:29 - 000000000 ____D C:\Users\mikea\.dia
2018-05-11 12:21 - 2018-05-11 12:21 - 000000000 ____D C:\Program Files (x86)\Dia
2018-05-11 12:10 - 2018-05-08 15:55 - 000000104 _____ C:\Users\mikea\Desktop\AA.txt
2018-05-11 11:00 - 2018-05-22 11:16 - 000000219 _____ C:\Users\mikea\Desktop\May Reps.txt
2018-05-09 23:14 - 2018-05-25 02:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duet Display
2018-05-09 23:14 - 2018-05-09 23:14 - 000000000 ____D C:\Program Files\Kairos
2018-05-09 23:14 - 2018-05-09 23:14 - 000000000 ____D C:\Program Files\Common Files\Duet Display
2018-05-09 23:13 - 2018-05-09 23:13 - 000000000 ____D C:\Users\mikea\AppData\Roaming\Kairos
2018-05-09 10:12 - 2018-05-21 11:00 - 000003173 _____ C:\Users\mikea\Desktop\vSphere.lnk
2018-05-08 08:56 - 2018-05-21 11:00 - 000002651 _____ C:\Users\mikea\Desktop\Yammer.lnk
2018-05-07 23:52 - 2018-05-25 02:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-07 23:52 - 2018-05-21 11:00 - 000001962 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-07 21:32 - 2018-05-08 08:54 - 000000000 ____D C:\Users\mikea\AppData\Local\ESET
2018-05-07 14:08 - 2018-05-21 11:00 - 000002647 _____ C:\Users\mikea\Desktop\CUCM.lnk
2018-05-07 13:15 - 2018-05-21 11:00 - 000002645 _____ C:\Users\mikea\Desktop\CUC.lnk
2018-05-06 23:20 - 2018-05-06 23:20 - 000000000 ____D C:\Users\mikea\AppData\Local\Rethinkit
2018-05-06 23:19 - 2018-05-06 23:19 - 000000000 ____D C:\Users\mikea\AppData\Roaming\Rethinkit
2018-05-04 15:17 - 2018-05-04 15:17 - 000002535 _____ C:\Users\Public\Desktop\Outlook 2016.lnk
2018-05-04 13:48 - 2018-05-04 13:53 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-05-04 12:22 - 2018-05-04 12:22 - 000000000 ___RD C:\Users\mikea\Creative Cloud Files
2018-05-04 10:47 - 2018-05-21 11:00 - 000002647 _____ C:\Users\mikea\Desktop\Zoho.lnk
2018-05-04 09:25 - 2018-05-21 11:00 - 000002769 _____ C:\Users\mikea\Desktop\Skedda.lnk
2018-05-04 09:23 - 2018-05-21 11:00 - 000002655 _____ C:\Users\mikea\Desktop\Teamwork.lnk
2018-05-04 09:20 - 2018-05-21 11:00 - 000002799 _____ C:\Users\mikea\Desktop\WMMR.lnk
2018-05-04 09:11 - 2018-05-21 11:00 - 000002909 _____ C:\Users\mikea\Desktop\CloudTrax.lnk
2018-05-04 09:09 - 2018-05-21 11:00 - 000002651 _____ C:\Users\mikea\Desktop\cPanel.lnk
2018-05-04 09:09 - 2018-05-21 11:00 - 000002645 _____ C:\Users\mikea\Desktop\WHM.lnk
2018-05-04 09:08 - 2018-05-24 22:19 - 000000000 ____D C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2018-05-04 09:08 - 2018-05-21 11:00 - 000002705 _____ C:\Users\mikea\Desktop\Umbrella.lnk
2018-05-04 09:07 - 2018-05-24 22:22 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-04 09:07 - 2018-05-24 22:22 - 000002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-04 08:52 - 2018-05-15 08:38 - 000000000 ____D C:\Users\mikea\AppData\Local\wmcagent
2018-05-04 08:52 - 2018-05-04 09:48 - 000000000 ____D C:\Users\mikea\AppData\Local\dsbhgcm
2018-05-04 08:52 - 2018-05-04 08:52 - 000000000 ___HD C:\Users\mikea\MicrosoftEdgeBackups
2018-05-04 08:48 - 2018-05-04 08:48 - 000000000 ____D C:\Users\mikea\AppData\Local\svkemau
2018-05-04 08:44 - 2018-05-16 16:59 - 000000000 ____D C:\EEK
2018-05-04 08:43 - 2018-05-04 08:43 - 000000000 ____D C:\Users\mikea\AppData\Local\coowzrp
2018-05-04 08:31 - 2018-05-04 08:31 - 000000000 ____D C:\Users\mikea\AppData\Local\dwdtcsl
2018-05-03 17:00 - 2018-05-08 08:49 - 000000000 ____D C:\Users\mikea\AppData\Local\pseblgr
2018-05-03 17:00 - 2018-05-03 17:00 - 000000000 ____D C:\Users\mikea\AppData\Local\tisxueg
2018-05-03 16:59 - 2018-05-04 08:46 - 002888704 _____ C:\WINDOWS\system32\cwcrxilsvc.exe
2018-05-03 16:56 - 2018-05-25 02:15 - 000000000 ____D C:\WINDOWS\system32\aticwxl
2018-05-03 16:56 - 2018-05-03 16:56 - 000000000 ____D C:\WINDOWS\SysWOW64\aticwxl
2018-05-03 16:56 - 2018-05-03 16:56 - 000000000 ____D C:\Users\mikea\AppData\Roaming\et
2018-05-03 16:55 - 2018-05-04 08:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-03 16:55 - 2018-05-03 16:55 - 000003072 _____ C:\Users\mikea\AppData\Local\setupFixLCD.exe
2018-05-03 16:55 - 2018-05-03 16:55 - 000000012 _____ C:\WINDOWS\b8556929
2018-05-03 16:54 - 2018-05-03 16:55 - 000000000 ____D C:\ProgramData\Arkei-e658fb5e-4bec-4bbd-b5eb-15e4488a5e69
2018-05-03 13:06 - 2018-05-03 13:06 - 000000000 _RSHD C:\ProgramData\Key-Base
2018-05-03 13:06 - 2018-05-03 13:06 - 000000000 ____D C:\ProgramData\{FF1ECA60-CACF-0BAF-B0D4-C57A9C2BA7B2}
2018-05-02 10:17 - 2018-05-25 02:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-05-02 10:17 - 2018-05-24 22:19 - 000000000 ____D C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-05-02 10:17 - 2018-05-02 10:17 - 000000000 ____D C:\Users\mikea\AppData\Roaming\WinRAR
2018-05-02 10:17 - 2018-05-02 10:17 - 000000000 ____D C:\Program Files\WinRAR
2018-05-01 10:45 - 2017-03-21 06:36 - 000003130 _____ C:\WINDOWS\system32\e1d65x64.din
2018-05-01 10:45 - 2017-03-19 10:46 - 000544744 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\e1d65x64.sys
2018-05-01 10:45 - 2016-07-22 05:19 - 000091088 _____ (Intel Corporation) C:\WINDOWS\system32\NicInstD.dll
2018-05-01 10:45 - 2016-04-15 17:47 - 000080848 _____ (Intel Corporation) C:\WINDOWS\system32\e1dmsg.dll
2018-05-01 10:45 - 2014-04-18 16:17 - 000125728 _____ (Intel Corporation) C:\WINDOWS\system32\NicCo4.dll
2018-04-30 12:52 - 2018-05-07 14:39 - 000009950 _____ C:\Users\mikea\Desktop\Call Center Equip.xlsx
2018-04-30 12:49 - 2018-04-30 12:49 - 000001024 ____H C:\SYSTAG.BIN
2018-04-30 12:47 - 2018-05-25 16:40 - 000000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2018-04-30 12:47 - 2018-05-25 16:40 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2018-04-30 12:47 - 2018-05-25 02:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2018-04-30 12:47 - 2018-05-21 11:00 - 000001136 _____ C:\Users\Public\Desktop\AOMEI Backupper Standard Beta.lnk
2018-04-30 12:47 - 2018-04-30 12:49 - 000000000 ____D C:\ProgramData\AomeiBR
2018-04-30 12:47 - 2017-09-01 18:12 - 000038320 _____ C:\WINDOWS\system32\amwrtdrv.sys
2018-04-30 12:47 - 2016-12-21 22:54 - 000051120 _____ C:\WINDOWS\system32\ambakdrv.sys
2018-04-30 12:47 - 2016-12-21 22:52 - 000171952 _____ C:\WINDOWS\system32\ammntdrv.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-28 11:51 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-28 10:42 - 2018-03-09 15:29 - 000000000 ____D C:\Users\mikea\AppData\Roaming\duet
2018-05-28 10:41 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-28 10:41 - 2016-06-22 11:03 - 000000000 __SHD C:\Users\mikea\IntelGraphicsProfiles
2018-05-28 10:41 - 2016-06-21 16:32 - 000000232 _____ C:\WINDOWS\system32\config\netlogon.ftl
2018-05-28 09:27 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-27 23:18 - 2017-05-31 15:30 - 000000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2018-05-27 00:22 - 2016-09-01 12:35 - 000000000 ____D C:\Users\mikea\AppData\LocalLow\Clover
2018-05-26 12:59 - 2016-06-21 21:31 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-05-26 10:10 - 2017-11-17 11:04 - 000060844 _____ C:\Users\mikea\AppData\Local\WinStudio.9.3.0.44.Profile
2018-05-26 00:13 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2018-05-25 22:42 - 2016-06-22 13:15 - 000000000 __RHD C:\ESD
2018-05-25 17:03 - 2016-06-21 21:27 - 000000000 ____D C:\Users\mikea\AppData\Local\VMware
2018-05-25 16:40 - 2018-04-11 17:04 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-05-25 16:40 - 2017-08-09 16:21 - 000075931 _____ C:\WINDOWS\SysWOW64\PCPELog.txt
2018-05-25 16:40 - 2016-06-21 21:27 - 000000000 ____D C:\ProgramData\VMware
2018-05-25 14:26 - 2016-07-13 17:24 - 000000000 ____D C:\Users\mikea\AppData\Roaming\FileZilla
2018-05-25 12:16 - 2018-02-27 17:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Group Policy
2018-05-25 12:12 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-25 12:11 - 2018-04-11 19:35 - 000727040 _____ C:\WINDOWS\system32\hgattest.dll
2018-05-25 12:11 - 2018-04-11 19:35 - 000144646 _____ C:\WINDOWS\system32\dssite.msc
2018-05-25 12:11 - 2018-04-11 19:35 - 000144380 _____ C:\WINDOWS\system32\adsiedit.msc
2018-05-25 12:11 - 2018-04-11 19:35 - 000017723 _____ C:\WINDOWS\system32\tls_branding_config.xml
2018-05-25 12:11 - 2016-08-08 13:41 - 000000000 ____D C:\WINDOWS\Cluster
2018-05-25 12:11 - 2016-06-23 10:04 - 000000000 ____D C:\WINDOWS\system32\ServerManagerInternal
2018-05-25 12:11 - 2016-06-23 10:04 - 000000000 ____D C:\WINDOWS\system32\HardenedFabric
2018-05-25 12:11 - 2016-06-22 09:59 - 000001311 _____ C:\WINDOWS\SysWOW64\DfsMgmt.dll.config
2018-05-25 09:20 - 2016-07-20 13:29 - 000000000 ____D C:\Users\mikea\AppData\Local\LogMeIn Client
2018-05-25 09:20 - 2016-07-20 13:26 - 000000000 ____D C:\ProgramData\LogMeIn
2018-05-25 09:20 - 2016-07-20 13:20 - 000000000 ____D C:\Users\mikea\AppData\Local\LogMeInIgnition
2018-05-25 03:31 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-25 02:15 - 2018-04-11 19:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-25 02:15 - 2018-04-11 19:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\IME
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\System
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\schemas
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\Help
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files\Common Files\system
2018-05-25 02:15 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-25 02:15 - 2018-04-04 16:29 - 000000000 ____D C:\WINDOWS\SysWOW64\shxfont
2018-05-25 02:15 - 2018-04-04 16:29 - 000000000 ____D C:\WINDOWS\SysWOW64\PS
2018-05-25 02:15 - 2018-04-04 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoDWG
2018-05-25 02:15 - 2018-03-30 11:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZOOK OST to PST Converter
2018-05-25 02:15 - 2018-03-14 09:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
2018-05-25 02:15 - 2018-03-01 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Unlimited Edition 6.0
2018-05-25 02:15 - 2018-02-16 15:22 - 000000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2018-05-25 02:15 - 2017-12-22 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Movie Maker
2018-05-25 02:15 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-25 02:15 - 2017-09-25 13:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Jabber
2018-05-25 02:15 - 2017-09-14 11:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2018-05-25 02:15 - 2017-08-25 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Network Assistant
2018-05-25 02:15 - 2017-07-31 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\APC
2018-05-25 02:15 - 2017-05-31 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2018-05-25 02:15 - 2017-05-26 18:02 - 000000000 ____D C:\Program Files\Intel
2018-05-25 02:15 - 2017-04-03 15:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2018-05-25 02:15 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\catroot2.old
2018-05-25 02:15 - 2017-02-23 12:49 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2018-05-25 02:15 - 2017-02-01 16:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-25 02:15 - 2016-12-16 12:34 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2018-05-25 02:15 - 2016-12-16 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-05-25 02:15 - 2016-12-13 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-05-25 02:15 - 2016-10-20 10:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFTK Builder
2018-05-25 02:15 - 2016-10-05 10:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC
2018-05-25 02:15 - 2016-08-12 11:12 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-05-25 02:15 - 2016-08-08 13:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ipam
2018-05-25 02:15 - 2016-08-02 10:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-25 02:15 - 2016-08-02 09:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-05-25 02:15 - 2016-07-22 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Partition Asst
2018-05-25 02:15 - 2016-07-11 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2018-05-25 02:15 - 2016-07-06 10:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-05-25 02:15 - 2016-06-28 11:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2018-05-25 02:15 - 2016-06-22 16:45 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\zh-CHT
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\zh-CHS
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\Windows System Resource Manager
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\tr
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\sv
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\ru
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\pt
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\pl
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\nl
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\ko
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\ja
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\it
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\hu
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\fr
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\es
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\de
2018-05-25 02:15 - 2016-06-22 09:59 - 000000000 ____D C:\WINDOWS\system32\cs
2018-05-25 02:15 - 2016-06-21 16:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual FoxPro
2018-05-25 02:15 - 2016-04-27 02:21 - 000000000 ____D C:\WINDOWS\ShellNew
2018-05-25 02:15 - 2009-07-13 23:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-05-24 22:51 - 2018-01-24 03:26 - 000000000 ____D C:\Users\mikea\AppData\Local\Packages
2018-05-24 22:33 - 2016-07-22 11:00 - 000000000 ___RD C:\Users\mikea\3D Objects
2018-05-24 22:33 - 2016-04-27 02:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-24 22:24 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-24 22:24 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-24 22:24 - 2018-04-11 17:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-05-24 22:24 - 2017-07-12 15:01 - 000000648 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-166812146-971143260-1179000955-2659.job
2018-05-24 22:24 - 2017-07-12 15:01 - 000000552 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-166812146-971143260-1179000955-2659.job
2018-05-24 22:24 - 2016-06-21 16:34 - 000016310 __RSH C:\ProgramData\ntuser.pol
2018-05-24 22:23 - 2018-04-11 19:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-24 22:22 - 2018-04-11 19:38 - 000000000 __RSD C:\WINDOWS\media
2018-05-24 22:22 - 2017-05-26 18:03 - 000932288 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-05-24 22:22 - 2016-06-22 14:26 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-24 22:19 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-05-24 22:19 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-05-24 22:19 - 2017-08-09 14:36 - 000000000 ____D C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTware
2018-05-24 22:19 - 2017-07-12 15:26 - 000000000 ____D C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Infor
2018-05-24 22:19 - 2017-06-14 10:25 - 000000000 ____D C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macroplant LLC
2018-05-24 22:19 - 2017-06-01 10:18 - 000000000 ____D C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2018-05-24 22:19 - 2017-03-30 09:47 - 000000000 ____D C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2018-05-24 22:19 - 2016-06-21 19:07 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2018-05-24 22:19 - 2016-06-21 16:14 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2018-05-24 22:18 - 2018-04-02 13:49 - 000000000 ____D C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
2018-05-24 22:18 - 2018-03-08 11:14 - 000000000 ____D C:\Users\admin\AppData\Local\Packages
2018-05-24 22:18 - 2018-01-24 03:27 - 000000000 ____D C:\Users\auxadmin\AppData\Local\Packages
2018-05-24 22:18 - 2017-03-06 11:50 - 000000000 ____D C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Syncios
2018-05-24 22:17 - 2017-05-26 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-05-24 22:17 - 2017-05-26 18:02 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2018-05-24 22:16 - 2018-01-23 11:10 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2018-05-24 22:12 - 2018-04-11 19:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-24 22:12 - 2016-06-22 13:45 - 000008192 __RSH C:\BOOTSECT.BAK
2018-05-24 22:09 - 2016-09-06 10:22 - 000000000 ___RD C:\WINDOWS\WebManagement
2018-05-24 22:08 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-24 22:08 - 2017-05-26 18:02 - 000000000 ____D C:\Program Files\Realtek
2018-05-24 22:08 - 2017-02-08 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2018-05-24 22:08 - 2016-08-08 16:53 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2018-05-24 22:08 - 2016-08-08 13:41 - 000000000 ____D C:\WINDOWS\system32\ipam
2018-05-24 22:08 - 2016-06-23 10:04 - 000000000 ____D C:\Program Files\Update Services
2018-05-24 22:05 - 2018-04-12 05:37 - 000000000 ____D C:\WINDOWS\Containers
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-24 22:05 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-24 22:05 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-24 22:05 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-05-24 22:05 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-24 22:05 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-24 22:05 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-05-24 22:05 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-24 22:05 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-24 22:05 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-24 22:05 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-24 22:05 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-24 22:05 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-24 21:59 - 2018-04-11 19:35 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2018-05-24 21:59 - 2018-04-11 19:35 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2018-05-24 21:59 - 2018-04-11 19:35 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2018-05-24 21:59 - 2018-04-11 19:35 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2018-05-24 21:59 - 2018-04-11 19:35 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2018-05-24 21:59 - 2018-04-11 19:35 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2018-05-24 21:59 - 2018-04-11 19:35 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2018-05-24 21:59 - 2018-04-11 19:35 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2018-05-24 21:59 - 2018-04-11 19:35 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2018-05-24 21:59 - 2018-04-11 19:35 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2018-05-24 21:59 - 2018-04-11 19:35 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2018-05-24 21:59 - 2018-04-11 19:35 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2018-05-24 21:59 - 2018-04-11 19:35 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2018-05-24 21:59 - 2018-04-11 19:35 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2018-05-24 21:59 - 2018-04-11 19:33 - 001777152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2018-05-24 21:59 - 2018-04-11 19:33 - 000759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wnv.sys
2018-05-24 21:59 - 2018-04-11 19:33 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-05-24 21:59 - 2018-04-11 19:33 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-05-24 21:59 - 2018-04-11 19:33 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll
2018-05-24 21:59 - 2018-04-11 19:33 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LxRun.exe
2018-05-24 21:59 - 2018-04-11 19:33 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2018-05-24 21:59 - 2018-04-11 19:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bash.exe
2018-05-24 21:59 - 2018-04-11 19:33 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsl.exe
2018-05-24 21:59 - 2018-04-11 19:33 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\nvspinfo.exe
2018-05-24 21:59 - 2018-04-11 19:33 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wnvapi.dll
2018-05-24 21:59 - 2018-04-11 19:33 - 000036768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VmsProxyHNic.sys
2018-05-24 21:59 - 2018-04-11 19:33 - 000033688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VmsProxy.sys
2018-05-24 21:59 - 2018-04-11 19:33 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifproxystub.dll
2018-05-24 21:59 - 2018-04-11 19:33 - 000015768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lxss.sys
2018-05-24 21:58 - 2018-04-11 19:33 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2018-05-24 21:58 - 2018-04-11 19:33 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wslconfig.exe
2018-05-24 21:57 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-24 21:57 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-24 21:57 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-24 21:57 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-24 21:57 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-05-24 21:57 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-24 21:57 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-24 21:57 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-24 21:57 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-05-24 21:57 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-05-24 14:38 - 2017-06-20 14:55 - 000000000 ____D C:\Users\mikea\AppData\LocalLow\Mozilla
2018-05-24 10:18 - 2017-07-14 15:28 - 000000000 ____D C:\Users\mikea\AppData\Local\GoToMeeting
2018-05-23 15:21 - 2016-06-21 21:13 - 000000000 ____D C:\Users\mikea\AppData\Roaming\KeePass
2018-05-23 13:39 - 2016-06-29 12:43 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-22 08:48 - 2016-07-18 09:27 - 000000000 ____D C:\Users\mikea\AppData\Local\CrashDumps
2018-05-21 20:49 - 2016-06-22 10:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-21 20:47 - 2017-10-10 20:25 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-21 20:47 - 2016-06-22 10:47 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-21 20:30 - 2009-07-13 22:34 - 000000478 _____ C:\WINDOWS\win.ini
2018-05-21 15:06 - 2018-03-01 12:57 - 000000000 ____D C:\Program Files (x86)\AOMEI Partition Assistant Unlimited Edition 6.0
2018-05-21 15:06 - 2016-07-22 16:32 - 000001024 ____H C:\AMTAG.BIN
2018-05-21 15:05 - 2016-06-29 12:43 - 000000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-21 15:05 - 2016-06-29 12:43 - 000000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-21 15:04 - 2016-07-25 09:41 - 000000000 ____D C:\WINDOWS\amlog
2018-05-21 14:04 - 2016-07-25 09:37 - 000000984 _____ C:\WINDOWS\ampa.ini
2018-05-21 14:02 - 2017-11-24 15:00 - 000028672 _____ C:\WINDOWS\AMCPY2M
2018-05-21 11:00 - 2018-03-15 10:25 - 000001282 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk
2018-05-21 11:00 - 2018-03-01 12:57 - 000001367 _____ C:\Users\Public\Desktop\AOMEI Partition Assistant Unlimited Edition 6.0.lnk
2018-05-21 11:00 - 2017-12-04 15:49 - 000003693 _____ C:\Users\mikea\Desktop\infor.lnk
2018-05-21 11:00 - 2017-11-22 11:53 - 000001034 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-05-21 11:00 - 2017-09-25 13:23 - 000002261 _____ C:\Users\Public\Desktop\Cisco Jabber.lnk
2018-05-21 11:00 - 2017-06-01 10:18 - 000000915 _____ C:\Users\mikea\Desktop\HandBrake.lnk
2018-05-21 11:00 - 2017-05-31 15:30 - 000001235 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.8.lnk
2018-05-21 11:00 - 2017-04-03 15:29 - 000001940 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2018-05-21 11:00 - 2017-02-15 12:43 - 000002501 _____ C:\Users\mikea\Desktop\StaticIP.lnk
2018-05-21 11:00 - 2017-02-01 16:05 - 000000966 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-05-21 11:00 - 2017-01-27 16:22 - 000001630 _____ C:\Users\mikea\Desktop\UltraVNC.lnk
2018-05-21 11:00 - 2017-01-09 17:37 - 000001871 _____ C:\Users\mikea\Desktop\Screenpresso.lnk
2018-05-21 11:00 - 2016-12-29 10:39 - 000002612 _____ C:\Users\Public\Desktop\Cisco Network Assistant.lnk
2018-05-21 11:00 - 2016-12-13 16:39 - 000001828 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-05-21 11:00 - 2016-10-06 12:58 - 000001656 _____ C:\Users\mikea\Desktop\Export.lnk
2018-05-21 11:00 - 2016-10-06 12:41 - 000001535 _____ C:\Users\mikea\Desktop\SER Import.lnk
2018-05-21 11:00 - 2016-08-02 09:27 - 000001977 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2018-05-21 11:00 - 2016-07-06 10:42 - 000002239 _____ C:\Users\mikea\Desktop\Guides.lnk
2018-05-21 11:00 - 2016-06-29 12:48 - 000001401 _____ C:\Users\mikea\Desktop\Dropbox.lnk
2018-05-21 11:00 - 2016-06-28 11:50 - 000002529 _____ C:\Users\Public\Desktop\VMware vSphere Client.lnk
2018-05-21 11:00 - 2016-06-21 21:10 - 000000546 _____ C:\Users\mikea\Desktop\Shortcut to Personal.kdbx.lnk
2018-05-21 10:02 - 2016-08-02 09:27 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2018-05-21 09:54 - 2017-03-27 11:23 - 000000600 _____ C:\Users\mikea\AppData\Local\PUTTY.RND
2018-05-19 13:44 - 2016-09-30 12:56 - 000000000 ____D C:\Program Files (x86)\SysTools Split PST
2018-05-18 10:04 - 2017-08-28 10:49 - 000000000 ____D C:\Temp
2018-05-18 09:27 - 2016-06-21 21:31 - 000000000 ____D C:\Users\mikea\AppData\Roaming\TeamViewer
2018-05-17 13:52 - 2017-11-05 21:40 - 000000000 ____D C:\Users\mikea\Desktop\LOANS
2018-05-17 13:02 - 2016-12-16 12:20 - 000000000 ____D C:\ProgramData\PCDr
2018-05-17 11:20 - 2016-12-16 12:19 - 000000000 ____D C:\Program Files\Dell
2018-05-17 11:20 - 2016-09-01 12:37 - 000000000 ____D C:\Program Files (x86)\Clover
2018-05-16 16:44 - 2017-07-12 15:28 - 000000000 __SHD C:\Users\mikea\Downloads\$RECYCLE.BIN
2018-05-16 15:44 - 2017-07-30 22:29 - 000000259 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt
2018-05-16 15:33 - 2017-06-27 13:13 - 000000000 ____D C:\ProgramData\SupportAssist
2018-05-14 12:06 - 2016-06-29 12:41 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-11 18:17 - 2017-10-24 09:37 - 000000000 ____D C:\Users\mikea\Desktop\Cisco Documentation
2018-05-11 15:21 - 2017-06-01 10:18 - 000000000 ____D C:\Users\mikea\AppData\Roaming\HandBrake
2018-05-11 15:15 - 2017-09-15 10:02 - 000000000 ____D C:\Users\mikea\AppData\Roaming\dvdcss
2018-05-11 14:52 - 2017-02-01 16:06 - 000000000 ____D C:\Users\mikea\AppData\Roaming\vlc
2018-05-11 12:12 - 2018-04-13 13:07 - 000000228 _____ C:\Users\mikea\Desktop\csv yammah template.csv
2018-05-10 13:41 - 2017-04-03 15:47 - 000000000 ____D C:\Users\mikea\AppData\Roaming\ImgBurn
2018-05-08 11:16 - 2016-09-12 09:45 - 000000000 ___RD C:\Users\mikea\Dropbox
2018-05-07 23:52 - 2016-07-05 10:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-07 23:52 - 2016-07-05 10:20 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-06 23:44 - 2016-10-03 14:58 - 000000000 ____D C:\Users\mikea\AppData\Local\OutlookFreeware.com
2018-05-06 23:37 - 2016-10-10 15:34 - 000000000 ____D C:\Users\mikea\AppData\Local\ElevatedDiagnostics
2018-05-06 23:19 - 2017-12-22 13:31 - 000000000 ____D C:\Users\mikea\AppData\Local\Downloaded Installations
2018-05-04 15:17 - 2016-08-12 11:12 - 000002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2018-05-04 15:17 - 2016-08-12 11:12 - 000002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2018-05-04 15:17 - 2016-08-12 11:12 - 000002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2018-05-04 15:17 - 2016-08-12 11:12 - 000002642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2018-05-04 12:28 - 2016-06-29 12:41 - 000000000 ____D C:\ProgramData\Adobe
2018-05-04 12:28 - 2016-06-29 12:41 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-05-04 12:23 - 2016-06-21 16:34 - 000000000 ____D C:\Users\mikea\AppData\Roaming\Adobe
2018-05-04 12:22 - 2016-06-29 12:39 - 000000000 ____D C:\Users\mikea\AppData\Local\Adobe
2018-05-04 12:21 - 2016-06-21 17:18 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-04 09:54 - 2017-11-16 15:53 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-04 09:54 - 2017-11-16 15:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-04 09:07 - 2016-06-21 19:05 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-04 08:52 - 2017-11-16 15:53 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-03 16:57 - 2016-07-29 14:47 - 000000000 ____D C:\Users\mikea\AppData\Local\Citrix
2018-05-03 10:49 - 2017-10-10 12:13 - 000001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover.lnk
2018-05-01 17:22 - 2018-04-11 19:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-01 17:22 - 2018-04-11 19:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-01 14:35 - 2016-08-17 13:21 - 000000000 ____D C:\Users\auxadmin\AppData\Local\TileDataLayer
2018-05-01 14:35 - 2016-06-22 14:29 - 000000000 ____D C:\Users\mikea\AppData\Local\TileDataLayer
2018-04-30 14:38 - 2016-08-02 10:36 - 000000000 ____D C:\Program Files (x86)\Java
2018-04-30 14:37 - 2016-08-02 10:36 - 000098760 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-04-30 14:36 - 2016-06-21 21:47 - 000000000 ____D C:\Users\mikea\AppData\Local\Intel
2018-04-30 14:35 - 2017-05-26 18:02 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-30 14:35 - 2016-06-21 16:27 - 000000000 ____D C:\ProgramData\Intel
 
==================== Files in the root of some directories =======
 
2017-07-28 14:17 - 2017-09-11 15:46 - 000662336 _____ (ForensiT Limited) C:\ProgramData\UserProfileMigrationService.exe
2017-07-31 12:18 - 2017-07-31 12:18 - 000021368 _____ (Schneider Electric) C:\Users\mikea\en_res.dll
2017-07-31 12:18 - 2017-07-31 12:18 - 000021368 _____ (Schneider Electric) C:\Users\mikea\es_res.dll
2017-07-31 12:18 - 2017-07-31 12:18 - 000021880 _____ (Schneider Electric) C:\Users\mikea\fr_res.dll
2017-07-31 12:18 - 2017-07-31 12:18 - 000021880 _____ (Schneider Electric) C:\Users\mikea\grm_res.dll
2017-07-31 12:18 - 2017-07-31 12:18 - 000021368 _____ (Schneider Electric) C:\Users\mikea\it_res.dll
2017-07-31 12:18 - 2017-07-31 12:18 - 000020344 _____ (Schneider Electric) C:\Users\mikea\jp_res.dll
2017-07-31 12:18 - 2017-07-31 12:18 - 001079808 _____ (Microsoft Corporation) C:\Users\mikea\mfc80u.dll
2017-07-31 12:18 - 2017-07-31 12:18 - 000626688 _____ (Microsoft Corporation) C:\Users\mikea\msvcr80.dll
2017-07-31 12:18 - 2017-07-31 12:18 - 013923704 _____ (Schneider Electric) C:\Users\mikea\PCPE Setup.exe
2017-07-31 12:18 - 2017-07-31 12:18 - 000021368 _____ (Schneider Electric) C:\Users\mikea\pt_res.dll
2017-07-31 12:18 - 2017-07-31 12:18 - 000018808 _____ () C:\Users\mikea\ResourceReader.dll
2017-07-31 12:18 - 2017-07-31 12:18 - 000020856 _____ (Schneider Electric) C:\Users\mikea\ru_res.dll
2017-07-31 12:18 - 2017-07-31 12:18 - 000019832 _____ (Schneider Electric) C:\Users\mikea\zh_res.dll
2017-03-27 10:08 - 2018-02-09 12:48 - 000000033 _____ () C:\Users\mikea\AppData\Roaming\AdobeWLCMCache.dat
2018-04-13 06:45 - 2018-04-13 06:45 - 004279968 _____ (NeoSoft Tools                                               ) C:\Users\mikea\AppData\Roaming\ctask.exe
2017-03-27 11:23 - 2018-05-21 09:54 - 000000600 _____ () C:\Users\mikea\AppData\Local\PUTTY.RND
2018-05-15 14:05 - 2018-05-15 14:05 - 000002234 _____ () C:\Users\mikea\AppData\Local\recently-used.xbel
2016-06-21 17:17 - 2018-03-08 10:27 - 000007602 _____ () C:\Users\mikea\AppData\Local\resmon.resmoncfg
2018-05-03 16:55 - 2018-05-03 16:55 - 000003072 _____ () C:\Users\mikea\AppData\Local\setupFixLCD.exe
2017-07-12 14:27 - 2017-09-21 15:27 - 000034988 _____ () C:\Users\mikea\AppData\Local\WinStudio.9.3.0.40.Profile
2017-09-22 09:05 - 2017-10-17 15:58 - 000043824 _____ () C:\Users\mikea\AppData\Local\WinStudio.9.3.0.41.Profile
2017-10-20 10:10 - 2017-11-16 12:12 - 000064192 _____ () C:\Users\mikea\AppData\Local\WinStudio.9.3.0.43.Profile
2017-11-17 11:04 - 2018-05-26 10:10 - 000060844 _____ () C:\Users\mikea\AppData\Local\WinStudio.9.3.0.44.Profile
2018-02-13 14:49 - 2018-03-15 12:56 - 000037640 _____ () C:\Users\mikea\AppData\Local\WinStudio.9.3.0.46.Profile
2018-05-16 10:23 - 2018-05-17 12:39 - 000013000 _____ () C:\Users\mikea\AppData\Local\WinStudio.9.3.0.49.Profile
 
Some files in TEMP:
====================
2018-05-25 16:40 - 2018-05-25 16:40 - 000000000 _____ () C:\Users\mikea\AppData\Local\Temp\6xc9uqgw.dll
2018-05-25 12:27 - 2018-05-25 12:27 - 000000000 _____ () C:\Users\mikea\AppData\Local\Temp\eyfex059.dll
2018-05-28 09:26 - 2018-05-28 09:26 - 000000000 _____ () C:\Users\mikea\AppData\Local\Temp\rbaiu4c9.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-24 22:16
 
==================== End of FRST.txt ============================
 


BC AdBot (Login to Remove)

 


#2 iker42

iker42
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 28 May 2018 - 11:17 AM

Additional.txt Log
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by MikeA (28-05-2018 11:57:36)
Running from C:\Users\mikea\Downloads
Windows 10 Pro Version 1803 17134.81 (X64) (2018-05-25 02:24:46)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-2610945501-345368819-4197096684-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2610945501-345368819-4197096684-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2610945501-345368819-4197096684-503 - Limited - Disabled)
Guest (S-1-5-21-2610945501-345368819-4197096684-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2610945501-345368819-4197096684-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{7565710A-C97D-44A4-A030-768957F9F2C1}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{F3B4320C-C72B-46B3-96D7-0C38E37388B8}) (Version: 2.8.0.7 - Intel) Hidden
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Administrative Templates (.admx) for Windows 10 April 2018 Update (HKLM-x32\...\{87D6D39E-AB82-4EB7-9709-3991B07002EB}) (Version: 1.0 - Microsoft Corporation)
Administrative Templates (.admx) for Windows 10 Fall Creators Update (HKLM-x32\...\{4EB5CC28-4B50-4EE5-A24A-725C4714EFE9}) (Version: 1.0 - Microsoft Corporation)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
AOMEI Backupper Standard Beta (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant Unlimited Edition 6.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF3D0}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Chrome Remote Desktop Host (HKLM-x32\...\{FBB43A99-0B72-461A-A6D2-2F1B54D36B69}) (Version: 66.0.3359.12 - Google Inc.)
Cisco Jabber (HKLM-x32\...\{887662F8-018B-45F3-A332-92753EDBF066}) (Version: 11.9.1.55716 - Cisco Systems, Inc)
Cisco Network Assistant (HKLM-x32\...\{397FF711-8BD9-4388-ADFC-2A878B83F018}) (Version: 6.3(1) - Cisco Systems, Inc)
Cisco WebEx Meetings (HKU\S-1-5-21-166812146-971143260-1179000955-2659\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Clover V3.4 (HKLM-x32\...\Clover) (Version: 3.4.3.04081 - 易捷科技)
Dell SupportAssist (HKLM\...\{122666A9-2995-4E47-A75E-6423A827B7AF}) (Version: 2.2.0.253 - Dell Inc.)
Dia (remove only) (HKLM-x32\...\Dia) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 50.4.71 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
Duet Display (HKLM\...\{B9D777DC-1130-4D6F-B274-A94488E31A2D}) (Version: 1.5.1.5 - Kairos) Hidden
Duet Display (HKLM\...\Duet Display 1.5.1.5) (Version: 1.5.1.5 - Kairos)
DWGSee Pro 2018 (HKLM-x32\...\{A1E00A4C-1463-4F7D-B62C-431ADC45EB15}) (Version: 4.75 - AutoDWG)
FileZilla Client 3.33.0 (HKLM-x32\...\FileZilla Client) (Version: 3.33.0 - Tim Kosse)
Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoToMeeting 8.28.0.8847 (HKU\S-1-5-21-166812146-971143260-1179000955-2659\...\GoToMeeting) (Version: 8.28.0.8847 - LogMeIn, Inc.)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
iExplorer (HKU\S-1-5-21-166812146-971143260-1179000955-2659\...\2ee35ebaf226322a) (Version: 4.1.19.0 - Macroplant LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Infor CloudSuite Industrial 9.01.00 Smart Client US (HKU\S-1-5-21-166812146-971143260-1179000955-2659\...\b864876186260c79) (Version: 9.1.0.12 - Infor)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 22.3 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.5.1025 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{b480f6cc-fa56-482b-b0a3-49d69a32db6d}) (Version: 2.8.0.7 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
Lexmark Universal v2 Print Driver (HKLM\...\{56E01EDA-F7E4-4AB3-A85E-B1CEBAC185CD}) (Version: 2.10.0.0 - Lexmark International, Inc.)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8627.1 - Waves Audio Ltd.) Hidden
Microsoft Office Standard 2016 (HKLM\...\Office16.STANDARD) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual FoxPro 5.0 (HKLM-x32\...\VisualFoxPro.5) (Version:  - )
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Mozilla Firefox 59.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.3 (x64 en-US)) (Version: 59.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PDFTK Builder 3.9.4 (HKLM-x32\...\PDFTK Builder_is1) (Version:  - )
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6111 - Realtek Semiconductor Corp.)
Screenpresso (HKU\S-1-5-21-166812146-971143260-1179000955-2659\...\Screenpresso) (Version: 1.7.1.0 - Learnpulse)
Stardock Start10 (HKLM-x32\...\Stardock Start10) (Version: 1.60 - Stardock Software, Inc.)
Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
UltraVnc (HKLM\...\{6A610E34-8CAD-4BDD-9804-08170C3EE2F7}) (Version: 1.2.12 - uvnc bvba)
Update for Skype for Business 2016 (KB4018367) 64-Bit Edition (HKLM\...\{90160000-0012-0000-1000-0000000FF1CE}_Office16.STANDARD_{EFCDE8C5-CE14-4F4A-87AF-83D5E3BA2E52}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4018367) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.STANDARD_{EFCDE8C5-CE14-4F4A-87AF-83D5E3BA2E52}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Client Integration Plug-in 6.0.0 (HKLM-x32\...\{77FA2803-0DA1-4769-8228-769FFC856B29}) (Version: 6.0.0.3279 - VMware, Inc.)
VMware Remote Console (HKLM-x32\...\{128F988F-9208-4EEF-BF69-45992AC31AC0}) (Version: 10.0.1 - VMware, Inc.)
VMware vSphere Client 6.0 (HKLM-x32\...\{593390AC-CACE-4278-AA77-350012BF10B1}) (Version: 6.0.0.5505 - VMware, Inc.)
VMware Workstation (HKLM\...\{0F2CF138-26A5-4C91-AE15-D935B5EB369E}) (Version: 12.5.9 - VMware, Inc.)
VNC Viewer 5.3.2 (HKLM\...\{F10020E5-D194-469E-B494-DDCE5D76A3A0}) (Version: 5.3.2.19179 - RealVNC Ltd)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Driver Package - Lexmark International Printer  (01/09/2016 2.12.0.0) (HKLM\...\CF70542840D1DF04D2D372F2914C05BE7144EA27) (Version: 01/09/2016 2.12.0.0 - Lexmark International)
Windows Driver Package - Lexmark International Printer  (10/01/2015 2.10.0.0) (HKLM\...\EA4110D3BD9960C2CDFB04F933D8362A3F7FA34F) (Version: 10/01/2015 2.10.0.0 - Lexmark International)
WinRAR 5.60 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.3 - win.rar GmbH)
WonderFox DVD Ripper (Speedy)  9.7 (HKLM-x32\...\WonderFox DVD Ripper (Speedy) ) (Version: 9.7 - WonderFox Soft, Inc.)
YoutubeMovieMaker (HKLM\...\{543D2D61-3E3D-4CAD-A39A-B40D7E0911DB}) (Version: 17.07 - Youtube Movie Maker)
ZOOK OST to PST Converter (HKLM-x32\...\ZOOK OST to PST Converter_is1) (Version:  - ZOOK)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-12-05] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers1: [DWGSeeMenu] -> {A6EAF440-149E-4AF3-AE84-5DA3CF791E3B} => C:\Program Files (x86)\AutoDWG\DWGSee Pro 2018\DWGSeeMenu64.dll [2012-07-13] (TODO: <Company name>)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-29] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-29] (Alexander Roshal)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2018-01-08] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2018-01-08] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\igfxDTCM.dll [2018-03-22] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-29] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-29] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A663A13-0ADA-4DB8-9471-97561A6B49D1} - System32\Tasks\File Cleanup => D:\Batch Files\Cleanup.bat [2018-05-18] () <==== ATTENTION
Task: {0BA68D31-4110-4680-BBE3-491C2F9B3195} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {2979C937-8250-47B4-ACCE-E168569C8BD6} - System32\Tasks\G2MUpdateTask-S-1-5-21-166812146-971143260-1179000955-2659 => C:\Users\mikea\AppData\Local\GoToMeeting\8847\g2mupdate.exe [2018-05-24] (LogMeIn, Inc.)
Task: {461C5DD8-6901-4FA6-BE26-F8B4EAA20E95} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
Task: {520F2AB6-DEB8-47FC-B645-C1BA050DB44B} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {5707A7AC-6778-4CF5-8B30-1769A1705ACA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {5F50678B-4AC4-443D-9E1E-47BBBA4F320F} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {63214305-C750-4762-AAA1-4CD65EFF47EF} - System32\Tasks\G2MUploadTask-S-1-5-21-166812146-971143260-1179000955-2659 => C:\Users\mikea\AppData\Local\GoToMeeting\8847\g2mupload.exe [2018-05-24] (LogMeIn, Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {692FD367-43C5-435E-B029-C7A0F5D26697} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {7354AF55-755A-4B73-9FD1-3BC2AAB641FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-21] (Google Inc.)
Task: {757FF666-23C8-4B57-8250-F5D1BEA56254} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {7663A4C7-1BB7-428C-AFA2-678F73C4BB4A} - System32\Tasks\AdobeAAMUpdater-1.0-GREENELL-MikeA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {78955F3B-CA05-4F85-81D9-06576B59835D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7E328C46-E486-499E-96EE-B866D458A7EB} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe [2018-04-11] (Microsoft Corporation)
Task: {83BB2BCA-B40C-42FD-98CA-678E016CF8A9} - System32\Tasks\DuetUpdater => C:\Program Files\Kairos\Duet Display\DuetUpdater.exe [2018-03-21] (Kairos)
Task: {85A0DFC7-BA85-4426-8BBF-AF2423190A82} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {8614EEB7-80BE-4F4B-B481-B6EB2729D0AC} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-166812146-971143260-1179000955-2659
Task: {8D039C9F-E313-49C3-A41F-8DB2F412944F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {922E0647-24D8-4BC3-B6B2-F2DDBCCE7926} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel® Corporation)
Task: {92B2DDB7-C65F-4E7D-9EB0-97ED7CC2F49F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A289D6D7-01A3-4187-B2A5-BC92E309910D} - System32\Tasks\AdobeGCInvoker-1.0-GREENELL-MikeA => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {A42BC6D9-FE58-4CEC-999F-A9EE5FE8664C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A4DBD46E-4CEC-43C8-B82E-AFB198882AB1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B2A09E51-03FE-48D0-BC67-D583096D9636} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {B43CC687-EAB6-45D7-AA6B-38A61F1726BA} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\mikea\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {B8129A07-5C05-430C-8E74-D6FE3B10DBFA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B8D4CA3F-5178-41EC-8499-6F8172C638F7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C116058B-B6A0-4503-9A9B-C4404A43631D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C552AEE2-D68B-44DA-82AA-7307EBCE0DE1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {CE9CDAFF-11C8-42CF-8B94-C6EE38001548} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {D2A6CE1E-ADC3-4625-9CFB-5944F7D3414C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-29] (Dropbox, Inc.)
Task: {D50AFC9A-C73B-4759-BAF1-244623E03B36} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {DE513C8F-A125-485C-9481-5E5B6D63DCBC} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe [2018-04-11] (Microsoft Corporation)
Task: {EEF9FDA9-EA3C-4EDA-979D-5BC014F66A23} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {F3AE30B7-D46F-4FA8-B2D5-41FE65EEE4A4} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-05-11] (Dell Inc.)
Task: {F41224A4-2980-4794-91F8-FE8FB0EBC93F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-29] (Dropbox, Inc.)
Task: {FC0B2528-EC34-44E4-85CB-6203A176FB39} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2017-03-30] ()
Task: {FC793AFB-59C1-432A-A404-D8E9D9C5ACC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-21] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-166812146-971143260-1179000955-2659.job => C:\Users\mikea\AppData\Local\GoToMeeting\8847\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-166812146-971143260-1179000955-2659.job => C:\Users\mikea\AppData\Local\GoToMeeting\8847\g2mupload.exe
Task: C:\WINDOWS\Tasks\iToolsDaemon.job => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\mikea\Desktop\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\mikea\Desktop\CloudTrax.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=akbnongdneingfbddlhihjgokjcpdidn
ShortcutWithArgument: C:\Users\mikea\Desktop\cPanel.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ablhdjboaniefejbodoachlgadjnkced
ShortcutWithArgument: C:\Users\mikea\Desktop\CUC.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ceeanidgeajbboaocdocpnpnnplmbbdh
ShortcutWithArgument: C:\Users\mikea\Desktop\CUCM.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=papjedcglkgolepjoblmecoghncpbmhf
ShortcutWithArgument: C:\Users\mikea\Desktop\Skedda.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dlhlaejehkjfinjdlpiegklmoanianip
ShortcutWithArgument: C:\Users\mikea\Desktop\Teamwork.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hikiaheobklndbeljgccmmpekhaljeij
ShortcutWithArgument: C:\Users\mikea\Desktop\Umbrella.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ngeekmlhhppadhibcemgbkmckompalll
ShortcutWithArgument: C:\Users\mikea\Desktop\vSphere.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hinfghlknhookbpkababcpfpbjcflgpl
ShortcutWithArgument: C:\Users\mikea\Desktop\WHM.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbleollflnencaenekbbacgkbebookfd
ShortcutWithArgument: C:\Users\mikea\Desktop\WMMR.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bjpmocjdkfnmkmeafadlmhoghmkeiekd
ShortcutWithArgument: C:\Users\mikea\Desktop\Yammer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=laipjomfabglokiemfjfcpnbggfafegg
ShortcutWithArgument: C:\Users\mikea\Desktop\Zoho.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=nmhfemjfjakdbjnaljcbohpdliggdgnm
ShortcutWithArgument: C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\CloudTrax.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=akbnongdneingfbddlhihjgokjcpdidn
ShortcutWithArgument: C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\cPanel.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ablhdjboaniefejbodoachlgadjnkced
ShortcutWithArgument: C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\CUC.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ceeanidgeajbboaocdocpnpnnplmbbdh
ShortcutWithArgument: C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\CUCM.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=papjedcglkgolepjoblmecoghncpbmhf
ShortcutWithArgument: C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Skedda.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dlhlaejehkjfinjdlpiegklmoanianip
ShortcutWithArgument: C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Teamwork.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hikiaheobklndbeljgccmmpekhaljeij
ShortcutWithArgument: C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Umbrella (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ngeekmlhhppadhibcemgbkmckompalll
ShortcutWithArgument: C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Umbrella.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ngeekmlhhppadhibcemgbkmckompalll
ShortcutWithArgument: C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\vSphere.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hinfghlknhookbpkababcpfpbjcflgpl
ShortcutWithArgument: C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WHM.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbleollflnencaenekbbacgkbebookfd
ShortcutWithArgument: C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WMMR.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bjpmocjdkfnmkmeafadlmhoghmkeiekd
ShortcutWithArgument: C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Yammer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=laipjomfabglokiemfjfcpnbggfafegg
ShortcutWithArgument: C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Zoho.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=nmhfemjfjakdbjnaljcbohpdliggdgnm
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-17 02:28 - 2016-11-17 02:28 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-07 23:52 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-07 23:52 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-07 19:04 - 2017-03-07 19:04 - 000157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2018-01-08 23:20 - 2018-01-08 23:20 - 012443624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2018-05-16 15:35 - 2018-05-16 15:35 - 002587976 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1111\libprotobuf.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-05-07 04:53 - 2018-05-07 04:53 - 000054440 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-11 19:35 - 2018-04-12 05:20 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 13:28 - 2017-01-11 13:28 - 000503808 _____ () C:\WINDOWS\SYSTEM32\turbojpeg.dll
2018-04-12 05:24 - 2018-04-12 05:24 - 000475136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-04-12 05:24 - 2018-04-12 05:24 - 023358976 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-04-12 05:24 - 2018-04-12 05:24 - 015622144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-04-12 05:24 - 2018-04-12 05:24 - 003101696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-04-12 05:24 - 2018-04-12 05:24 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-15 17:46 - 2018-05-14 23:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-15 17:46 - 2018-05-14 23:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000966512 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000335720 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2018-04-30 12:47 - 2018-02-10 19:58 - 000106344 _____ () C:\Program Files (x86)\AOMEI Backupper\Amnet.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000266088 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000499560 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000040816 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000057200 _____ () C:\Program Files (x86)\AOMEI Backupper\NTHelp.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000081776 _____ () C:\Program Files (x86)\AOMEI Backupper\NTLog.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000139112 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000352112 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000081776 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2018-04-30 12:47 - 2015-05-21 14:32 - 002403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000089960 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000073584 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000298864 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000982896 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000027496 _____ () C:\Program Files (x86)\AOMEI Backupper\NTSQLite.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000339824 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000130928 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000175984 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000724848 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000114536 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000266088 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2018-04-30 12:47 - 2018-02-10 19:59 - 000188272 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2017-10-10 12:13 - 2018-05-16 09:51 - 000735592 _____ () c:\program files (x86)\clover\cloversvc.dll
2018-01-08 23:20 - 2018-01-08 23:20 - 000173032 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2018-01-08 23:20 - 2018-01-08 23:20 - 000396776 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2018-01-08 23:20 - 2018-01-08 23:20 - 000126440 _____ () C:\Program Files (x86)\VMware\VMware Workstation\expat.dll
2017-11-09 01:44 - 2017-11-09 01:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-09-25 10:23 - 2017-09-25 10:23 - 000127576 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\csflogger.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000484440 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\ServicesFramework.dll
2017-09-25 10:25 - 2017-09-25 10:25 - 000791640 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\wcl_dll.DLL
2017-09-25 10:24 - 2017-09-25 10:24 - 001260632 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libxml2.dll
2017-09-25 10:23 - 2017-09-25 10:23 - 000345176 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\JCFCoreUtils.dll
2017-09-25 10:23 - 2017-09-25 10:23 - 000112728 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\HttpDownloader.dll
2017-09-25 10:23 - 2017-09-25 10:23 - 001415768 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\csfnetutils.dll
2017-09-25 10:25 - 2017-09-25 10:25 - 000059480 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\SystemMonitor.dll
2017-09-25 10:23 - 2017-09-25 10:23 - 000071768 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\csfdiagnostics.dll
2017-09-25 10:23 - 2017-09-25 10:23 - 000145496 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\dnsutils.dll
2017-09-25 10:23 - 2017-09-25 10:23 - 000224856 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\csfstorage.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000966232 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\PluginRuntime.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000023640 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\PluginResources.dll
2017-09-25 10:23 - 2017-09-25 10:23 - 000310872 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\ceb.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000739416 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\PluginUtils.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000697944 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\ConfigService\ConfigService.dll
2017-09-25 10:28 - 2017-09-25 10:28 - 004494936 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\SystemService\SystemService.dll
2017-09-25 10:28 - 2017-09-25 10:28 - 000590424 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\TelemetryService\TelemetryService.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000659544 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\DesktopShareService\DesktopShareService.dll
2017-09-25 10:28 - 2017-09-25 10:28 - 004074584 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\TelephonyService\TelephonyService.dll
2017-09-25 10:22 - 2017-09-25 10:22 - 000035928 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CDMWrapper.dll
2017-09-25 10:23 - 2017-09-25 10:23 - 000400472 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CommunicationsDeviceManager.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000390232 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\srtp.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000933464 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libcxypmp.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 001230936 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libcxypme.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000966232 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libcxytaf.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000020568 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libcxybase.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 001585752 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libmari.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 002047064 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libtaf.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000061016 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstinterfaces-0.10-0.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 009703512 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libpme.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000668248 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstreamer-0.10-0.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000037976 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libtaah264codecbase.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000021080 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\logitech-vt3fix.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000076376 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstvideo-0.10-0.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000080984 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstrtp-0.10-0.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000046168 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstapp-0.10-0.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000197720 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstaudio-0.10-0.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000285784 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstbase-0.10-0.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000113752 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstpbutils-0.10-0.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 006532184 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\IMPresenceServices\IMPresenceServices.dll
2017-09-25 10:23 - 2017-09-25 10:23 - 001142872 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\csfcommunicationhistory.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000399448 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libexpatw.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000648280 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\ConversationService\ConversationService.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000047704 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\outlook-recordsource-sink.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000248920 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\LoggerService\LoggerService.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 002704984 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\ExchangeService\ExchangeService.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000234072 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\DiagnosticsToolPlugin\DiagnosticsToolPlugin.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000272472 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\JabberUpgradePlugin\JabberUpgradePlugin.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000602712 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\ConversationWindowPlugin\ConversationWindowPlugin.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000071768 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\PresenceConnectorPlugin\PresenceConnectorPlugin.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000106072 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\ScreenCapture.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 003110488 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\TelephonyPlugin\TelephonyPlugin.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000626776 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\TelephonyRuntime\TelephonyRuntime.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000758872 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\TelephonyDeviceSelectionPlugin\TelephonyDeviceSelectionPlugin.dll
2017-09-25 10:25 - 2017-09-25 10:25 - 000090200 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\VoiceMailPlayback.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000284248 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\CallsTab\CallsTab.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 001042008 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\PresenceAreaPlugin\PresenceAreaPlugin.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000281688 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\SoundTab\SoundTab.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000278616 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\HuntGroupCallPickupPlugin\HuntGroupCallPickupPlugin.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 002445400 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\JabberMeetingPlugin\JabberMeetingPlugin.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000125528 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\TelephonyPhoneModePlugin\TelephonyPhoneModePlugin.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000639064 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\MediaDeviceService\MediaDeviceService.dll
2017-09-25 10:28 - 2017-09-25 10:28 - 002038360 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\VoicemailService\VoicemailService.dll
2017-09-25 10:27 - 2017-09-25 10:27 - 000425560 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\CommunicationHistoryService\CommunicationHistoryService.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000226904 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstcoreelements.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000032344 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstvolume.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000137304 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstcontroller-0.10-0.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000074328 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstaudioconvert.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000053336 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstvideotestsrc.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000190040 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstffmpegcolorspace.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000100952 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstvideoscale.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000055384 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstudp.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000019032 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstnetbuffer-0.10-0.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000029272 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstlevel.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000199256 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstrtpmanager.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000281688 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstrtp.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000026712 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstalaw.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000023640 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstmulaw.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000052824 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstwavparse.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000050776 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstriff-0.10-0.dll
2017-09-25 10:24 - 2017-09-25 10:24 - 000143960 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgsttag-0.10-0.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000069720 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstvideobox.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000041560 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstliveadder.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000833112 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstopus.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000030808 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstrtpmux.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000050776 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstdtmf.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000067160 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstwinks.dll
2017-09-25 10:26 - 2017-09-25 10:26 - 000044632 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstwinscreencap.dll
2017-05-08 11:37 - 2017-05-08 11:37 - 003183568 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\accessories\Logitech\LogiUCPluginForCisco\lucpcisco.dll
2017-07-20 00:21 - 2017-07-20 00:21 - 000798264 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\MeetingSDK\JabberMeeting.dll
2017-07-20 00:21 - 2017-07-20 00:21 - 000148536 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\MeetingSDK\Mconhelp.dll
2017-07-20 00:21 - 2017-07-20 00:21 - 000382520 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\MeetingSDK\TriSMD.dll
2017-07-20 00:21 - 2017-07-20 00:21 - 000320568 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\MeetingSDK\ConOI.dll
2017-07-20 00:21 - 2017-07-20 00:21 - 000297528 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\MeetingSDK\EmbeddedBrowser.dll
2018-05-23 13:38 - 2018-05-21 13:06 - 000847688 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-05-23 13:38 - 2018-05-21 13:06 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-05-08 19:09 - 2018-05-21 13:09 - 000021328 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 000022384 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:06 - 000135656 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 001881448 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 000023400 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:06 - 000111576 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll
2018-05-08 19:09 - 2018-05-21 13:06 - 000103392 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 000065880 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 000079688 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:06 - 000399832 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll
2018-05-08 19:09 - 2018-05-21 13:06 - 000024544 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:06 - 000043496 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:06 - 000021472 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:06 - 000124896 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:06 - 000114664 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:09 - 000392024 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:10 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:06 - 000024552 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:06 - 000175584 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:06 - 000024544 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:06 - 000026080 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:06 - 000048616 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:06 - 000057824 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:10 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 000023392 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:09 - 000069992 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:10 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:09 - 003865936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:06 - 000082384 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 001800528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 001960272 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:06 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:09 - 000155480 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 000521552 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:09 - 000051032 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 000043352 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:09 - 000130896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:09 - 000220504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 000205144 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:06 - 000060896 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:10 - 000056160 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:06 - 000024040 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:10 - 000024424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:10 - 000023400 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:10 - 000022376 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:10 - 000023400 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 000028016 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:06 - 000348128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:09 - 000101712 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:10 - 000024432 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:06 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-05-23 13:38 - 2018-05-21 13:08 - 000034152 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:06 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-05-08 19:09 - 2018-05-21 13:10 - 000023400 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-05-08 19:09 - 2018-05-21 13:09 - 000031584 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-05-23 13:38 - 2018-05-21 13:08 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-05-23 13:38 - 2018-05-21 13:06 - 014419416 _____ () C:\Program Files (x86)\Dropbox\Client\opengl32sw.dll
2018-05-08 19:09 - 2018-05-21 13:09 - 000090472 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.cp35-win32.pyd
2018-05-08 19:09 - 2018-05-21 13:10 - 000026984 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 000546640 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp35-win32.pyd
2018-05-23 13:38 - 2018-05-21 13:08 - 000359760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp35-win32.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\mikea\Desktop\SpaceSniffer.exe:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2018-05-04 08:36 - 000000912 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1    vmware-localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-166812146-971143260-1179000955-2659\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 10.0.0.7 - 10.0.0.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-166812146-971143260-1179000955-2659\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-166812146-971143260-1179000955-2659\...\StartupApproved\Run: => "iFunBox"
HKU\S-1-5-21-166812146-971143260-1179000955-2659\...\StartupApproved\Run: => "com.squirrel.slack.slack"
HKU\S-1-5-21-166812146-971143260-1179000955-2659\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-166812146-971143260-1179000955-2659\...\StartupApproved\Run: => "ovilfm"
HKU\S-1-5-21-166812146-971143260-1179000955-2659\...\StartupApproved\Run: => "applebaum"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1116CBB9-CECA-4C65-AD5C-71DBC8DC0255}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{D8792386-B10C-4315-A1A4-7C6C96A0EC0F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C949F9A9-B36A-4822-A4F8-29CDFB9C3E3B}] => (Allow) C:\Program Files\Kairos\Duet Display\duet.exe
FirewallRules: [{8110ECFC-BE10-4827-86CD-44890387D3F9}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{1B117F09-731A-4F86-8297-EB59D4C54512}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
FirewallRules: [{D0A64683-2117-4DD1-8122-C3B305A6E00A}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
FirewallRules: [{CC852A78-F1D7-4149-BC32-7F3AB03D6E81}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
FirewallRules: [{1EC9D24F-D0FE-41EB-9BD2-0BF61133F5BB}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
FirewallRules: [{31057240-D8D4-43F9-A337-B65FFD336973}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CDC49474-8096-4E60-AEBF-D0A38F5D3BD8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0F203FAF-27C8-47F1-B617-69D652D6461A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4ACD72E9-1B9B-44BC-B8FE-AF512C1421A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2BF27546-D9EC-4DAA-B220-614E309E5AAC}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
FirewallRules: [{76E22B77-D8A6-401F-B35F-3AA2482B855D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DAB17C33-CF3A-4767-AC5E-698D0F7081E3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{ABCF3ADB-8856-4B8A-9722-76D3F73A49B0}C:\program files\kairos\duet display\duet.exe] => (Allow) C:\program files\kairos\duet display\duet.exe
FirewallRules: [TCP Query User{680232AE-C787-4AD0-85A4-1FB10E273E85}C:\program files\kairos\duet display\duet.exe] => (Allow) C:\program files\kairos\duet display\duet.exe
FirewallRules: [{2175DBCA-4A23-42DB-A75D-29BBFD9E6AF2}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{DD186FA7-0C13-4D11-88C3-9ABF9B3943C0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{C5B061B7-9612-4900-8488-5D4E0223D02B}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{C6A7F686-08F4-457B-B939-A4AC84F91BEE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [DNS Server Forward Rule - UDP - a675a0cc-5ac7-4a21-ba2d-4fa5dbd81099 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - a675a0cc-5ac7-4a21-ba2d-4fa5dbd81099 - 0] => (Allow) LPort=53
FirewallRules: [UDP Query User{36E0314C-8212-44D7-B443-E0A7511CFCD4}C:\program files (x86)\cisco systems\cisco jabber\ciscojabber.exe] => (Allow) C:\program files (x86)\cisco systems\cisco jabber\ciscojabber.exe
FirewallRules: [TCP Query User{24E3E9D9-CADE-449A-A480-FCF328EBB2F5}C:\program files (x86)\cisco systems\cisco jabber\ciscojabber.exe] => (Allow) C:\program files (x86)\cisco systems\cisco jabber\ciscojabber.exe
FirewallRules: [UDP Query User{E3CB2645-3F8D-4662-BE6A-F273FAD3754D}C:\users\mikea\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\mikea\appdata\local\logmein client\lmiignition.exe
FirewallRules: [TCP Query User{C6FE3FB6-B1D0-4DF5-BEBC-58B2E77854FB}C:\users\mikea\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\mikea\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{43BF389E-6E41-453A-BD35-5832E9B7333B}C:\program files (x86)\cisco systems\cisco jabber\ciscojabber.exe] => (Allow) C:\program files (x86)\cisco systems\cisco jabber\ciscojabber.exe
FirewallRules: [TCP Query User{726504FC-96D1-41AC-A849-BF5918B058E8}C:\program files (x86)\cisco systems\cisco jabber\ciscojabber.exe] => (Allow) C:\program files (x86)\cisco systems\cisco jabber\ciscojabber.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
 
==================== Restore Points =========================
 
25-05-2018 10:21:50 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/28/2018 11:52:19 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (05/28/2018 11:52:19 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (05/28/2018 11:52:19 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (05/28/2018 11:52:14 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (05/28/2018 11:50:49 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (05/28/2018 11:50:15 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (05/28/2018 10:45:43 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
Error: (05/28/2018 10:45:42 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.
 
 
System errors:
=============
Error: (05/28/2018 11:52:06 AM) (Source: DCOM) (EventID: 10016) (User: GREENELL)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user GREENELL\MikeA SID (S-1-5-21-166812146-971143260-1179000955-2659) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/28/2018 10:41:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/28/2018 10:41:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/28/2018 09:27:29 AM) (Source: DCOM) (EventID: 10010) (User: GREENELL)
Description: The server Windows.Media.Capture.Internal.AppCaptureShell did not register with DCOM within the required timeout.
 
Error: (05/28/2018 09:27:09 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the GameDVR and Broadcast User Service_93652 service, but this action failed with the following error: 
The specified service has been marked for deletion.
 
Error: (05/28/2018 09:27:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GameDVR and Broadcast User Service_93652 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 3000 milliseconds: Restart the service.
 
Error: (05/28/2018 09:27:04 AM) (Source: DCOM) (EventID: 10010) (User: GREENELL)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (05/28/2018 09:27:04 AM) (Source: DCOM) (EventID: 10010) (User: GREENELL)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 36%
Total physical RAM: 16268.08 MB
Available physical RAM: 10275.3 MB
Total Virtual: 32652.08 MB
Available Virtual: 25969.54 MB
 
==================== Drives ================================
 
Drive c: (System) (Fixed) (Total:146.96 GB) (Free:63.4 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Store) (Fixed) (Total:329.09 GB) (Free:125.4 GB) NTFS
Drive h: () (Network) (Total:48.52 GB) (Free:24.13 GB) 
Drive q: (Data) (Network) (Total:99.87 GB) (Free:73.54 GB) NTFS
Drive u: () (Network) (Total:99.77 GB) (Free:24.45 GB) 
Drive v: (CUCM) (Network) (Total:122.65 GB) (Free:87.88 GB) NTFS
Drive w: () (Network) (Total:50 GB) (Free:17.66 GB) 
Drive x: () (Network) (Total:85 GB) (Free:79.72 GB) 
Drive y: () (Network) (Total:34.99 GB) (Free:16.73 GB) 
Drive z: (MIS) (Network) (Total:862.26 GB) (Free:386.73 GB) NTFS
 
\\?\Volume{4a835958-0000-0000-0080-620377000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{4a835958-0000-0000-0060-e51f77000000}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: 4A835958)
Partition 1: (Not Active) - (Size=329.1 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=147 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================


#3 iker42

iker42
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 01 June 2018 - 07:30 PM

Not to be that guy but did this get looked at?

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 02 June 2018 - 11:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/678253 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 iker42

iker42
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 02 June 2018 - 11:19 AM

Here are updated FRST and Additional logs

Attached Files



#6 Android8888

Android8888

  • Malware Response Team
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:16 PM

Posted 06 June 2018 - 05:57 AM

Hello iker42 and welcome to Bleeping Computer Forums.

Sorry for the late reply.
I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear.

 

 

You have some applications installed that if not used with caution might allow someone to have remote access to your computer and compromise your data.
Please let me know if you are aware of the following programs installed on your computer:

Chrome Remote Desktop Host (allow remote access)
Private Internet Access Support Files (this is related to a VPN)
TeamViewer (allow remote access)
UltraVnc (allow remote access)

Note: If you know and used them, I strongly suggest you use strong passwords in all of them.
How To Create a Strong Password

 

 

Now, please proceed with the instructions below in the order listed.

Follow the instructions to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file in the bottom of this post, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Run as Administrator;
  • Click on the Fix button;
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;

 

Next,

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both 'On' and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.

 

Next,

  • Download AdwCleaner and move it to your computer Desktop;
  • Right-click on AdwCleaner.exe and select Run as Administrator;
  • Click Yes to accept the User Account Control security warning that may appear;
  • Click on the blue button 'I AGREE';
  • Click on the Scan Now button;
  • Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button;
  • Click on the Clean & Restart Now button;
  • After the restart, a log will open when logging in. Please attach that log in your next reply.

 

To summarize, please attach the requested logs:

Fixlog.txt;
Malwarebytes log.
AdwCleaner clean log;

 

Do you know the programs I listed at the beginning of this post?

Let me know in detail what issues or concerns do you still have with this computer.

 

 

Thank you.

Android8888

Attached Files


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#7 iker42

iker42
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 06 June 2018 - 06:13 PM

Thanks for the reply! 

Regarding the programs on your list. Yes, I am aware of and use all of the listed. All are pw protected and also have been present for a few years now so I am inclined to believe they are safe. 

 

Attached are the the requested logs. 

 

First, the FRST tool was running while my computer crashed earlier, however I reran it and it looks to have finished properly (and cleared the first set of files in the earlier run)

Attached Files


Edited by iker42, 06 June 2018 - 06:15 PM.


#8 Android8888

Android8888

  • Malware Response Team
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:16 PM

Posted 07 June 2018 - 08:39 AM

Hello iker42 and thank you for the logs.

Alright, let's run a scan with RogueKiller.

Please download RogueKiller_portable64.exe by Tigzy and save it to your computer Desktop.

  • Now close all programs and Internet browsers and disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the file RogueKiller_portable64.exeand select Run as administrator to start the tool.
  • Click Yes to accept the User Account Control security warning that may appear.
  • Once the tool is open, click the 'Scan' tab menu and the click the Start Scan button.
  • Wait until the scan has finished. Note: This scan may take some time to complete;
  • Warning: Do NOT remove any entry it found. They may not all be malicious and need to be carefully analyzed.
  • Once finished the results will be displayed. Click on the Open Report button. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your computer Desktop.
  • Close RogueKiller.

Please copy and paste the contents of RKlog.txt to your next reply.

How is the system running at this point?

Android8888


Edited by Android8888, 07 June 2018 - 08:39 AM.

Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#9 iker42

iker42
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 07 June 2018 - 09:19 AM

Here is the Roguekiller log. 
System performance is good. It has really just been the two account intrusions that seemingly bypassed all new access security. I have not had a security incident since the date of this first post, but I am not convinced there isn't still a bug.


 

RogueKiller V12.12.20.0 (x64) [Jun  4 2018] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : MikeA [Administrator]
Started from : C:\Users\mikea\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 06/07/2018 09:49:53 (Duration : 00:26:16)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 15 ¤¤¤
[Adw.Softcnapp] (X64) HKEY_CLASSES_ROOT\CLSID\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} (C:\Program Files (x86)\Clover\TabHelper64.dll) -> Found
[Adw.Softcnapp] (X64) HKEY_LOCAL_MACHINE\Software\Clover -> Found
[Adw.Softcnapp] (X86) HKEY_LOCAL_MACHINE\Software\Clover -> Found
[Adw.Softcnapp] (X64) HKEY_USERS\S-1-5-21-166812146-971143260-1179000955-2659\Software\Clover -> Found
[Adw.Softcnapp] (X86) HKEY_USERS\S-1-5-21-166812146-971143260-1179000955-2659\Software\Clover -> Found
[Adw.Softcnapp] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Clover -> Found
[Adw.Softcnapp] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} (C:\Program Files (x86)\Clover\TabHelper64.dll) -> Found
[Adw.Softcnapp] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} (C:\Program Files (x86)\Clover\TabHelper64.dll) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-166812146-971143260-1179000955-2659\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-166812146-971143260-1179000955-2659\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e324d560-50f6-4fbd-9892-25b85f20eb19} | NameServer : 10.0.0.7,10.0.0.8 ([][])  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-166812146-971143260-1179000955-2659\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-166812146-971143260-1179000955-2659\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-166812146-971143260-1179000955-2659\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-166812146-971143260-1179000955-2659\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 13 ¤¤¤
[Tr.Gen0][File] C:\Users\mikea\Desktop\UltraVNC.lnk [LNK@] C:\PROGRA~1\UVNCBV~1\UltraVnc\VNCVIE~1.EXE -> Found
[Tr.Gen0][File] C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVNC.lnk [LNK@] C:\PROGRA~1\UVNCBV~1\UltraVnc -> Found
[Adw.Softcnapp][File] C:\Users\mikea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Clover.lnk [LNK@] C:\PROGRA~2\Clover\Clover.exe -> Found
[Tr.Gen0][File] C:\Users\mikea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\UltraVNC.lnk [LNK@] C:\PROGRA~1\UVNCBV~1\UltraVnc\VNCVIE~1.EXE -> Found
[Adw.Softcnapp][File] C:\Users\mikea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Clover.lnk [LNK@] C:\PROGRA~2\Clover\Clover.exe -> Found
[Adw.Softcnapp][Folder] C:\Users\mikea\AppData\Local\Clover -> Found
[Adw.Softcnapp][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover -> Found
[Adw.Softcnapp][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover.lnk [LNK@] C:\PROGRA~2\Clover\Clover.exe -> Found
[Tr.Gen0][Folder] C:\Program Files\uvnc bvba -> Found
[Adw.Softcnapp][Folder] C:\Program Files (x86)\Clover -> Found
[Tr.Gen0][File] C:\Users\mikea\Desktop\UltraVNC.lnk [LNK@] C:\PROGRA~1\UVNCBV~1\UltraVnc\VNCVIE~1.EXE -> Found
[Hj.Shortcut][File] C:\Users\mikea\Dropbox\Infor.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe "https://csi901.inforcloudsuite.com/slclientdeploy/syteline.application?ConfigGroup=GC" -> Found
[Tr.Gen0][File] C:\Users\mikea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVNC.lnk [LNK@] C:\PROGRA~1\UVNCBV~1\UltraVnc -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 3 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Found
[PUM.SearchEngine][Firefox:Config] cindy.default : user_pref("browser.search.selectedEngine", "Yahoo!"); -> Found
[PUM.HomePage][Chrome:Config] Default : session.startup_urls [http://www.google.com|http://https://www.google.com//?CUI=UN21970645852251025&ctid=CT3240727&SearchSource=48|http://https://www.google.com//?CUI=UN67501365716446783&ctid=CT3284024&SearchSource=48|http://isearch.fantastigames.com/440|https://www.google.com/|https://www.google.com/|http://mysearch.avg.com?cid={22D7C42A-6514-4065-922E-EA34F21E9EEC}&mid=1a26030b724d47d39d1bd168ddf6ce75-dc3769caec03edb24130dff1b723240904283270&lang=en&ds=dn011&coid=avgtbdisdn&pr=sa&d=2013-10-23 18:00:14&v=17.0.0.12&pid=safeguard&sg=0&sap=hp|https://www.google.com/|http://search.conduit.com/?CUI=UN21970645852251025&ctid=CT3240727&SearchSource=48|http://search.conduit.com/?CUI=UN67501365716446783&ctid=CT3284024&SearchSource=48|http://start.sweetpacks.com/?barid={71BE73B7-C98E-11E2-BE6F-00219B122786}&src=10&crg=3.5000006.10045&st=23|http://search.conduit.com/?ctid=CT3310511&SearchSource=48&CUI=UN39703136972009347&UM=2|http://mail.ru/cnt/10445?gp=818406] -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 PRO 512GB +++++
--- User ---
[MBR] 449605d9f190b295032d98f603007c40
[BSP] d5040533f4365bb4dde3b9cdc54bd896 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 336987 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 690152400 | Size: 150489 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 998355264 | Size: 450 MB
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 999289520 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK


#10 Android8888

Android8888

  • Malware Response Team
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:16 PM

Posted 07 June 2018 - 09:58 AM

I have not had a security incident since the date of this first post, but I am not convinced there isn't still a bug.

Alright, we will check further until everything is clean.
 
 
For now please proceed with these instructions:
 

Please re-run RogueKiller (right-click on the executable file and select Run as administrator) and run a new scan;
Let the scan complete and then check-mark every single entry it finds, except these 4:

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-166812146-971143260-1179000955-2659\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-166812146-971143260-1179000955-2659\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-166812146-971143260-1179000955-2659\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-166812146-971143260-1179000955-2659\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found

Click on the Remove Selected button and wait until it completes the removal process;
Click on the Open Report button. It will open a new window;
Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your computer Desktop;
Close RogueKiller.

Please attach the RKlog.txt to your next reply.

 

Restart the computer.

Next,

  • Open Malwarebytes and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
  • If it asks you to restart your computer to complete the removal, do so;
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.

 

Please attach the RogueKiller log and the Malwarebytes log in your reply.


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#11 iker42

iker42
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 07 June 2018 - 01:33 PM

Here are the two logs. 

Attached Files



#12 Android8888

Android8888

  • Malware Response Team
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:16 PM

Posted 07 June 2018 - 05:02 PM

Great, looks good. We are making progress.
 
Please empty the Malwarebytes quarantine:

  • Open Malwarebytes;
  • On the left pane, select 'Quarantine';
  • Check-mark the infected entry and then click on the Delete button;
  • Close Malwarebytes.

 

Okay, I would like to see an online scan with ESET to search for leftovers of infection. This is a very thorough scan and can take several hours to complete but it's worth it.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file and save it to your computer Desktop.
    • Close all your programs and browsers and disconnect any USB flash drives from the computer.
    • Please disable your Antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Right-click on esetonlinescanner_enu.exe and select Run as administrator.
    • Click Yes to accept the User Account Control security warning that may appear. It will open a window with the Terms of Use.
  • Click the Accept button.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your Antivirus program.

Please post the content of the ESET log (if it produced one) and let me know how is the system behaving at this point.


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#13 iker42

iker42
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 07 June 2018 - 07:56 PM

No log was produced. No threats found. 

I will update on performance and any further activity. 

I'd like to thank you for your assistance at this point, I really do appreciate it. 



#14 Android8888

Android8888

  • Malware Response Team
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:16 PM

Posted 08 June 2018 - 09:16 AM

I'd like to thank you for your assistance at this point, I really do appreciate it.

You're most welcome! :thumbup2:

 

 

I will update on performance and any further activity.

Alright, please keep me posted.

 

 

Thank you.

 

Android8888


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#15 Android8888

Android8888

  • Malware Response Team
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:16 PM

Posted 15 July 2018 - 09:20 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users