Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown malware prevents me from deleting temporary files


  • This topic is locked This topic is locked
30 replies to this topic

#1 marborj

marborj

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 31 May 2018 - 12:42 PM

Hi. I attached a screenshot of the files listed in my C:\Windows\Temp 

I am mainly concerned with the 1st and 2nd files because I think the 3rd and 4th are necessary to run my laptop.

 

1. DPTF

Whenever I try to delete the DPTF folder, a window pops up and notifies me that "The action can't be completed because the folder or a file in it is open in another program. Close the folder or file and try again."

Even if no other program is opened, I'm still notified with that message and I can't delete it. Also, Bitdefender does not notify me whenever I try to delete it. But I'm still a bit suspicious about whether the file is safe or not. That's why I want to delete it.

 

2. tmp000003f0 

The folder entitled: "tmp000003f0" cannot be deleted. Whenever I try to delete it, a window pops up saying that I do not have permission to perform the action (but I am admin). Also, Bitdefender sends an alert stating the following:

 

"Threat Blocked

Item was quarantined. Threat name: Adware.DealPly.1.Gen. Path: C:\Windows\Temp\tmp000003f0\tmp00003695."

 

I have tried to permanently delete the folder by pressing SHIFT+DEL. The size and size on disk reduced to 0 Bytes. But the tmp00000XXX folder is still in C:\Windows\Temp

 

Please help me fix this problem. Thank you.


Edited by marborj, 31 May 2018 - 01:48 PM.


BC AdBot (Login to Remove)

 


#2 marborj

marborj
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 31 May 2018 - 12:46 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01

Ran by elloisemanuel (administrator) on ASUS-X540U (01-06-2018 00:22:01)
Running from C:\Users\elloisemanuel\Downloads
Loaded Profiles: elloisemanuel (Available Profiles: defaultuser0 & elloisemanuel & EeMnl)
Platform: Windows 10 Home Single Language Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b05899eb193fc33e\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b05899eb193fc33e\IntelCpHDCPSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b05899eb193fc33e\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b05899eb193fc33e\igfxEM.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Google, Inc.) C:\Program Files\Google\Drive File Stream\25.252.289.1553\GoogleDriveFS.exe
() C:\Program Files\Google\Drive File Stream\25.252.289.1553\crashpad_handler.exe
(Google, Inc.) C:\Program Files\Google\Drive File Stream\25.252.289.1553\GoogleDriveFS.exe
(Google, Inc.) C:\Program Files\Google\Drive File Stream\25.252.289.1553\GoogleDriveFS.exe
(Google, Inc.) C:\Program Files\Google\Drive File Stream\25.252.289.1553\GoogleDriveFS.exe
(Google, Inc.) C:\Program Files\Google\Drive File Stream\25.252.289.1553\GoogleDriveFS.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8025992 2016-09-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKU\S-1-5-21-743433023-1376000779-2915324046-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\25.252.289.1553\GoogleDriveFS.exe [28989176 2018-05-16] (Google, Inc.)
HKU\S-1-5-21-743433023-1376000779-2915324046-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334528 2018-04-13] (Piriform Ltd)
HKU\S-1-5-21-743433023-1376000779-2915324046-1001\...\Run: [Spotify] => C:\Users\elloisemanuel\AppData\Roaming\Spotify\Spotify.exe [23177616 2018-05-22] (Spotify Ltd)
HKU\S-1-5-21-743433023-1376000779-2915324046-1001\...\Run: [utweb] => "C:\Users\elloisemanuel\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKU\S-1-5-21-743433023-1376000779-2915324046-1001\...\Run: [Spotify Web Helper] => C:\Users\elloisemanuel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-22] (Spotify Ltd)
HKU\S-1-5-21-743433023-1376000779-2915324046-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049608 2017-07-03] (ASUSTek Computer Inc)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-743433023-1376000779-2915324046-1001] => hxxp://proxy.uap.asia:8080/wpad.dat
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{55cbc0af-ab80-4c39-888e-efcaa98ae31a}: [DhcpNameServer] 40.51.1.14
Tcpip\..\Interfaces\{ab4cea93-0697-4587-a924-0fb4d816099b}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://proxy.uap.asia:8080/wpad.dat
 
Internet Explorer:
==================
HKU\S-1-5-21-743433023-1376000779-2915324046-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-743433023-1376000779-2915324046-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-743433023-1376000779-2915324046-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-743433023-1376000779-2915324046-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-05-19] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll => No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL => No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-15] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\elloisemanuel\AppData\Local\Google\Chrome\User Data\Default [2018-06-01]
CHR Extension: (Slides) - C:\Users\elloisemanuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-15]
CHR Extension: (Docs) - C:\Users\elloisemanuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-15]
CHR Extension: (Google Drive) - C:\Users\elloisemanuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-15]
CHR Extension: (YouTube) - C:\Users\elloisemanuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-15]
CHR Extension: (WasteNoTime) - C:\Users\elloisemanuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\enebomhlllfaccbelnjhfgblnalofhch [2018-05-22]
CHR Extension: (Sheets) - C:\Users\elloisemanuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-15]
CHR Extension: (News Feed Eradicator for Facebook) - C:\Users\elloisemanuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg [2018-04-29]
CHR Extension: (Google Docs Offline) - C:\Users\elloisemanuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-15]
CHR Extension: (AdBlock) - C:\Users\elloisemanuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-26]
CHR Extension: (Email Tracking for Gmail & Inbox - Mailtrack) - C:\Users\elloisemanuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2018-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\elloisemanuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-15]
CHR Extension: (Gmail) - C:\Users\elloisemanuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\elloisemanuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-28]
CHR Extension: (Sci-Hub) - C:\Users\elloisemanuel\Downloads\Sci-Hub [2018-02-23] [UpdateUrl: hxxps://sci-hub.tv/update] <==== ATTENTION
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [125144 2016-02-16] (Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566448 2018-05-12] (Microsoft Corporation)
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-05-23] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-10-06] (Intel Corporation)
S4 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdatesvr.exe [133376 2016-11-14] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 osrss; C:\WINDOWS\system32\osrss.dll [108584 2018-01-18] (Microsoft Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] (Bitdefender)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [293344 2017-07-12] (Realtek Semiconductor Corp.)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [239400 2018-05-13] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [239400 2018-05-13] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [239400 2018-05-13] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S4 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [162048 2016-11-14] (Zhuhai Kingsoft Office Software Co.,Ltd)
S2 rtop; "c:\program files\bytefence\rtop\bin\rtop_svc.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0306882.inf_amd64_c59b43b38e120de5\atikmdag.sys [26555928 2016-09-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0306882.inf_amd64_c59b43b38e120de5\atikmpag.sys [511000 2016-09-13] (Advanced Micro Devices, Inc.)
R2 ASMMAP64; C:\WINDOWS\system32\DRIVERS\ASMMAP64.sys [36696 2016-04-27] (ASUSTek Computer Inc.)
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [142328 2016-05-17] (ASUS Corporation)
R0 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1177008 2018-05-13] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1723552 2018-05-13] (BitDefender)
R0 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [152648 2018-05-13] (Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-05-13] (Bitdefender)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-23] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-23] (Intel Corporation)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [246064 2018-05-13] (BitDefender S.R.L. Bucharest, ROMANIA)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-05-23] (Intel Corporation)
R1 googledrivefs2356; C:\WINDOWS\System32\DRIVERS\googledrivefs2356.sys [110960 2018-04-27] (Google, Inc.)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [189544 2018-05-13] (BitDefender LLC)
U0 PROCMON24; C:\WINDOWS\System32\Drivers\PROCMON24.SYS [93960 2018-05-31] (Sysinternals - www.sysinternals.com)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-05-17] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [724448 2017-07-12] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6907240 2017-07-14] (Realtek Semiconductor Corporation )
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [607640 2018-05-13] (Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-01 00:22 - 2018-06-01 00:23 - 000018344 _____ C:\Users\elloisemanuel\Downloads\FRST.txt
2018-06-01 00:19 - 2018-06-01 00:20 - 000000000 ____D C:\Users\elloisemanuel\Documents\Thesis Back Up
2018-06-01 00:12 - 2018-06-01 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2018-06-01 00:11 - 2018-06-01 00:11 - 000000000 ____D C:\Users\elloisemanuel\AppData\Local\CrashDumps
2018-06-01 00:10 - 2018-06-01 00:12 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2018-06-01 00:06 - 2018-06-01 00:06 - 019709440 _____ (Luis Cobian, CobianSoft) C:\Users\elloisemanuel\Downloads\cbSetup.exe
2018-05-31 23:33 - 2018-06-01 00:22 - 000000000 ____D C:\FRST
2018-05-31 23:33 - 2018-05-31 23:33 - 002413056 _____ (Farbar) C:\Users\elloisemanuel\Downloads\FRST64.exe
2018-05-31 23:26 - 2018-05-31 23:26 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-05-31 23:25 - 2018-05-31 23:27 - 000000000 ____D C:\ProgramData\RogueKiller
2018-05-31 23:25 - 2018-05-31 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-05-31 23:25 - 2018-05-31 23:25 - 000000000 ____D C:\Program Files\RogueKiller
2018-05-31 23:09 - 2018-05-31 23:24 - 036617024 _____ (Adlice Software ) C:\Users\elloisemanuel\Downloads\RogueKiller_setup.exe
2018-05-31 23:05 - 2018-05-31 23:05 - 006981240 _____ (ESET spol. s r.o.) C:\Users\elloisemanuel\Downloads\esetonlinescanner_enu.exe
2018-05-31 23:05 - 2018-05-31 23:05 - 000000000 ____D C:\Users\elloisemanuel\AppData\Local\ESET
2018-05-31 22:40 - 2018-05-31 22:40 - 000093960 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
2018-05-31 21:50 - 2018-05-31 21:50 - 001010826 _____ C:\Users\elloisemanuel\Downloads\ProcessMonitor.zip
2018-05-31 21:50 - 2018-02-12 15:30 - 002164360 ____N (Sysinternals - www.sysinternals.com) C:\Users\elloisemanuel\Downloads\Procmon.exe
2018-05-31 21:50 - 2018-02-12 15:22 - 000063582 ____N C:\Users\elloisemanuel\Downloads\procmon.chm
2018-05-31 21:50 - 2017-11-16 11:34 - 000007490 ____N C:\Users\elloisemanuel\Downloads\Eula.txt
2018-05-31 20:06 - 2018-05-31 20:06 - 000000000 ____D C:\ProgramData\ByteFence
2018-05-31 20:05 - 2018-05-31 20:05 - 000000000 ____D C:\Users\elloisemanuel\AppData\Roaming\facebook-nativefier-f52d2f
2018-05-31 16:47 - 2018-05-31 16:53 - 000000000 ____D C:\AdwCleaner
2018-05-31 16:47 - 2018-05-31 16:47 - 007271632 _____ (Malwarebytes) C:\Users\elloisemanuel\Downloads\AdwCleaner.exe
2018-05-31 16:27 - 2018-05-31 20:55 - 000007608 _____ C:\Users\elloisemanuel\AppData\Local\Resmon.ResmonCfg
2018-05-31 15:19 - 2018-05-31 20:02 - 000000854 _____ C:\Users\elloisemanuel\Desktop\Install Kaspersky Free version 18.0.0.405.lnk
2018-05-31 15:05 - 2018-05-31 19:59 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-05-31 15:04 - 2018-05-31 15:04 - 002376368 _____ (Kaspersky Lab) C:\Users\elloisemanuel\Downloads\kfa18.0.0.405aben_12579.exe
2018-05-31 14:53 - 2009-10-15 14:25 - 000271872 _____ (OldTimer Tools) C:\Users\elloisemanuel\Downloads\TFC.exe
2018-05-31 14:49 - 2018-05-31 14:50 - 000266775 _____ C:\Users\elloisemanuel\Downloads\TFC.zip
2018-05-29 18:30 - 2018-05-29 18:30 - 000000000 _____ C:\WINDOWS\SysWOW64\stub.json
2018-05-29 11:54 - 2018-05-29 11:54 - 000346521 _____ C:\Users\elloisemanuel\Downloads\[21996059 - Studies in Logic, Grammar and Rhetoric] The Application of Multinomial Logistic Regression Models for the Assessment of Parameters of Oocytes and Embryos Quality in Predicting Pregnancy and Misc.pdf
2018-05-29 01:47 - 2018-05-29 01:47 - 000923136 _____ C:\Users\elloisemanuel\Downloads\ch15.ppt
2018-05-29 00:03 - 2018-05-29 00:03 - 000000134 _____ C:\Users\elloisemanuel\AppData\Roaming\WB.CFG
2018-05-27 23:07 - 2018-05-27 23:07 - 000375536 _____ C:\Users\elloisemanuel\Downloads\Confirmatory-factor-analysis-a-preface-to-LISREL.epub
2018-05-27 15:55 - 2018-05-27 15:55 - 000675047 _____ C:\Users\elloisemanuel\Downloads\rebrae-15342.pdf
2018-05-27 13:36 - 2018-05-27 13:36 - 000001292 _____ C:\Users\elloisemanuel\Desktop\Thesis - Shortcut.lnk
2018-05-27 12:04 - 2018-05-27 12:04 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-05-27 11:40 - 2018-05-31 08:41 - 000000000 ____D C:\Users\elloisemanuel\AppData\LocalLow\uTorrent
2018-05-27 11:39 - 2018-05-31 15:47 - 000000000 ____D C:\Users\elloisemanuel\AppData\Roaming\uTorrent
2018-05-27 11:32 - 2018-05-31 16:57 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-27 11:26 - 2018-05-27 11:26 - 000001907 _____ C:\Users\elloisemanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2018-05-26 11:18 - 2018-05-26 11:18 - 000081499 _____ C:\Users\elloisemanuel\Downloads\214-564-1-PB.pdf
2018-05-25 12:30 - 2018-05-25 12:30 - 000000000 ___RD C:\Users\elloisemanuel\AppData\Roaming\Brother
2018-05-25 12:30 - 2018-05-25 12:30 - 000000000 ____D C:\Users\elloisemanuel\AppData\LocalLow\Brother
2018-05-24 20:22 - 2018-05-24 20:22 - 000056377 _____ C:\Users\elloisemanuel\Downloads\012_Kotliarov.pdf
2018-05-24 20:18 - 2018-05-24 20:18 - 000139200 _____ C:\Users\elloisemanuel\Downloads\119724-282733-1-SM.pdf
2018-05-24 19:29 - 2018-05-24 19:29 - 001568116 _____ C:\Users\elloisemanuel\Downloads\133-768-3-PB.pdf
2018-05-24 16:41 - 2018-05-24 16:41 - 000029723 _____ C:\ProgramData\agent.update.1527151277.bdinstall.bin
2018-05-24 03:01 - 2018-05-24 03:01 - 000486848 _____ C:\Users\elloisemanuel\Downloads\dp2007-3 (1).pdf
2018-05-24 03:00 - 2018-05-24 03:00 - 000486848 _____ C:\Users\elloisemanuel\Downloads\dp2007-3.pdf
2018-05-23 04:13 - 2018-05-23 04:13 - 000224511 _____ C:\Users\elloisemanuel\Downloads\9783540791270-c1.pdf
2018-05-23 00:56 - 2018-05-23 00:56 - 003113364 _____ C:\Users\elloisemanuel\Downloads\Handbook-of-Research-on-Nonprofit-Economics-and-Management.pdf
2018-05-22 22:56 - 2018-05-22 22:56 - 019747992 _____ C:\Users\elloisemanuel\Downloads\The-Study-of-the-Nonprofit-Enterprise-Theories-and-Approaches.pdf
2018-05-22 17:04 - 2018-05-22 17:04 - 000537838 _____ C:\Users\elloisemanuel\Downloads\9783319142647-c2.pdf
2018-05-22 16:26 - 2018-05-22 16:26 - 005144844 _____ C:\Users\elloisemanuel\Downloads\Handbook-of-the-Economics-of-Giving-Altruism-and-Reciprocity-Volume-2-Applications-.pdf
2018-05-19 17:31 - 2018-05-19 17:31 - 001461006 _____ C:\Users\elloisemanuel\Downloads\in-situ-slum-rehabiliation-11.pptx
2018-05-17 14:51 - 2018-05-17 14:51 - 000132901 _____ C:\Users\elloisemanuel\Downloads\s0264-2751(99)00039-6.pdf
2018-05-17 04:10 - 2018-05-02 05:25 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-17 04:10 - 2018-05-02 05:25 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-16 10:58 - 2018-05-16 10:58 - 001152245 _____ C:\Users\elloisemanuel\Downloads\5_799_810.pdf
2018-05-16 10:41 - 2018-05-03 15:43 - 000373664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-16 10:41 - 2018-05-03 15:36 - 000437664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-05-16 10:41 - 2018-05-03 14:31 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-16 10:41 - 2018-05-03 14:12 - 000816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-05-16 10:41 - 2018-05-03 14:00 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-16 10:41 - 2018-05-03 14:00 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-05-16 10:41 - 2018-05-03 13:59 - 018924544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-16 10:41 - 2018-05-03 13:57 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-16 10:41 - 2018-05-03 13:57 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-05-16 10:41 - 2018-05-03 13:54 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-05-16 10:41 - 2018-05-03 13:53 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-16 10:41 - 2018-05-03 13:52 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-16 10:41 - 2018-05-03 13:52 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-16 10:41 - 2018-05-03 13:52 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-16 10:41 - 2018-04-16 05:49 - 001954056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-05-16 10:41 - 2018-04-16 05:47 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-05-16 10:41 - 2018-04-16 05:34 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-05-16 10:41 - 2018-04-16 05:33 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-05-16 10:41 - 2018-04-16 04:47 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-05-16 10:41 - 2018-04-16 04:35 - 002462704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-05-16 10:41 - 2018-04-16 04:34 - 001456104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-05-16 10:41 - 2018-04-16 04:12 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-05-16 10:41 - 2018-04-16 04:12 - 013704704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-05-16 10:41 - 2018-04-16 04:12 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-05-16 10:41 - 2018-04-16 04:08 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-05-16 10:41 - 2018-04-16 04:03 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-16 10:41 - 2018-04-16 04:00 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-05-16 10:41 - 2018-03-30 13:06 - 000166304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-05-16 10:41 - 2018-03-30 13:01 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-05-16 10:41 - 2018-03-30 12:58 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-05-16 10:41 - 2018-03-30 12:10 - 000704080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-05-16 10:41 - 2018-03-30 11:45 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-05-16 10:41 - 2018-03-30 11:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-05-16 10:41 - 2018-03-30 11:40 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-05-16 10:41 - 2018-03-30 11:27 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-05-16 10:41 - 2018-03-13 14:54 - 000555936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-05-16 10:41 - 2018-03-01 13:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-05-16 10:41 - 2018-02-22 10:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-05-16 10:41 - 2018-02-22 10:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-05-16 10:41 - 2018-02-22 10:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-05-16 10:41 - 2018-02-22 09:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-05-16 10:41 - 2018-02-10 13:05 - 000662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-05-16 10:41 - 2018-02-10 12:46 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-05-16 10:41 - 2018-02-10 12:46 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-05-16 10:41 - 2018-02-10 12:43 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-05-16 10:41 - 2018-02-10 12:42 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-05-16 10:41 - 2018-02-10 12:37 - 001488384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-05-16 10:40 - 2018-05-03 15:51 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-16 10:40 - 2018-05-03 15:50 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-16 10:40 - 2018-05-03 15:47 - 008600472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-16 10:40 - 2018-05-03 15:45 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-16 10:40 - 2018-05-03 15:38 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-16 10:40 - 2018-05-03 15:36 - 007675792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-16 10:40 - 2018-05-03 15:36 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-16 10:40 - 2018-05-03 15:34 - 021356824 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-16 10:40 - 2018-05-03 15:32 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-05-16 10:40 - 2018-05-03 14:36 - 025254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-16 10:40 - 2018-05-03 14:31 - 006092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-16 10:40 - 2018-05-03 14:26 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-05-16 10:40 - 2018-05-03 14:25 - 020290248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-16 10:40 - 2018-05-03 14:19 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-16 10:40 - 2018-05-03 14:19 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-05-16 10:40 - 2018-05-03 14:18 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-05-16 10:40 - 2018-05-03 14:18 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-05-16 10:40 - 2018-05-03 14:17 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-05-16 10:40 - 2018-05-03 14:16 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-16 10:40 - 2018-05-03 14:16 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-16 10:40 - 2018-05-03 14:16 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-16 10:40 - 2018-05-03 14:12 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-16 10:40 - 2018-05-03 14:12 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-05-16 10:40 - 2018-05-03 14:11 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-16 10:40 - 2018-05-03 14:09 - 008068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-16 10:40 - 2018-05-03 14:09 - 004723712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-16 10:40 - 2018-05-03 14:09 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-16 10:40 - 2018-05-03 14:09 - 002784256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-16 10:40 - 2018-05-03 14:09 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-16 10:40 - 2018-05-03 14:09 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-16 10:40 - 2018-05-03 14:08 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-16 10:40 - 2018-05-03 13:58 - 006467072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-05-16 10:40 - 2018-05-03 13:53 - 006060544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-16 10:40 - 2018-05-03 13:51 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-16 10:40 - 2018-04-16 06:07 - 001463344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-05-16 10:40 - 2018-04-16 05:50 - 001925760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-05-16 10:40 - 2018-04-16 05:48 - 005859248 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-05-16 10:40 - 2018-04-16 05:38 - 000979360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-05-16 10:40 - 2018-04-16 05:32 - 003904296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-05-16 10:40 - 2018-04-16 05:30 - 002268024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-05-16 10:40 - 2018-04-16 05:29 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-05-16 10:40 - 2018-04-16 05:26 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-16 10:40 - 2018-04-16 05:26 - 002711176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-05-16 10:40 - 2018-04-16 05:26 - 001506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-05-16 10:40 - 2018-04-16 04:47 - 001490856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-05-16 10:40 - 2018-04-16 04:47 - 001323336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-05-16 10:40 - 2018-04-16 04:38 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-05-16 10:40 - 2018-04-16 04:37 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-05-16 10:40 - 2018-04-16 04:34 - 006482664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-16 10:40 - 2018-04-16 04:34 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-05-16 10:40 - 2018-04-16 04:34 - 001017048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-05-16 10:40 - 2018-04-16 04:16 - 000098304 _____ C:\WINDOWS\system32\runexehelper.exe
2018-05-16 10:40 - 2018-04-16 04:14 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-05-16 10:40 - 2018-04-16 04:10 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-16 10:40 - 2018-04-16 04:10 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-05-16 10:40 - 2018-04-16 04:07 - 012689920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-16 10:40 - 2018-04-16 04:07 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-16 10:40 - 2018-04-16 04:07 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-05-16 10:40 - 2018-04-16 04:07 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-05-16 10:40 - 2018-04-16 04:06 - 013660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-16 10:40 - 2018-04-16 04:06 - 011924480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-16 10:40 - 2018-04-16 04:06 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-05-16 10:40 - 2018-04-16 04:05 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-05-16 10:40 - 2018-04-16 04:04 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-16 10:40 - 2018-04-16 04:04 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-16 10:40 - 2018-04-16 04:04 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-16 10:40 - 2018-04-16 04:04 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-05-16 10:40 - 2018-04-16 04:04 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-05-16 10:40 - 2018-04-16 04:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-05-16 10:40 - 2018-04-16 04:03 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-05-16 10:40 - 2018-04-16 04:03 - 004248064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-05-16 10:40 - 2018-04-16 04:03 - 003177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-16 10:40 - 2018-04-16 04:03 - 002976256 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-05-16 10:40 - 2018-04-16 04:03 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-16 10:40 - 2018-04-16 04:02 - 004814336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-05-16 10:40 - 2018-04-16 04:02 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-05-16 10:40 - 2018-04-16 04:02 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-05-16 10:40 - 2018-04-16 04:01 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-05-16 10:40 - 2018-04-16 04:00 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-05-16 10:40 - 2018-03-30 13:03 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-05-16 10:40 - 2018-03-30 13:03 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-05-16 10:40 - 2018-03-30 13:01 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-05-16 10:40 - 2018-03-30 12:59 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-05-16 10:40 - 2018-03-30 12:53 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-16 10:40 - 2018-03-30 12:52 - 000428960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-05-16 10:40 - 2018-03-30 12:51 - 000902928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-05-16 10:40 - 2018-03-30 12:51 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-05-16 10:40 - 2018-03-30 11:36 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-16 10:40 - 2018-03-30 11:35 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-05-16 10:40 - 2018-03-30 11:32 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-05-16 10:40 - 2018-03-30 11:30 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-05-16 10:40 - 2018-03-30 11:28 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-05-16 10:40 - 2018-03-30 11:27 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-05-16 10:40 - 2018-03-30 11:25 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-05-16 10:40 - 2018-03-30 11:25 - 001055744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-16 10:40 - 2018-03-30 11:25 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-05-16 10:40 - 2018-03-30 11:24 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-05-16 10:40 - 2018-03-13 15:03 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-05-16 10:40 - 2018-03-13 13:35 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-05-16 10:40 - 2018-03-13 13:33 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-05-16 10:40 - 2018-03-13 13:33 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-05-16 10:40 - 2018-03-13 13:29 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-05-16 10:40 - 2018-03-13 13:15 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-05-16 10:40 - 2018-03-13 12:37 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-05-16 10:40 - 2018-03-02 11:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-16 10:40 - 2018-03-01 15:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-05-16 10:40 - 2018-03-01 15:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-05-16 10:40 - 2018-03-01 15:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-05-16 10:40 - 2018-03-01 14:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-05-16 10:40 - 2018-03-01 13:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-05-16 10:40 - 2018-03-01 13:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-05-16 10:40 - 2018-03-01 13:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-05-16 10:40 - 2018-03-01 13:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-05-16 10:40 - 2018-02-22 08:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-05-16 10:40 - 2018-02-10 14:14 - 004504464 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-05-16 10:40 - 2018-02-10 14:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-05-16 10:40 - 2018-02-10 14:08 - 003010248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-05-16 10:40 - 2018-02-10 14:07 - 004506576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-05-16 10:40 - 2018-02-10 14:06 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-05-16 10:40 - 2018-02-10 14:04 - 006791984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-05-16 10:40 - 2018-02-10 14:04 - 001426672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-05-16 10:40 - 2018-02-10 14:04 - 001254144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-05-16 10:40 - 2018-02-10 14:04 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-05-16 10:40 - 2018-02-10 14:04 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-05-16 10:40 - 2018-02-10 14:04 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-05-16 10:40 - 2018-02-10 14:03 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-05-16 10:40 - 2018-02-10 13:06 - 006014688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-05-16 10:40 - 2018-02-10 13:06 - 004670728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-05-16 10:40 - 2018-02-10 13:06 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-05-16 10:40 - 2018-02-10 13:05 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-05-16 10:40 - 2018-02-10 13:05 - 001149272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-05-16 10:40 - 2018-02-10 12:50 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-05-16 10:40 - 2018-02-10 12:49 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-05-16 10:40 - 2018-02-10 12:45 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-05-16 10:40 - 2018-02-10 12:43 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-05-16 10:40 - 2018-02-10 12:39 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-05-16 10:40 - 2018-02-10 12:38 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-05-16 10:40 - 2018-02-10 12:37 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-05-16 10:40 - 2018-02-10 12:36 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2018-05-16 10:40 - 2018-02-10 12:36 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-05-16 10:40 - 2018-01-01 20:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-05-16 10:40 - 2018-01-01 20:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-05-16 10:39 - 2018-05-03 15:54 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-05-16 10:39 - 2018-05-03 15:53 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-05-16 10:39 - 2018-05-03 15:52 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-05-16 10:39 - 2018-05-03 15:52 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-05-16 10:39 - 2018-05-03 15:50 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-05-16 10:39 - 2018-05-03 15:45 - 000711936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-05-16 10:39 - 2018-05-03 15:37 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-05-16 10:39 - 2018-05-03 15:35 - 002472864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-05-16 10:39 - 2018-05-03 14:07 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-16 10:39 - 2018-05-03 13:57 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-16 10:39 - 2018-05-03 13:51 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-16 10:39 - 2018-04-16 06:04 - 000779952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-05-16 10:39 - 2018-04-16 05:48 - 001638424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-16 10:39 - 2018-04-16 04:47 - 001433360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-16 10:39 - 2018-04-16 04:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-05-16 10:39 - 2018-04-16 04:14 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-05-16 10:39 - 2018-04-16 04:07 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-16 10:39 - 2018-04-16 04:07 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-16 10:39 - 2018-04-16 04:04 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-05-16 10:39 - 2018-04-16 04:03 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-05-16 10:39 - 2018-04-16 04:00 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-05-16 10:39 - 2018-03-30 20:34 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-16 10:39 - 2018-03-30 12:52 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-16 10:39 - 2018-03-30 11:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-05-16 10:39 - 2018-03-30 11:21 - 002511360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-05-16 10:39 - 2018-03-30 11:21 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-05-16 10:39 - 2018-03-29 03:54 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-05-16 10:39 - 2018-03-13 13:34 - 008727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-05-16 10:39 - 2018-03-13 13:30 - 007145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-05-16 10:39 - 2018-03-01 15:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-05-16 10:39 - 2018-03-01 14:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-05-16 10:39 - 2018-03-01 13:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-05-16 10:39 - 2018-03-01 13:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-16 10:39 - 2018-03-01 13:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-16 10:39 - 2018-02-10 14:16 - 002406456 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-05-16 10:39 - 2018-02-10 14:14 - 001002592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-05-16 10:39 - 2018-02-10 14:09 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-05-16 10:39 - 2018-02-10 14:07 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-05-16 10:39 - 2018-02-10 14:03 - 001619808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-05-16 10:39 - 2018-02-10 13:15 - 001145624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-05-16 10:39 - 2018-02-10 13:09 - 002338776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-05-16 10:39 - 2018-02-10 13:08 - 000592792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-05-16 10:39 - 2018-02-10 12:42 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-05-16 10:39 - 2018-02-10 12:33 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-05-16 10:39 - 2018-02-09 11:35 - 004959688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2018-05-16 10:38 - 2018-05-03 15:54 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-05-16 10:38 - 2018-05-03 15:52 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-16 10:38 - 2018-05-03 15:47 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-16 10:38 - 2018-05-03 14:09 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-16 10:38 - 2018-05-03 14:09 - 001344000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-05-16 10:38 - 2018-04-16 05:38 - 003180720 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-05-16 10:38 - 2018-04-16 04:36 - 002386832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-05-16 10:38 - 2018-04-16 04:13 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-05-16 10:38 - 2018-04-16 04:08 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-16 10:38 - 2018-04-16 04:05 - 004113408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-05-16 10:38 - 2018-04-16 04:04 - 001236480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-05-16 10:38 - 2018-04-16 04:03 - 002741248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-05-16 10:38 - 2018-04-16 04:02 - 001669120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2018-05-16 10:38 - 2018-04-16 04:00 - 002223616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-05-16 10:38 - 2018-03-30 13:03 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-05-16 10:38 - 2018-03-30 12:58 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-16 10:38 - 2018-03-30 11:35 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-05-16 10:38 - 2018-03-30 11:35 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-05-16 10:38 - 2018-03-30 11:27 - 001002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-05-16 10:38 - 2018-03-30 11:26 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-05-16 10:38 - 2018-03-30 11:26 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-05-16 10:38 - 2018-03-13 13:33 - 001574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2018-05-16 10:38 - 2018-03-13 13:30 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-05-16 10:38 - 2018-03-13 13:28 - 003160576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-05-16 10:38 - 2018-03-13 12:40 - 006118400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-05-16 10:38 - 2018-03-01 13:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-05-16 10:38 - 2018-03-01 13:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-05-16 10:38 - 2018-02-10 14:10 - 000614160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-05-16 10:38 - 2018-02-10 14:07 - 000436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-05-16 10:38 - 2018-02-10 14:06 - 004486904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-05-16 10:38 - 2018-02-10 14:06 - 000594048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-05-16 10:38 - 2018-02-10 14:03 - 000722616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-05-16 10:38 - 2018-02-10 13:17 - 002255112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-05-16 10:38 - 2018-02-10 13:09 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-05-16 10:38 - 2018-02-10 13:07 - 000527864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2018-05-16 10:38 - 2018-02-10 12:41 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-05-16 10:38 - 2018-02-10 12:40 - 004498432 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-16 10:38 - 2018-02-10 12:40 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-05-16 10:38 - 2018-02-10 12:35 - 000943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-05-16 10:38 - 2018-02-10 12:35 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-05-16 10:38 - 2018-02-10 12:34 - 002983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2018-05-16 10:38 - 2018-02-02 11:36 - 003903944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2018-05-16 10:38 - 2018-01-01 19:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-05-16 10:38 - 2018-01-01 19:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-05-16 10:37 - 2018-05-03 15:53 - 000461216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-16 10:37 - 2018-05-03 15:50 - 000423328 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-05-16 10:37 - 2018-05-03 15:50 - 000069536 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-05-16 10:37 - 2018-05-03 15:48 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-05-16 10:37 - 2018-05-03 15:36 - 000247200 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-05-16 10:37 - 2018-05-03 14:39 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-05-16 10:37 - 2018-05-03 14:09 - 008432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-16 10:37 - 2018-05-03 13:56 - 002677248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-16 10:37 - 2018-05-03 13:53 - 007813120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-16 10:37 - 2018-04-16 05:51 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-05-16 10:37 - 2018-04-16 05:32 - 001416392 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-05-16 10:37 - 2018-04-16 04:16 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-05-16 10:37 - 2018-04-16 04:14 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-05-16 10:37 - 2018-04-16 04:14 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-05-16 10:37 - 2018-04-16 04:09 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-05-16 10:37 - 2018-04-16 04:08 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-16 10:37 - 2018-04-16 04:03 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-05-16 10:37 - 2018-04-16 04:03 - 000920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-05-16 10:37 - 2018-03-30 13:05 - 000015632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll
2018-05-16 10:37 - 2018-03-30 12:57 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-16 10:37 - 2018-03-30 12:52 - 000727456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-05-16 10:37 - 2018-03-30 12:50 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-05-16 10:37 - 2018-03-30 11:28 - 000984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-05-16 10:37 - 2018-03-30 11:28 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-05-16 10:37 - 2018-03-30 11:28 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-16 10:37 - 2018-03-30 11:27 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-05-16 10:37 - 2018-03-30 11:26 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-05-16 10:37 - 2018-03-30 11:26 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-05-16 10:37 - 2018-03-30 11:25 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-05-16 10:37 - 2018-03-30 11:23 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-16 10:37 - 2018-03-13 13:28 - 001967104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-05-16 10:37 - 2018-03-13 13:28 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-16 10:37 - 2018-03-13 13:27 - 003125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-05-16 10:37 - 2018-03-13 13:25 - 001346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-05-16 10:37 - 2018-03-13 13:23 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-05-16 10:37 - 2018-03-13 12:31 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-16 10:37 - 2018-03-01 15:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-05-16 10:37 - 2018-02-10 14:19 - 001133888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-05-16 10:37 - 2018-02-10 14:06 - 000824896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2018-05-16 10:37 - 2018-02-10 13:18 - 001384288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-05-16 10:37 - 2018-02-10 13:08 - 003980720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-05-16 10:37 - 2018-02-10 12:45 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-05-16 10:37 - 2018-02-10 12:40 - 001234432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvc.dll
2018-05-16 10:37 - 2018-02-10 12:38 - 002184192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-05-16 10:37 - 2018-02-10 12:36 - 001759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-05-16 10:37 - 2018-02-10 12:33 - 001936384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2018-05-16 10:37 - 2018-02-09 11:35 - 001234888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2018-05-16 10:37 - 2018-01-01 19:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-05-16 10:37 - 2017-11-26 21:32 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-05-16 10:37 - 2017-11-26 19:12 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-05-16 10:36 - 2018-05-03 15:41 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-05-16 10:36 - 2018-05-03 14:09 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-16 10:36 - 2018-05-03 14:05 - 001717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-16 10:36 - 2018-04-16 05:49 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-05-16 10:36 - 2018-04-16 05:25 - 001430768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-05-16 10:36 - 2018-04-16 05:23 - 001101208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-05-16 10:36 - 2018-04-16 04:47 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-05-16 10:36 - 2018-04-16 04:38 - 001123464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-05-16 10:36 - 2018-04-16 04:15 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-05-16 10:36 - 2018-04-16 04:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-05-16 10:36 - 2018-04-16 04:12 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-05-16 10:36 - 2018-04-16 04:08 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.Schema.Shell.dll
2018-05-16 10:36 - 2018-04-16 04:07 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-05-16 10:36 - 2018-04-16 04:06 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-05-16 10:36 - 2018-04-16 04:04 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2018-05-16 10:36 - 2018-04-16 04:04 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2018-05-16 10:36 - 2018-03-30 12:53 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-05-16 10:36 - 2018-03-30 11:35 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-05-16 10:36 - 2018-03-30 11:31 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-05-16 10:36 - 2018-03-30 11:28 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-05-16 10:36 - 2018-03-30 11:27 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-05-16 10:36 - 2018-03-30 11:26 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-05-16 10:36 - 2018-03-13 14:55 - 001778360 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-05-16 10:36 - 2018-03-13 13:33 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-05-16 10:36 - 2018-03-13 13:30 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-05-16 10:36 - 2018-03-13 13:28 - 001157632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-05-16 10:36 - 2018-03-13 13:28 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-05-16 10:36 - 2018-03-13 13:08 - 001555784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-05-16 10:36 - 2018-03-13 12:32 - 002577408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-05-16 10:36 - 2018-03-01 13:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-16 10:36 - 2018-03-01 13:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-05-16 10:36 - 2018-02-22 08:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-05-16 10:36 - 2018-02-22 08:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-05-16 10:36 - 2018-02-10 14:08 - 000687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-05-16 10:36 - 2018-02-10 13:09 - 000559976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-05-16 10:36 - 2018-02-10 12:40 - 000930816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-05-16 10:36 - 2018-02-10 12:37 - 003419136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-16 10:36 - 2018-02-10 10:59 - 000804240 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-05-16 10:36 - 2018-02-10 10:59 - 000804240 _____ C:\WINDOWS\system32\locale.nls
2018-05-16 10:36 - 2018-01-01 19:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-05-16 10:35 - 2018-05-03 15:56 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-05-16 10:35 - 2018-05-03 15:56 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-05-16 10:35 - 2018-05-03 15:48 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-05-16 10:35 - 2018-05-03 15:48 - 000793960 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-16 10:35 - 2018-05-03 15:35 - 000358496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-05-16 10:35 - 2018-05-03 14:43 - 000594056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-16 10:35 - 2018-05-03 14:29 - 000285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-05-16 10:35 - 2018-05-03 14:19 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-16 10:35 - 2018-05-03 14:14 - 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-05-16 10:35 - 2018-05-03 13:48 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-16 10:35 - 2018-04-16 05:49 - 000563632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-05-16 10:35 - 2018-04-16 05:33 - 001269616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-05-16 10:35 - 2018-04-16 05:29 - 001873944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2018-05-16 10:35 - 2018-04-16 05:28 - 000688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-16 10:35 - 2018-04-16 04:47 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-05-16 10:35 - 2018-04-16 04:36 - 001575896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2018-05-16 10:35 - 2018-04-16 04:36 - 000832648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-05-16 10:35 - 2018-04-16 04:11 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-05-16 10:35 - 2018-04-16 04:10 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-05-16 10:35 - 2018-04-16 04:08 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2018-05-16 10:35 - 2018-04-16 04:07 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-05-16 10:35 - 2018-04-16 04:07 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2018-05-16 10:35 - 2018-04-16 04:05 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-05-16 10:35 - 2018-04-16 04:04 - 000997376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-05-16 10:35 - 2018-04-16 04:04 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-05-16 10:35 - 2018-04-16 04:04 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-05-16 10:35 - 2018-04-16 04:03 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-05-16 10:35 - 2018-04-16 04:03 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-05-16 10:35 - 2018-04-16 04:03 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2018-05-16 10:35 - 2018-04-16 04:03 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-05-16 10:35 - 2018-04-16 04:00 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2018-05-16 10:35 - 2018-04-16 04:00 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2018-05-16 10:35 - 2018-03-30 13:03 - 000508272 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-05-16 10:35 - 2018-03-30 13:03 - 000479920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-05-16 10:35 - 2018-03-30 13:01 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-05-16 10:35 - 2018-03-30 12:54 - 000461728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-05-16 10:35 - 2018-03-30 12:52 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-05-16 10:35 - 2018-03-30 12:48 - 000614304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-05-16 10:35 - 2018-03-30 11:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-16 10:35 - 2018-03-30 11:30 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-05-16 10:35 - 2018-03-30 11:30 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-05-16 10:35 - 2018-03-30 11:29 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-05-16 10:35 - 2018-03-30 11:29 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-05-16 10:35 - 2018-03-30 11:28 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-05-16 10:35 - 2018-03-30 11:25 - 002083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-05-16 10:35 - 2018-03-13 14:53 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2018-05-16 10:35 - 2018-03-13 14:51 - 002773408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-05-16 10:35 - 2018-03-13 13:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-05-16 10:35 - 2018-03-13 13:31 - 001263104 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-05-16 10:35 - 2018-03-13 13:31 - 001173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-05-16 10:35 - 2018-03-13 13:30 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2018-05-16 10:35 - 2018-03-13 13:22 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-05-16 10:35 - 2018-03-13 12:37 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2018-05-16 10:35 - 2018-03-13 12:35 - 006204416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-05-16 10:35 - 2018-03-13 12:31 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-05-16 10:35 - 2018-03-13 12:30 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-05-16 10:35 - 2018-03-02 11:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-05-16 10:35 - 2018-03-01 15:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-05-16 10:35 - 2018-03-01 15:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-05-16 10:35 - 2018-03-01 14:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-05-16 10:35 - 2018-03-01 13:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-05-16 10:35 - 2018-03-01 13:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-05-16 10:35 - 2018-03-01 13:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-05-16 10:35 - 2018-03-01 13:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-05-16 10:35 - 2018-02-10 14:18 - 001193192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-05-16 10:35 - 2018-02-10 14:12 - 004537040 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2018-05-16 10:35 - 2018-02-10 14:12 - 001313016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-05-16 10:35 - 2018-02-10 14:11 - 001029528 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-05-16 10:35 - 2018-02-10 14:09 - 000491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-05-16 10:35 - 2018-02-10 14:08 - 000096200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbrand.dll
2018-05-16 10:35 - 2018-02-10 14:04 - 000339872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-05-16 10:35 - 2018-02-10 14:02 - 000628632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-05-16 10:35 - 2018-02-10 13:12 - 004382032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2018-05-16 10:35 - 2018-02-10 13:11 - 001250528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2018-05-16 10:35 - 2018-02-10 13:05 - 000551672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-05-16 10:35 - 2018-02-10 12:46 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-05-16 10:35 - 2018-02-10 12:44 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2018-05-16 10:35 - 2018-02-10 12:42 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-05-16 10:35 - 2018-02-10 12:42 - 000975872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-05-16 10:35 - 2018-02-10 12:42 - 000950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2018-05-16 10:35 - 2018-02-10 12:42 - 000634880 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2018-05-16 10:35 - 2018-02-10 12:40 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2018-05-16 10:35 - 2018-02-10 12:38 - 006722560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2018-05-16 10:35 - 2018-02-10 12:35 - 000941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-05-16 10:35 - 2018-02-10 12:32 - 002427904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2018-05-16 10:35 - 2018-02-10 12:31 - 001488896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2018-05-16 10:35 - 2018-02-09 11:35 - 001002952 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2018-05-16 10:35 - 2018-02-02 11:36 - 000921032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2018-05-16 10:35 - 2018-01-01 19:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-05-16 10:35 - 2018-01-01 19:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-05-16 10:35 - 2018-01-01 19:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-05-16 10:34 - 2018-05-03 15:57 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-16 10:34 - 2018-05-03 15:43 - 000702568 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2018-05-16 10:34 - 2018-05-03 14:44 - 000595448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2018-05-16 10:34 - 2018-05-03 14:16 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2018-05-16 10:34 - 2018-05-03 14:15 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-16 10:34 - 2018-05-03 14:13 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-05-16 10:34 - 2018-05-03 14:12 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-16 10:34 - 2018-05-03 14:05 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-05-16 10:34 - 2018-05-03 13:57 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-16 10:34 - 2018-05-03 13:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-16 10:34 - 2018-04-16 05:25 - 000661920 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2018-05-16 10:34 - 2018-04-16 04:36 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-16 10:34 - 2018-04-16 04:11 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-05-16 10:34 - 2018-04-16 04:10 - 001576960 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-05-16 10:34 - 2018-04-16 04:10 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-05-16 10:34 - 2018-04-16 04:08 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-05-16 10:34 - 2018-04-16 04:07 - 000792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-05-16 10:34 - 2018-04-16 04:06 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-05-16 10:34 - 2018-04-16 04:05 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-05-16 10:34 - 2018-04-16 04:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-05-16 10:34 - 2018-04-16 04:03 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-05-16 10:34 - 2018-04-16 04:03 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-05-16 10:34 - 2018-04-16 04:01 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2018-05-16 10:34 - 2018-04-16 04:01 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-05-16 10:34 - 2018-04-16 04:01 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2018-05-16 10:34 - 2018-03-30 13:05 - 000191824 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-05-16 10:34 - 2018-03-30 12:53 - 000163744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-05-16 10:34 - 2018-03-30 12:27 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-05-16 10:34 - 2018-03-30 12:23 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-16 10:34 - 2018-03-30 12:07 - 001003160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-05-16 10:34 - 2018-03-30 12:04 - 000417368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp110_win.dll
2018-05-16 10:34 - 2018-03-30 11:46 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-05-16 10:34 - 2018-03-30 11:32 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-05-16 10:34 - 2018-03-30 11:32 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-05-16 10:34 - 2018-03-30 11:31 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-05-16 10:34 - 2018-03-30 11:29 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-05-16 10:34 - 2018-03-30 11:29 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-05-16 10:34 - 2018-03-30 11:29 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-05-16 10:34 - 2018-03-30 11:29 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-05-16 10:34 - 2018-03-30 11:28 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-05-16 10:34 - 2018-03-30 11:27 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-16 10:34 - 2018-03-30 11:20 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2018-05-16 10:34 - 2018-03-30 11:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2018-05-16 10:34 - 2018-03-30 11:20 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2018-05-16 10:34 - 2018-03-13 14:54 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-05-16 10:34 - 2018-03-13 13:36 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2018-05-16 10:34 - 2018-03-13 13:33 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-05-16 10:34 - 2018-03-13 13:32 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2018-05-16 10:34 - 2018-03-13 13:30 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-05-16 10:34 - 2018-03-13 13:27 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-05-16 10:34 - 2018-03-13 12:37 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2018-05-16 10:34 - 2018-03-13 12:34 - 002409984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-05-16 10:34 - 2018-03-13 12:33 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-05-16 10:34 - 2018-03-01 15:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-05-16 10:34 - 2018-03-01 15:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-05-16 10:34 - 2018-03-01 14:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-05-16 10:34 - 2018-03-01 13:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-05-16 10:34 - 2018-03-01 13:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-05-16 10:34 - 2018-02-22 09:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-05-16 10:34 - 2018-02-22 09:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-05-16 10:34 - 2018-02-10 14:08 - 000398824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-05-16 10:34 - 2018-02-10 14:03 - 000706600 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-05-16 10:34 - 2018-02-10 13:17 - 000542856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-05-16 10:34 - 2018-02-10 13:10 - 000422592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-05-16 10:34 - 2018-02-10 13:05 - 000654456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-05-16 10:34 - 2018-02-10 13:03 - 000505160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2018-05-16 10:34 - 2018-02-10 12:50 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-05-16 10:34 - 2018-02-10 12:49 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-05-16 10:34 - 2018-02-10 12:49 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-05-16 10:34 - 2018-02-10 12:44 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2018-05-16 10:34 - 2018-02-10 12:44 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-05-16 10:34 - 2018-02-10 12:42 - 001113600 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2018-05-16 10:34 - 2018-02-10 12:42 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2018-05-16 10:34 - 2018-02-10 12:41 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-05-16 10:34 - 2018-02-10 12:40 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-05-16 10:34 - 2018-02-10 12:39 - 005500928 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-05-16 10:34 - 2018-02-10 12:38 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2018-05-16 10:34 - 2018-02-10 12:37 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-05-16 10:34 - 2018-02-10 12:37 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2018-05-16 10:34 - 2018-02-10 12:35 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2018-05-16 10:34 - 2018-02-02 11:36 - 000854976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2018-05-16 10:34 - 2018-01-01 19:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-05-16 10:34 - 2018-01-01 19:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-05-16 10:33 - 2018-05-03 15:49 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-05-16 10:33 - 2018-05-03 15:48 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-16 10:33 - 2018-05-03 15:37 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-05-16 10:33 - 2018-05-03 15:34 - 000070864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-05-16 10:33 - 2018-05-03 14:28 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-05-16 10:33 - 2018-05-03 14:16 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-16 10:33 - 2018-05-03 14:13 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-05-16 10:33 - 2018-05-03 14:08 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-16 10:33 - 2018-05-03 14:06 - 003630080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-05-16 10:33 - 2018-05-03 14:05 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-05-16 10:33 - 2018-05-03 13:57 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadauthhelper.dll
2018-05-16 10:33 - 2018-05-03 13:49 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-05-16 10:33 - 2018-05-03 13:48 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-05-16 10:33 - 2018-04-16 06:03 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-05-16 10:33 - 2018-04-16 05:57 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-05-16 10:33 - 2018-04-16 05:29 - 000198440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2018-05-16 10:33 - 2018-04-16 05:25 - 000327008 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2018-05-16 10:33 - 2018-04-16 05:25 - 000092032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2018-05-16 10:33 - 2018-04-16 05:24 - 000063656 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2018-05-16 10:33 - 2018-04-16 04:38 - 000444280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-05-16 10:33 - 2018-04-16 04:34 - 000572312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2018-05-16 10:33 - 2018-04-16 04:34 - 000279472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2018-05-16 10:33 - 2018-04-16 04:34 - 000166408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2018-05-16 10:33 - 2018-04-16 04:34 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2018-05-16 10:33 - 2018-04-16 04:34 - 000052248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2018-05-16 10:33 - 2018-04-16 04:15 - 000674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll
2018-05-16 10:33 - 2018-04-16 04:14 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-05-16 10:33 - 2018-04-16 04:14 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-05-16 10:33 - 2018-04-16 04:14 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-05-16 10:33 - 2018-04-16 04:14 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-05-16 10:33 - 2018-04-16 04:11 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-05-16 10:33 - 2018-04-16 04:10 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-05-16 10:33 - 2018-04-16 04:10 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-05-16 10:33 - 2018-04-16 04:10 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-05-16 10:33 - 2018-04-16 04:10 - 000218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-05-16 10:33 - 2018-04-16 04:09 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-05-16 10:33 - 2018-04-16 04:08 - 000859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2018-05-16 10:33 - 2018-04-16 04:08 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2018-05-16 10:33 - 2018-04-16 04:08 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2018-05-16 10:33 - 2018-04-16 04:08 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2018-05-16 10:33 - 2018-04-16 04:08 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-05-16 10:33 - 2018-04-16 04:08 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2018-05-16 10:33 - 2018-04-16 04:08 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-05-16 10:33 - 2018-04-16 04:07 - 003367936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2018-05-16 10:33 - 2018-04-16 04:07 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-05-16 10:33 - 2018-04-16 04:07 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2018-05-16 10:33 - 2018-04-16 04:07 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-05-16 10:33 - 2018-04-16 04:06 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2018-05-16 10:33 - 2018-04-16 04:04 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-05-16 10:33 - 2018-04-16 04:04 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-05-16 10:33 - 2018-04-16 04:03 - 002413568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2018-05-16 10:33 - 2018-04-16 04:02 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-05-16 10:33 - 2018-03-30 13:12 - 000270208 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2018-05-16 10:33 - 2018-03-30 13:12 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-05-16 10:33 - 2018-03-30 13:06 - 000053152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcw.sys
2018-05-16 10:33 - 2018-03-30 13:05 - 000066720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-05-16 10:33 - 2018-03-30 13:05 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-05-16 10:33 - 2018-03-30 13:05 - 000035744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDFHost.dll
2018-05-16 10:33 - 2018-03-30 13:05 - 000022800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumbase.dll
2018-05-16 10:33 - 2018-03-30 13:05 - 000022208 _____ (Microsoft Corporation) C:\WINDOWS\system32\IumSdk.dll
2018-05-16 10:33 - 2018-03-30 13:03 - 000292384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-05-16 10:33 - 2018-03-30 13:03 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-05-16 10:33 - 2018-03-30 13:00 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2018-05-16 10:33 - 2018-03-30 13:00 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2018-05-16 10:33 - 2018-03-30 12:58 - 000039328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2018-05-16 10:33 - 2018-03-30 12:57 - 000121248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2018-05-16 10:33 - 2018-03-30 12:57 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-05-16 10:33 - 2018-03-30 12:57 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-05-16 10:33 - 2018-03-30 12:57 - 000031640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-05-16 10:33 - 2018-03-30 12:55 - 000367344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-05-16 10:33 - 2018-03-30 12:55 - 000062880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-05-16 10:33 - 2018-03-30 12:53 - 000094080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2018-05-16 10:33 - 2018-03-30 12:52 - 000282528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2018-05-16 10:33 - 2018-03-30 12:52 - 000247480 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2018-05-16 10:33 - 2018-03-30 12:52 - 000054688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vdrvroot.sys
2018-05-16 10:33 - 2018-03-30 12:52 - 000047512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2018-05-16 10:33 - 2018-03-30 12:52 - 000028520 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2018-05-16 10:33 - 2018-03-30 12:51 - 000125568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-05-16 10:33 - 2018-03-30 12:51 - 000123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2018-05-16 10:33 - 2018-03-30 12:51 - 000071208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-05-16 10:33 - 2018-03-30 12:50 - 000057760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-05-16 10:33 - 2018-03-30 12:49 - 000204184 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-05-16 10:33 - 2018-03-30 12:48 - 000586800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110_win.dll
2018-05-16 10:33 - 2018-03-30 12:28 - 000777912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-16 10:33 - 2018-03-30 12:18 - 000016600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshhyperv.dll
2018-05-16 10:33 - 2018-03-30 12:16 - 000289824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-05-16 10:33 - 2018-03-30 12:13 - 000450936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-05-16 10:33 - 2018-03-30 12:13 - 000073896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2018-05-16 10:33 - 2018-03-30 12:12 - 000186520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2018-05-16 10:33 - 2018-03-30 12:10 - 000099240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-05-16 10:33 - 2018-03-30 12:06 - 000180632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-05-16 10:33 - 2018-03-30 11:38 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-16 10:33 - 2018-03-30 11:38 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-16 10:33 - 2018-03-30 11:36 - 002014720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-05-16 10:33 - 2018-03-30 11:36 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-05-16 10:33 - 2018-03-30 11:33 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-05-16 10:33 - 2018-03-30 11:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-16 10:33 - 2018-03-30 11:32 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-05-16 10:33 - 2018-03-30 11:32 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-05-16 10:33 - 2018-03-30 11:30 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-05-16 10:33 - 2018-03-30 11:30 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-05-16 10:33 - 2018-03-30 11:29 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-05-16 10:33 - 2018-03-30 11:29 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-16 10:33 - 2018-03-30 11:27 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-05-16 10:33 - 2018-03-30 11:25 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-05-16 10:33 - 2018-03-30 11:23 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-05-16 10:33 - 2018-03-30 11:20 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2018-05-16 10:33 - 2018-03-13 14:59 - 000535968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-05-16 10:33 - 2018-03-13 14:58 - 000377760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-05-16 10:33 - 2018-03-13 14:58 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-16 10:33 - 2018-03-13 14:55 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-05-16 10:33 - 2018-03-13 14:53 - 000143264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2018-05-16 10:33 - 2018-03-13 14:53 - 000113568 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-05-16 10:33 - 2018-03-13 14:53 - 000091152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2018-05-16 10:33 - 2018-03-13 14:52 - 000172112 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2018-05-16 10:33 - 2018-03-13 14:50 - 000617312 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-05-16 10:33 - 2018-03-13 13:36 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-05-16 10:33 - 2018-03-13 13:35 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-05-16 10:33 - 2018-03-13 13:34 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-05-16 10:33 - 2018-03-13 13:34 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-05-16 10:33 - 2018-03-13 13:30 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-05-16 10:33 - 2018-03-13 13:28 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-05-16 10:33 - 2018-03-13 13:26 - 001737728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-05-16 10:33 - 2018-03-13 13:24 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-05-16 10:33 - 2018-03-13 13:23 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2018-05-16 10:33 - 2018-03-13 13:22 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2018-05-16 10:33 - 2018-03-13 13:07 - 000115104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-05-16 10:33 - 2018-03-13 13:06 - 000564640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2018-05-16 10:33 - 2018-03-13 13:04 - 000140592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2018-05-16 10:33 - 2018-03-13 12:40 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2018-05-16 10:33 - 2018-03-13 12:39 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-05-16 10:33 - 2018-03-13 12:39 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-05-16 10:33 - 2018-03-13 12:36 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-05-16 10:33 - 2018-03-13 12:30 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-05-16 10:33 - 2018-03-13 12:27 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2018-05-16 10:33 - 2018-03-13 12:26 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2018-05-16 10:33 - 2018-03-02 11:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-05-16 10:33 - 2018-03-01 15:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-05-16 10:33 - 2018-03-01 15:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-05-16 10:33 - 2018-03-01 14:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-05-16 10:33 - 2018-03-01 14:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-05-16 10:33 - 2018-03-01 13:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-05-16 10:33 - 2018-02-22 10:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-05-16 10:33 - 2018-02-22 09:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-05-16 10:33 - 2018-02-22 08:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-05-16 10:33 - 2018-02-22 08:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-05-16 10:33 - 2018-02-22 08:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-05-16 10:33 - 2018-02-10 14:18 - 000098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2018-05-16 10:33 - 2018-02-10 14:10 - 000154520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-05-16 10:33 - 2018-02-10 14:06 - 000100248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-05-16 10:33 - 2018-02-10 14:06 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-05-16 10:33 - 2018-02-10 14:05 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-05-16 10:33 - 2018-02-10 14:04 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-05-16 10:33 - 2018-02-10 14:04 - 000212880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-05-16 10:33 - 2018-02-10 14:03 - 000849304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-05-16 10:33 - 2018-02-10 14:03 - 000098712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2018-05-16 10:33 - 2018-02-10 13:07 - 000123808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2018-05-16 10:33 - 2018-02-10 13:07 - 000089504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2018-05-16 10:33 - 2018-02-10 13:07 - 000083216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbrand.dll
2018-05-16 10:33 - 2018-02-10 13:05 - 000718232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-05-16 10:33 - 2018-02-10 13:05 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-05-16 10:33 - 2018-02-10 13:05 - 000193248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2018-05-16 10:33 - 2018-02-10 13:05 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-05-16 10:33 - 2018-02-10 13:05 - 000079256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceReactivation.dll
2018-05-16 10:33 - 2018-02-10 13:05 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-05-16 10:33 - 2018-02-10 12:46 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2018-05-16 10:33 - 2018-02-10 12:44 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-05-16 10:33 - 2018-02-10 12:44 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-05-16 10:33 - 2018-02-10 12:44 - 000302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-05-16 10:33 - 2018-02-10 12:43 - 000580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-05-16 10:33 - 2018-02-10 12:43 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2018-05-16 10:33 - 2018-02-10 12:42 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2018-05-16 10:33 - 2018-02-10 12:41 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2018-05-16 10:33 - 2018-02-10 12:41 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2018-05-16 10:33 - 2018-02-10 12:40 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2018-05-16 10:33 - 2018-02-10 12:40 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2018-05-16 10:33 - 2018-02-10 12:40 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2018-05-16 10:33 - 2018-02-10 12:39 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-05-16 10:33 - 2018-02-10 12:39 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2018-05-16 10:33 - 2018-02-10 12:38 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2018-05-16 10:33 - 2018-02-10 12:38 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2018-05-16 10:33 - 2018-02-10 12:36 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcomapi.dll
2018-05-16 10:33 - 2018-02-10 12:35 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-05-16 10:33 - 2018-02-10 12:34 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2018-05-16 10:33 - 2018-02-10 12:34 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2018-05-16 10:33 - 2018-02-10 12:33 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2018-05-16 10:33 - 2018-02-10 12:33 - 000604672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-05-16 10:33 - 2018-02-10 12:33 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-05-16 10:33 - 2018-02-10 12:32 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2018-05-16 10:33 - 2018-02-10 12:31 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2018-05-16 10:33 - 2018-02-09 11:35 - 000892872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2018-05-16 10:33 - 2018-02-09 11:35 - 000065992 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2018-05-16 10:33 - 2018-02-02 11:36 - 000649672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2018-05-16 10:33 - 2018-02-02 11:36 - 000054720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2018-05-16 10:33 - 2018-01-01 19:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-05-16 10:33 - 2018-01-01 19:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-05-16 10:33 - 2018-01-01 19:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-05-16 10:32 - 2018-05-03 14:16 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-05-16 10:32 - 2018-05-03 14:16 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-16 10:32 - 2018-05-03 14:15 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2018-05-16 10:32 - 2018-05-03 14:04 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-05-16 10:32 - 2018-05-03 13:58 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-16 10:32 - 2018-05-03 13:57 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll
2018-05-16 10:32 - 2018-05-03 13:53 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-16 10:32 - 2018-05-03 13:50 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-16 10:32 - 2018-05-03 13:48 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2018-05-16 10:32 - 2018-05-03 13:47 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-05-16 10:32 - 2018-04-16 04:11 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2018-05-16 10:32 - 2018-04-16 04:11 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2018-05-16 10:32 - 2018-04-16 04:11 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2018-05-16 10:32 - 2018-04-16 04:11 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-05-16 10:32 - 2018-04-16 04:10 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-05-16 10:32 - 2018-04-16 04:10 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-05-16 10:32 - 2018-04-16 04:09 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2018-05-16 10:32 - 2018-04-16 04:08 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2018-05-16 10:32 - 2018-04-16 04:07 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-05-16 10:32 - 2018-04-16 04:07 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-05-16 10:32 - 2018-04-16 04:07 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2018-05-16 10:32 - 2018-04-16 04:07 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-05-16 10:32 - 2018-04-16 04:07 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-05-16 10:32 - 2018-04-16 04:07 - 000158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll
2018-05-16 10:32 - 2018-04-16 04:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2018-05-16 10:32 - 2018-04-16 04:06 - 000377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-05-16 10:32 - 2018-04-16 04:05 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2018-05-16 10:32 - 2018-04-16 04:05 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-05-16 10:32 - 2018-04-16 04:05 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-05-16 10:32 - 2018-04-16 04:04 - 002523136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2018-05-16 10:32 - 2018-04-16 04:04 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2018-05-16 10:32 - 2018-04-16 04:04 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-05-16 10:32 - 2018-04-16 04:04 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2018-05-16 10:32 - 2018-04-16 04:04 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2018-05-16 10:32 - 2018-04-16 04:03 - 003287040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncCenter.dll
2018-05-16 10:32 - 2018-04-16 04:03 - 002814976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-05-16 10:32 - 2018-04-16 04:03 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-05-16 10:32 - 2018-04-16 04:03 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2018-05-16 10:32 - 2018-04-16 04:03 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2018-05-16 10:32 - 2018-04-16 04:03 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2018-05-16 10:32 - 2018-04-16 04:00 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2018-05-16 10:32 - 2018-04-16 04:00 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2018-05-16 10:32 - 2018-04-16 04:00 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2018-05-16 10:32 - 2018-04-16 03:59 - 001332736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2018-05-16 10:32 - 2018-04-16 03:59 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-05-16 10:32 - 2018-04-16 03:58 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2018-05-16 10:32 - 2018-03-30 13:03 - 000139680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-05-16 10:32 - 2018-03-30 13:03 - 000022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-05-16 10:32 - 2018-03-30 13:01 - 000034208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys
2018-05-16 10:32 - 2018-03-30 12:56 - 000018680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll
2018-05-16 10:32 - 2018-03-30 11:44 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2018-05-16 10:32 - 2018-03-30 11:43 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-05-16 10:32 - 2018-03-30 11:43 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2018-05-16 10:32 - 2018-03-30 11:42 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-05-16 10:32 - 2018-03-30 11:41 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-05-16 10:32 - 2018-03-30 11:41 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-05-16 10:32 - 2018-03-30 11:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-05-16 10:32 - 2018-03-30 11:41 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-05-16 10:32 - 2018-03-30 11:40 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-16 10:32 - 2018-03-30 11:39 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-05-16 10:32 - 2018-03-30 11:38 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-05-16 10:32 - 2018-03-30 11:33 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-05-16 10:32 - 2018-03-30 11:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-05-16 10:32 - 2018-03-30 11:33 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapPeerProxy.dll
2018-05-16 10:32 - 2018-03-30 11:32 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2018-05-16 10:32 - 2018-03-30 11:32 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-05-16 10:32 - 2018-03-30 11:32 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-05-16 10:32 - 2018-03-30 11:32 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2018-05-16 10:32 - 2018-03-30 11:31 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2018-05-16 10:32 - 2018-03-30 11:30 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-05-16 10:32 - 2018-03-30 11:30 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-05-16 10:32 - 2018-03-30 11:30 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-05-16 10:32 - 2018-03-30 11:25 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2018-05-16 10:32 - 2018-03-30 11:23 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2018-05-16 10:32 - 2018-03-30 11:22 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-05-16 10:32 - 2018-03-30 11:20 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2018-05-16 10:32 - 2018-03-13 14:58 - 000441248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-05-16 10:32 - 2018-03-13 14:55 - 000417440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2018-05-16 10:32 - 2018-03-13 14:52 - 000127136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2018-05-16 10:32 - 2018-03-13 13:37 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2018-05-16 10:32 - 2018-03-13 13:35 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2018-05-16 10:32 - 2018-03-13 13:33 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2018-05-16 10:32 - 2018-03-13 13:32 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-05-16 10:32 - 2018-03-13 13:31 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2018-05-16 10:32 - 2018-03-13 13:24 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2018-05-16 10:32 - 2018-03-13 13:23 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2018-05-16 10:32 - 2018-03-13 13:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-05-16 10:32 - 2018-03-13 12:39 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2018-05-16 10:32 - 2018-03-13 12:38 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlgpclnt.dll
2018-05-16 10:32 - 2018-03-13 12:37 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2018-05-16 10:32 - 2018-03-13 12:34 - 000706048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-05-16 10:32 - 2018-03-13 12:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2018-05-16 10:32 - 2018-03-02 11:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-05-16 10:32 - 2018-03-02 11:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-05-16 10:32 - 2018-03-02 11:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-05-16 10:32 - 2018-03-02 04:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-05-16 10:32 - 2018-03-01 15:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-05-16 10:32 - 2018-03-01 13:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-05-16 10:32 - 2018-02-10 12:48 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-05-16 10:32 - 2018-02-10 12:47 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-16 10:32 - 2018-02-10 12:46 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2018-05-16 10:32 - 2018-02-10 12:46 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-05-16 10:32 - 2018-02-10 12:46 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2018-05-16 10:32 - 2018-02-10 12:46 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2018-05-16 10:32 - 2018-02-10 12:45 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2018-05-16 10:32 - 2018-02-10 12:45 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-05-16 10:32 - 2018-02-10 12:45 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-05-16 10:32 - 2018-02-10 12:44 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2018-05-16 10:32 - 2018-02-10 12:43 - 003756032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2018-05-16 10:32 - 2018-02-10 12:43 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2018-05-16 10:32 - 2018-02-10 12:43 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2018-05-16 10:32 - 2018-02-10 12:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCShellCommonProxyStub.dll
2018-05-16 10:32 - 2018-02-10 12:42 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-05-16 10:32 - 2018-02-10 12:42 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-05-16 10:32 - 2018-02-10 12:41 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-05-16 10:32 - 2018-02-10 12:41 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-05-16 10:32 - 2018-02-10 12:40 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-05-16 10:32 - 2018-02-10 12:40 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2018-05-16 10:32 - 2018-02-10 12:40 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2018-05-16 10:32 - 2018-02-10 12:40 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2018-05-16 10:32 - 2018-02-10 12:39 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2018-05-16 10:32 - 2018-02-10 12:39 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-05-16 10:32 - 2018-02-10 12:39 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2018-05-16 10:32 - 2018-02-10 12:38 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2018-05-16 10:32 - 2018-02-10 12:37 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\srchadmin.dll
2018-05-16 10:32 - 2018-02-10 12:36 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2018-05-16 10:32 - 2018-02-10 12:35 - 005388800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-05-16 10:32 - 2018-02-10 12:35 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2018-05-16 10:32 - 2018-02-10 12:33 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-05-16 10:32 - 2018-02-10 12:33 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-05-16 10:32 - 2018-02-10 12:33 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll
2018-05-16 10:32 - 2018-02-10 12:32 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2018-05-16 10:32 - 2018-01-01 20:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-05-16 10:32 - 2018-01-01 19:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-05-16 10:32 - 2018-01-01 19:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-05-16 10:32 - 2018-01-01 19:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-05-16 10:32 - 2018-01-01 19:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-05-16 10:32 - 2018-01-01 19:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-05-16 10:32 - 2018-01-01 19:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-05-16 10:32 - 2018-01-01 19:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-05-16 10:31 - 2018-05-03 14:18 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-16 10:31 - 2018-05-03 14:18 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-05-16 10:31 - 2018-05-03 14:16 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-05-16 10:31 - 2018-05-03 14:16 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-05-16 10:31 - 2018-05-03 14:15 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-05-16 10:31 - 2018-05-03 14:14 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-16 10:31 - 2018-05-03 14:14 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-05-16 10:31 - 2018-05-03 14:03 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-05-16 10:31 - 2018-05-03 14:02 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-05-16 10:31 - 2018-05-03 14:00 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-05-16 10:31 - 2018-05-03 13:56 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-05-16 10:31 - 2018-05-03 13:56 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-05-16 10:31 - 2018-05-03 13:55 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-16 10:31 - 2018-04-16 04:14 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-05-16 10:31 - 2018-04-16 04:14 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-05-16 10:31 - 2018-04-16 04:14 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-05-16 10:31 - 2018-04-16 04:13 - 000084992 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-05-16 10:31 - 2018-04-16 04:12 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2018-05-16 10:31 - 2018-04-16 04:10 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2018-05-16 10:31 - 2018-04-16 04:10 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2018-05-16 10:31 - 2018-04-16 04:09 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-05-16 10:31 - 2018-04-16 04:09 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-05-16 10:31 - 2018-04-16 04:09 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2018-05-16 10:31 - 2018-04-16 04:08 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2018-05-16 10:31 - 2018-04-16 04:07 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2018-05-16 10:31 - 2018-04-16 04:07 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-05-16 10:31 - 2018-04-16 04:07 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2018-05-16 10:31 - 2018-04-16 04:07 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2018-05-16 10:31 - 2018-04-16 04:06 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2018-05-16 10:31 - 2018-04-16 04:06 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2018-05-16 10:31 - 2018-04-16 04:04 - 002490880 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2018-05-16 10:31 - 2018-04-16 04:03 - 002462208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2018-05-16 10:31 - 2018-04-16 04:01 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-05-16 10:31 - 2018-04-16 04:01 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2018-05-16 10:31 - 2018-04-16 04:00 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-05-16 10:31 - 2018-04-16 04:00 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-05-16 10:31 - 2018-04-16 04:00 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-05-16 10:31 - 2018-04-16 03:58 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2018-05-16 10:31 - 2018-03-30 11:45 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-05-16 10:31 - 2018-03-30 11:44 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2018-05-16 10:31 - 2018-03-30 11:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-16 10:31 - 2018-03-30 11:43 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2018-05-16 10:31 - 2018-03-30 11:43 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2018-05-16 10:31 - 2018-03-30 11:43 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2018-05-16 10:31 - 2018-03-30 11:43 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2018-05-16 10:31 - 2018-03-30 11:43 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2018-05-16 10:31 - 2018-03-30 11:43 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2018-05-16 10:31 - 2018-03-30 11:43 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2018-05-16 10:31 - 2018-03-30 11:43 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2018-05-16 10:31 - 2018-03-30 11:43 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-05-16 10:31 - 2018-03-30 11:43 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2018-05-16 10:31 - 2018-03-30 11:43 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2018-05-16 10:31 - 2018-03-30 11:43 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2018-05-16 10:31 - 2018-03-30 11:43 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2018-05-16 10:31 - 2018-03-30 11:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2018-05-16 10:31 - 2018-03-30 11:42 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2018-05-16 10:31 - 2018-03-30 11:42 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-05-16 10:31 - 2018-03-30 11:42 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2018-05-16 10:31 - 2018-03-30 11:42 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-05-16 10:31 - 2018-03-30 11:42 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2018-05-16 10:31 - 2018-03-30 11:42 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2018-05-16 10:31 - 2018-03-30 11:42 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2018-05-16 10:31 - 2018-03-30 11:41 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2018-05-16 10:31 - 2018-03-30 11:40 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2018-05-16 10:31 - 2018-03-30 11:40 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-05-16 10:31 - 2018-03-30 11:40 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2018-05-16 10:31 - 2018-03-30 11:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2018-05-16 10:31 - 2018-03-30 11:39 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-05-16 10:31 - 2018-03-30 11:38 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-05-16 10:31 - 2018-03-30 11:36 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-05-16 10:31 - 2018-03-30 11:35 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2018-05-16 10:31 - 2018-03-30 11:35 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-05-16 10:31 - 2018-03-30 11:35 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-05-16 10:31 - 2018-03-30 11:35 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-05-16 10:31 - 2018-03-30 11:35 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-05-16 10:31 - 2018-03-30 11:35 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-05-16 10:31 - 2018-03-30 11:34 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2018-05-16 10:31 - 2018-03-30 11:33 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2018-05-16 10:31 - 2018-03-30 11:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irda.sys
2018-05-16 10:31 - 2018-03-30 11:33 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2018-05-16 10:31 - 2018-03-30 11:33 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2018-05-16 10:31 - 2018-03-30 11:33 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2018-05-16 10:31 - 2018-03-30 11:33 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-05-16 10:31 - 2018-03-30 11:33 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2018-05-16 10:31 - 2018-03-30 11:33 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2018-05-16 10:31 - 2018-03-30 11:33 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-05-16 10:31 - 2018-03-30 11:33 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2018-05-16 10:31 - 2018-03-30 11:33 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapAuthProxy.dll
2018-05-16 10:31 - 2018-03-30 11:33 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HyperVideo.sys
2018-05-16 10:31 - 2018-03-30 11:33 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys
2018-05-16 10:31 - 2018-03-30 11:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2018-05-16 10:31 - 2018-03-30 11:33 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2018-05-16 10:31 - 2018-03-30 11:33 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-05-16 10:31 - 2018-03-30 11:33 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys
2018-05-16 10:31 - 2018-03-30 11:33 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys
2018-05-16 10:31 - 2018-03-30 11:33 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-05-16 10:31 - 2018-03-30 11:33 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys
2018-05-16 10:31 - 2018-03-30 11:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-16 10:31 - 2018-03-30 11:32 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2018-05-16 10:31 - 2018-03-30 11:32 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2018-05-16 10:31 - 2018-03-30 11:32 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2018-05-16 10:31 - 2018-03-30 11:32 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\efslsaext.dll
2018-05-16 10:31 - 2018-03-30 11:32 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2018-05-16 10:31 - 2018-03-30 11:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys
2018-05-16 10:31 - 2018-03-30 11:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lltdio.sys
2018-05-16 10:31 - 2018-03-30 11:32 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2018-05-16 10:31 - 2018-03-30 11:32 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2018-05-16 10:31 - 2018-03-30 11:32 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdPnp.dll
2018-05-16 10:31 - 2018-03-30 11:32 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2018-05-16 10:31 - 2018-03-30 11:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2018-05-16 10:31 - 2018-03-30 11:32 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-05-16 10:31 - 2018-03-30 11:32 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2018-05-16 10:31 - 2018-03-30 11:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2018-05-16 10:31 - 2018-03-30 11:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2018-05-16 10:31 - 2018-03-30 11:32 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2018-05-16 10:31 - 2018-03-30 11:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-05-16 10:31 - 2018-03-30 11:31 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2018-05-16 10:31 - 2018-03-30 11:31 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2018-05-16 10:31 - 2018-03-30 11:31 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2018-05-16 10:31 - 2018-03-30 11:31 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-05-16 10:31 - 2018-03-30 11:31 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-05-16 10:31 - 2018-03-30 11:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2018-05-16 10:31 - 2018-03-30 11:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-05-16 10:31 - 2018-03-30 11:31 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2018-05-16 10:31 - 2018-03-30 11:31 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-05-16 10:31 - 2018-03-30 11:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-05-16 10:31 - 2018-03-30 11:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2018-05-16 10:31 - 2018-03-30 11:30 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-05-16 10:31 - 2018-03-30 11:30 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2018-05-16 10:31 - 2018-03-30 11:30 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-05-16 10:31 - 2018-03-30 11:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2018-05-16 10:31 - 2018-03-30 11:30 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-05-16 10:31 - 2018-03-30 11:29 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2018-05-16 10:31 - 2018-03-30 11:29 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-05-16 10:31 - 2018-03-30 11:29 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2018-05-16 10:31 - 2018-03-30 11:29 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2018-05-16 10:31 - 2018-03-30 11:28 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-05-16 10:31 - 2018-03-30 11:28 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2018-05-16 10:31 - 2018-03-30 11:28 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2018-05-16 10:31 - 2018-03-30 11:27 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-05-16 10:31 - 2018-03-30 11:27 - 000889856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-05-16 10:31 - 2018-03-30 11:27 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-05-16 10:31 - 2018-03-30 11:27 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2018-05-16 10:31 - 2018-03-30 11:25 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2018-05-16 10:31 - 2018-03-30 11:25 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2018-05-16 10:31 - 2018-03-30 11:23 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2018-05-16 10:31 - 2018-03-30 11:23 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-05-16 10:31 - 2018-03-30 11:22 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2018-05-16 10:31 - 2018-03-30 11:22 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys
2018-05-16 10:31 - 2018-03-30 11:20 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2018-05-16 10:31 - 2018-03-30 11:20 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-05-16 10:31 - 2018-03-30 11:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2018-05-16 10:31 - 2018-03-30 11:20 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys
2018-05-16 10:31 - 2018-03-13 13:38 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2018-05-16 10:31 - 2018-03-13 13:38 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2018-05-16 10:31 - 2018-03-13 13:37 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2018-05-16 10:31 - 2018-03-13 13:37 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2018-05-16 10:31 - 2018-03-13 13:35 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-05-16 10:31 - 2018-03-13 13:35 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-05-16 10:31 - 2018-03-13 13:35 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-05-16 10:31 - 2018-03-13 13:35 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlgpclnt.dll
2018-05-16 10:31 - 2018-03-13 13:34 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2018-05-16 10:31 - 2018-03-13 13:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2018-05-16 10:31 - 2018-03-13 13:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2018-05-16 10:31 - 2018-03-13 13:32 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-05-16 10:31 - 2018-03-13 13:31 - 002849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-05-16 10:31 - 2018-03-13 13:31 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2018-05-16 10:31 - 2018-03-13 13:26 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-05-16 10:31 - 2018-03-13 13:25 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2018-05-16 10:31 - 2018-03-13 12:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-05-16 10:31 - 2018-03-13 12:39 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-05-16 10:31 - 2018-03-13 12:37 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2018-05-16 10:31 - 2018-03-13 12:37 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2018-05-16 10:31 - 2018-03-13 12:36 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-05-16 10:31 - 2018-03-13 12:32 - 001948672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-05-16 10:31 - 2018-03-13 12:31 - 001348608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-05-16 10:31 - 2018-03-01 13:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-05-16 10:31 - 2018-03-01 13:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-05-16 10:31 - 2018-02-10 12:48 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2018-05-16 10:31 - 2018-02-10 12:45 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll
2018-05-16 10:31 - 2018-02-10 12:45 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EnterpriseAppMgmtClient.dll
2018-05-16 10:31 - 2018-02-10 12:43 - 000247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsku.dll
2018-05-16 10:31 - 2018-02-10 12:43 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-05-16 10:31 - 2018-02-10 12:43 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2018-05-16 10:31 - 2018-02-10 12:42 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2018-05-16 10:31 - 2018-02-10 12:42 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2018-05-16 10:31 - 2018-02-10 12:42 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContent.dll
2018-05-16 10:31 - 2018-02-10 12:42 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2018-05-16 10:31 - 2018-02-10 12:42 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rshx32.dll
2018-05-16 10:31 - 2018-02-10 12:42 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
2018-05-16 10:31 - 2018-02-10 12:41 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2018-05-16 10:31 - 2018-02-10 12:41 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2018-05-16 10:31 - 2018-02-10 12:41 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2018-05-16 10:31 - 2018-02-10 12:40 - 000940544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-05-16 10:31 - 2018-02-10 12:40 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-05-16 10:31 - 2018-02-10 12:40 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2018-05-16 10:31 - 2018-02-10 12:40 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-05-16 10:31 - 2018-02-10 12:39 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysdm.cpl
2018-05-16 10:31 - 2018-02-10 12:39 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regsvr32.exe
2018-05-16 10:31 - 2018-02-10 12:38 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeHelper.dll
2018-05-16 10:31 - 2018-02-10 12:37 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2018-05-16 10:31 - 2018-02-10 12:35 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2018-05-16 10:31 - 2018-02-10 12:35 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srchadmin.dll
2018-05-16 10:31 - 2018-02-10 12:34 - 006532096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2018-05-16 10:31 - 2018-02-10 12:34 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2018-05-16 10:31 - 2018-02-10 12:33 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-05-16 10:31 - 2018-02-10 12:32 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.ProxyStub.dll
2018-05-16 10:31 - 2018-02-10 12:31 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcbase.dll
2018-05-16 10:31 - 2018-01-01 19:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-05-16 10:31 - 2018-01-01 19:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-05-16 10:31 - 2018-01-01 19:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-05-16 10:31 - 2018-01-01 19:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-05-16 10:31 - 2018-01-01 19:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-05-16 10:31 - 2018-01-01 19:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-05-16 10:31 - 2018-01-01 19:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-05-16 10:31 - 2018-01-01 19:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-05-16 10:30 - 2018-05-03 14:16 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-16 10:30 - 2018-05-03 14:03 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-05-16 10:30 - 2018-05-03 14:03 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2018-05-16 10:30 - 2018-05-03 13:57 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-16 10:30 - 2018-03-30 11:43 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2018-05-16 10:30 - 2018-03-30 11:40 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2018-05-16 10:30 - 2018-03-30 11:33 - 000707584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2018-05-16 10:30 - 2018-03-30 11:33 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimeprovider.dll
2018-05-16 10:30 - 2018-03-30 11:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysntfy.dll
2018-05-16 10:30 - 2018-03-30 11:33 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll
2018-05-16 10:30 - 2018-03-30 11:33 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2018-05-16 10:30 - 2018-03-30 11:32 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2018-05-16 10:30 - 2018-03-30 11:32 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2018-05-16 10:30 - 2018-03-30 11:32 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2018-05-16 10:30 - 2018-03-30 11:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmiprop.dll
2018-05-16 10:30 - 2018-03-30 11:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWNet.dll
2018-05-16 10:30 - 2018-03-30 11:32 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfhost.exe
2018-05-16 10:30 - 2018-03-30 11:31 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-05-16 10:30 - 2018-03-30 11:31 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2018-05-16 10:30 - 2018-03-30 11:31 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2018-05-16 10:30 - 2018-03-30 11:20 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPnp.dll
2018-05-16 10:30 - 2018-03-30 11:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll
2018-05-16 10:30 - 2018-03-30 11:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll
2018-05-16 10:30 - 2018-02-10 12:46 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2018-05-16 09:46 - 2018-05-04 17:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
2018-05-16 00:29 - 2018-05-16 00:30 - 018045974 _____ C:\Users\elloisemanuel\Downloads\Knowledge-and-Strategy-Knowledge-Reader-.pdf
2018-05-15 21:22 - 2018-05-15 21:26 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-15 21:22 - 2018-05-15 21:22 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-15 21:19 - 2018-05-15 21:19 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-15 21:09 - 2018-05-15 21:09 - 000000000 ____D C:\WINDOWS\system32\th
2018-05-15 20:56 - 2018-05-15 20:56 - 000000000 ____D C:\WINDOWS\vi-VN
2018-05-15 20:52 - 2018-05-15 20:52 - 000000000 ____D C:\WINDOWS\hi-IN
2018-05-15 20:47 - 2018-05-15 20:47 - 000000000 ____D C:\WINDOWS\id-ID
2018-05-15 20:39 - 2018-05-31 18:05 - 000581418 _____ C:\WINDOWS\system32\prfh0804.dat
2018-05-15 20:39 - 2018-05-31 18:05 - 000190684 _____ C:\WINDOWS\system32\prfc0804.dat
2018-05-15 20:39 - 2018-05-15 20:39 - 000113218 _____ C:\WINDOWS\system32\prfi0804.dat
2018-05-15 20:39 - 2018-05-15 20:39 - 000033402 _____ C:\WINDOWS\system32\prfd0804.dat
2018-05-15 20:39 - 2018-05-15 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\zh-HANS
2018-05-15 20:39 - 2018-05-15 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2018-05-15 20:39 - 2018-05-15 20:39 - 000000000 ____D C:\WINDOWS\system32\zh-HANS
2018-05-15 20:16 - 2018-05-15 20:16 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-15 20:16 - 2018-05-15 20:16 - 000000000 ____D C:\Program Files\MSBuild
2018-05-15 20:16 - 2018-05-15 20:16 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-15 20:16 - 2018-05-15 20:16 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-15 20:15 - 2017-09-29 07:50 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-15 20:15 - 2017-09-29 07:50 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-15 20:15 - 2017-09-29 07:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-15 20:15 - 2017-09-23 10:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-15 20:15 - 2017-09-23 10:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-15 20:15 - 2017-09-23 10:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-15 07:59 - 2018-05-15 07:59 - 000000000 ____D C:\Users\elloisemanuel\AppData\Local\DBG
2018-05-15 07:58 - 2018-05-15 07:58 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-15 07:56 - 2018-05-15 07:56 - 000000000 ___HD C:\Users\elloisemanuel\MicrosoftEdgeBackups
2018-05-15 07:52 - 2018-05-17 04:13 - 000000000 ___RD C:\Users\elloisemanuel\3D Objects
2018-05-15 07:50 - 2018-05-15 07:50 - 000000020 ___SH C:\Users\elloisemanuel\ntuser.ini
2018-05-15 07:37 - 2018-05-31 22:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-15 07:37 - 2018-05-19 23:13 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-15 07:37 - 2018-05-19 23:13 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-15 07:37 - 2018-05-17 17:33 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-05-15 07:37 - 2018-05-15 07:53 - 000003802 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2018-05-15 07:37 - 2018-05-15 07:38 - 000003308 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{87AED3EA-8A3F-47D4-BA47-EEADC7E7B8F3}
2018-05-15 07:37 - 2018-05-15 07:38 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2018-05-15 07:37 - 2018-05-15 07:38 - 000003026 _____ C:\WINDOWS\System32\Tasks\WpsExternal_20161114023648
2018-05-15 07:37 - 2018-05-15 07:38 - 000002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2018-05-15 07:37 - 2018-05-15 07:38 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-743433023-1376000779-2915324046-1001
2018-05-15 07:37 - 2018-05-15 07:38 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-05-15 07:37 - 2018-05-15 07:38 - 000002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2018-05-15 07:37 - 2018-05-15 07:37 - 000003268 _____ C:\WINDOWS\System32\Tasks\WpsKtpcntrQingTask_Administrator
2018-05-15 07:37 - 2018-05-15 07:37 - 000003194 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-05-15 07:37 - 2018-05-15 07:37 - 000002862 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2018-05-15 07:37 - 2018-05-15 07:37 - 000002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2018-05-15 07:37 - 2018-05-15 07:37 - 000002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2018-05-15 07:37 - 2018-05-15 07:37 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-05-15 07:37 - 2018-05-15 07:37 - 000001984 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2018-05-15 07:37 - 2018-05-15 07:37 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUSTek Computer Inc
2018-05-15 07:37 - 2018-05-15 07:37 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2018-05-15 07:36 - 2018-05-15 07:37 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2018-05-15 07:36 - 2018-05-15 07:37 - 000015243 _____ C:\WINDOWS\diagerr.xml
2018-05-15 07:34 - 2018-05-15 07:34 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-15 07:30 - 2018-05-15 07:30 - 000000000 ____D C:\ProgramData\USOShared
2018-05-15 07:25 - 2018-05-31 18:05 - 001588088 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-15 07:10 - 2018-05-15 07:10 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-15 07:09 - 2018-05-15 07:09 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2018-05-15 07:08 - 2018-05-16 11:24 - 000000000 ____D C:\Users\elloisemanuel\AppData\Local\Packages
2018-05-15 07:08 - 2018-05-15 07:08 - 000000000 ____D C:\Users\EeMnl\AppData\Local\Packages
2018-05-15 07:07 - 2018-05-25 13:37 - 000000000 ____D C:\Users\elloisemanuel
2018-05-15 07:07 - 2018-05-15 07:32 - 000000000 ____D C:\Users\defaultuser0
2018-05-15 07:07 - 2018-05-15 07:26 - 000000000 ____D C:\Users\EeMnl
2018-05-15 05:36 - 2018-03-13 13:02 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-15 05:32 - 2018-05-31 19:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-15 05:32 - 2018-05-31 16:58 - 000422656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-14 21:48 - 2018-05-14 21:48 - 008912475 _____ C:\Users\elloisemanuel\Downloads\Creating-Value-from-Mergers-and-Acquisitions-The-Challenges-.pdf
2018-05-14 12:43 - 2018-05-14 12:43 - 000000000 ____D C:\Users\elloisemanuel\AppData\Roaming\TeamViewer
2018-05-11 12:36 - 2018-05-11 12:36 - 000000000 ____D C:\Users\elloisemanuel\AppData\Local\nesotene
2018-05-11 12:36 - 2018-05-11 12:36 - 000000000 ____D C:\Users\elloisemanuel\AppData\Local\{2D801BDC-0928-7764-64B0-528C40D8AE14}
2018-05-11 09:55 - 2018-05-11 09:55 - 000017675 _____ C:\Users\elloisemanuel\Downloads\Table A.1 Q42017.xlsx
2018-05-10 17:25 - 2018-05-10 17:25 - 000107211 _____ C:\Users\elloisemanuel\Downloads\Fiesta-2.pdf
2018-05-10 17:09 - 2018-05-10 17:10 - 000408738 _____ C:\Users\elloisemanuel\Downloads\MANUEL.pdf
2018-05-08 17:45 - 2018-05-08 17:45 - 000000000 ____D C:\Users\elloisemanuel\AppData\Roaming\vlc
2018-05-08 11:05 - 2018-05-08 11:05 - 000000000 ____D C:\Users\elloisemanuel\Downloads\OpenSolver2.9.0_LinearWin
2018-05-04 11:21 - 2018-05-15 07:51 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-03 16:46 - 2018-05-13 22:47 - 000607640 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2018-05-03 16:10 - 2018-05-03 16:10 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-05-03 09:07 - 2018-04-27 17:11 - 000110960 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs2356.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-01 00:23 - 2018-04-29 13:01 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2018-05-31 22:40 - 2017-09-29 16:45 - 000131072 _____ C:\WINDOWS\system32\config\ELAM
2018-05-31 22:28 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-05-31 22:25 - 2017-02-26 23:52 - 000000200 _____ C:\Users\elloisemanuel\AppData\Roaming\sp_data.sys
2018-05-31 22:16 - 2017-02-26 23:49 - 000000000 __SHD C:\Users\elloisemanuel\IntelGraphicsProfiles
2018-05-31 22:13 - 2017-09-29 16:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-05-31 18:22 - 2017-09-29 21:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-31 18:22 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-30 13:38 - 2017-09-29 21:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-30 13:36 - 2017-02-27 00:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-05-29 14:22 - 2018-05-01 22:24 - 000007871 _____ C:\WINDOWS\BRRBCOM.INI
2018-05-27 17:49 - 2018-04-30 15:37 - 000000000 ____D C:\Users\elloisemanuel\AppData\Local\Spotify
2018-05-27 17:24 - 2018-04-30 15:34 - 000000000 ____D C:\Users\elloisemanuel\AppData\Roaming\Spotify
2018-05-27 11:33 - 2017-09-29 21:44 - 000000000 ____D C:\WINDOWS\INF
2018-05-27 11:27 - 2017-02-26 22:42 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-24 16:41 - 2018-04-29 12:46 - 000000000 ____D C:\Program Files\Bitdefender Agent
2018-05-22 16:51 - 2017-09-29 22:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-22 16:51 - 2017-09-29 22:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-22 16:51 - 2017-09-29 22:42 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-05-22 16:51 - 2017-09-29 21:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-18 22:32 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\rescache
2018-05-18 10:50 - 2018-04-20 15:33 - 000001196 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drive File Stream.lnk
2018-05-17 17:32 - 2017-08-06 19:21 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-17 09:41 - 2017-08-06 19:10 - 000002329 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-17 04:13 - 2017-02-26 22:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-17 02:10 - 2017-09-29 21:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-05-17 02:10 - 2017-09-29 21:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-05-17 02:10 - 2017-09-29 21:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-05-17 02:10 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-17 02:10 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-05-17 02:10 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-17 02:10 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-05-17 02:09 - 2017-09-29 21:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-05-17 02:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-17 02:09 - 2017-09-29 16:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-05-17 02:08 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-05-17 02:08 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-17 02:08 - 2017-09-29 16:45 - 000000000 ____D C:\WINDOWS\servicing
2018-05-17 02:07 - 2017-09-29 21:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-17 02:07 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-16 09:31 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-15 21:30 - 2017-09-29 21:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-15 21:26 - 2018-04-29 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free
2018-05-15 21:26 - 2018-04-29 13:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-05-15 21:26 - 2018-01-04 12:15 - 000000000 ____D C:\Program Files\UNP
2018-05-15 21:26 - 2017-09-29 22:41 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-05-15 21:26 - 2017-09-29 22:41 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-05-15 21:26 - 2017-09-29 21:49 - 000000000 ____D C:\WINDOWS\Setup
2018-05-15 21:26 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-15 21:26 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-15 21:26 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-15 21:26 - 2017-09-29 21:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-15 21:26 - 2017-08-13 23:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-15 21:26 - 2017-08-10 22:11 - 000000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2018-05-15 21:26 - 2017-08-10 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP2700 series
2018-05-15 21:26 - 2017-08-07 08:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-05-15 21:26 - 2017-08-05 22:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-05-15 21:26 - 2017-02-26 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2018-05-15 21:26 - 2017-02-26 22:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-05-15 21:26 - 2017-02-26 22:52 - 000000000 ____D C:\Program Files\AMD
2018-05-15 21:26 - 2017-02-26 22:42 - 000000000 ____D C:\Program Files\Intel
2018-05-15 21:26 - 2016-11-14 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office
2018-05-15 21:26 - 2016-07-16 19:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-15 21:23 - 2017-02-26 22:54 - 000000000 ____D C:\WINDOWS\system32\Intel
2018-05-15 21:22 - 2017-02-26 23:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2018-05-15 21:22 - 2017-02-26 22:55 - 000000000 ____D C:\Program Files\Realtek
2018-05-15 21:09 - 2017-09-29 21:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-05-15 21:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-05-15 21:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-05-15 21:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-05-15 21:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\IME
2018-05-15 21:09 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\Help
2018-05-15 21:09 - 2017-09-29 21:46 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-15 21:09 - 2017-09-29 21:46 - 000000000 ____D C:\Program Files\Common Files\system
2018-05-15 21:09 - 2017-09-29 21:46 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-15 21:09 - 2017-09-29 21:46 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-05-15 20:56 - 2017-09-29 22:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-15 20:52 - 2017-09-29 22:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-05-15 20:47 - 2017-09-29 22:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-15 20:39 - 2017-09-29 22:41 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-05-15 20:39 - 2017-09-29 22:41 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-05-15 20:39 - 2017-09-29 22:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-05-15 20:39 - 2017-09-29 22:41 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-05-15 20:39 - 2017-09-29 22:41 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-05-15 20:39 - 2017-09-29 22:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-05-15 20:39 - 2017-09-29 21:46 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-05-15 20:39 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-05-15 20:39 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-05-15 20:39 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-05-15 20:39 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-05-15 20:39 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\com
2018-05-15 07:53 - 2017-02-26 23:49 - 000000000 ____D C:\Users\elloisemanuel\AppData\Local\TileDataLayer
2018-05-15 07:38 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-15 07:35 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\Registration
2018-05-15 07:35 - 2017-02-26 22:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2018-05-15 07:33 - 2017-09-29 21:46 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-15 07:30 - 2017-09-29 21:46 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-15 07:16 - 2017-08-07 08:42 - 000000000 ____D C:\Users\EeMnl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-05-15 07:06 - 2017-09-29 16:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-05-15 07:05 - 2017-02-26 22:56 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-05-15 07:04 - 2017-02-26 22:55 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-05-15 07:04 - 2017-02-26 22:55 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-05-15 05:39 - 2017-02-26 22:47 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2018-05-15 00:51 - 2018-04-15 13:37 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-14 12:52 - 2018-02-19 22:03 - 000000000 ___HD C:\$GetCurrent
2018-05-13 22:48 - 2018-04-29 13:12 - 000246064 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2018-05-13 22:47 - 2018-04-29 13:16 - 000023032 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2018-05-13 22:46 - 2018-04-29 13:11 - 000152648 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2018-05-13 22:45 - 2018-04-29 13:12 - 001723552 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2018-05-13 22:44 - 2018-04-29 13:12 - 001177008 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2018-05-13 22:43 - 2018-04-29 13:12 - 000189544 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2018-05-09 19:24 - 2018-01-31 21:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-09 18:44 - 2018-01-31 21:06 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-09 18:44 - 2018-01-31 21:06 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-03 14:50 - 2018-01-04 09:45 - 000000000 ____D C:\Program Files\rempl
 
==================== Files in the root of some directories =======
 
2017-02-26 23:52 - 2018-05-31 22:25 - 000000200 _____ () C:\Users\elloisemanuel\AppData\Roaming\sp_data.sys
2018-05-29 00:03 - 2018-05-29 00:03 - 000000134 _____ () C:\Users\elloisemanuel\AppData\Roaming\WB.CFG
2018-05-31 16:27 - 2018-05-31 20:55 - 000007608 _____ () C:\Users\elloisemanuel\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2018-05-31 23:25 - 2018-04-16 05:49 - 001954056 _____ (Microsoft Corporation) C:\Users\elloisemanuel\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-25 11:41
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by elloisemanuel (01-06-2018 00:25:21)
Running from C:\Users\elloisemanuel\Downloads
Windows 10 Home Single Language Version 1709 16299.431 (X64) (2018-05-14 23:45:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-743433023-1376000779-2915324046-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-743433023-1376000779-2915324046-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-743433023-1376000779-2915324046-1000 - Limited - Disabled) => C:\Users\defaultuser0
EeMnl (S-1-5-21-743433023-1376000779-2915324046-1002 - Administrator - Enabled) => C:\Users\EeMnl
elloisemanuel (S-1-5-21-743433023-1376000779-2915324046-1001 - Administrator - Enabled) => C:\Users\elloisemanuel
Guest (S-1-5-21-743433023-1376000779-2915324046-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-743433023-1376000779-2915324046-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6 - Advanced Micro Devices, Inc.)
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.5.24 - ASUSTek Computer Inc)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.19.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.7 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0045 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.1.18 - ICEpower a/s)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 22.0.10.78 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.11.16 - Bitdefender)
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - Canon Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{D9B8DA27-8B63-4D3F-D3C0-15B547DB7ECF}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{77826314-4CDF-403C-E9A0-B02F7E718348}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{26BC7F2F-B45F-AB82-3EFA-C4C5D97738A0}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{923DC0BC-4D69-8B4E-15F3-9E9D86557208}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{A3AD7F1E-29DF-5AEE-F7D9-A9C265414BC6}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E296D645-6D0B-B625-DB32-E059316418D5}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{D7E5D50B-F4AD-28D0-BFDF-ED1DAF4BF67B}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{68A1B05D-FAA0-C4C5-DB3C-4EC0B28F019F}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A4239511-0386-A0C5-EF82-637AE9244B44}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{6F02AE57-33DD-37B5-C054-B1E04FD44319}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{77841F33-A122-CBA3-80BD-E418551C70F4}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{2FCD8B44-2BDA-CC12-29BE-F69EF35BE695}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{F59F8C4A-5FD3-0DC7-4BAC-724197BA2F0B}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{33118031-BB9D-A03F-CBD5-F443EF40DED3}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{81BEB7F2-865C-E71B-3BA7-F6A278433D60}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{9DF58308-CEA8-9B01-D6AA-C5D72CE269E5}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{13F16E3B-BC83-BDE7-F95D-D4DBD3BF2908}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E2C9ADA9-BF56-58D1-9EBD-735FFE827712}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{CD22C742-AD28-5439-EA01-705F653ED987}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{F5388EDB-EAA4-A6C4-6412-1910203F7D09}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{C06AE332-CDB1-9F86-F7C3-3C0140719F43}) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Drive File Stream (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 25.252.289.1553 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{aaa7f0fb-02dc-4576-beef-7d24842c5fbe}) (Version: 10.1.1.32 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.9226.2156 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-743433023-1376000779-2915324046-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.886.030716 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10130.27054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.9.422.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0286 - REALTEK Semiconductor Corp.)
RogueKiller version 12.12.19.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.19.0 - Adlice Software)
Spotify (HKU\S-1-5-21-743433023-1376000779-2915324046-1001\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DA171DF3-18B3-446E-BCA6-C08069850FD2}) (Version: 2.36.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{57D07AAD-97E2-4E16-89C4-1A3C51BC9C98}) (Version: 1.16.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.21.0 (HKLM\...\VulkanRT1.0.21.0) (Version: 1.0.21.0 - LunarG, Inc.)
Windows Driver Package - ASUS (AsusSGDrv) Mouse  (05/16/2016 8.1.0.25) (HKLM\...\D89F0D5D3B27F2341D1C13A1033A3DCE3DCCA9EC) (Version: 05/16/2016 8.1.0.25 - ASUS)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.1.0.5644 - Kingsoft Corp.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-743433023-1376000779-2915324046-1001_Classes\CLSID\{7CB4D2F7-77AE-4A08-9BDF-21370FF8D6BD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll (Google, Inc.)
CustomCLSID: HKU\S-1-5-21-743433023-1376000779-2915324046-1001_Classes\CLSID\{96836CC1-31EA-4F1C-A7F4-D67863D5D4FD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll (Google, Inc.)
CustomCLSID: HKU\S-1-5-21-743433023-1376000779-2915324046-1001_Classes\CLSID\{9EE0C242-8973-456D-B382-0752476703FD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll (Google, Inc.)
CustomCLSID: HKU\S-1-5-21-743433023-1376000779-2915324046-1001_Classes\CLSID\{B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll (Google, Inc.)
CustomCLSID: HKU\S-1-5-21-743433023-1376000779-2915324046-1001_Classes\CLSID\{C9F7D7A1-D13F-4C72-9AB0-06FDC65AA931}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll (Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {7CB4D2F7-77AE-4A08-9BDF-21370FF8D6BD} => C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll [2018-05-16] (Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {C9F7D7A1-D13F-4C72-9AB0-06FDC65AA931} => C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll [2018-05-16] (Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {96836CC1-31EA-4F1C-A7F4-D67863D5D4FD} => C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll [2018-05-16] (Google, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-09-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b05899eb193fc33e\igfxDTCM.dll [2016-12-07] (Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-743433023-1376000779-2915324046-1001: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll [2018-05-16] (Google, Inc.)
ContextMenuHandlers4_S-1-5-21-743433023-1376000779-2915324046-1001: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll [2018-05-16] (Google, Inc.)
ContextMenuHandlers5_S-1-5-21-743433023-1376000779-2915324046-1001: [DriveFS] -> {B53FB4A1-B6BB-4F9B-AAA8-8704FBC1BE25} => C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefsext.dll [2018-05-16] (Google, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09F44B78-D0C2-4D5C-82DF-27C6AFAA9D39} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-06] (Google Inc.)
Task: {0BFE0E8E-2259-4509-A74B-563D6651CBD8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-06] (Google Inc.)
Task: {0D684226-CFE4-4D4A-8541-0D0A823EE95C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-13] (Piriform Ltd)
Task: {172BE24D-52AA-4A1A-9D0B-82CEA505BDAB} - System32\Tasks\WpsKtpcntrQingTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe [2016-11-14] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {268505FE-E178-452C-92FA-3601798A8771} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-08-19] (Realtek Semiconductor)
Task: {304C3CCC-E069-4CEB-97B0-7C10824FF87E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-13] (Piriform Ltd)
Task: {346F6230-845A-49D8-9DC8-4DB8B90560D5} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-23] (ASUSTek Computer Inc.)
Task: {3EDF20CA-5455-4AE3-A9A2-BB1D71E3AF88} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-27] (Intel® Corporation)
Task: {3F1572B1-9FB0-4CBD-93A5-F4BBA60F228D} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe [2018-05-04] (Microsoft Corporation)
Task: {469F9A9A-41A1-44AF-A073-0B02B4366566} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT-KB890830.exe [2018-05-09] (Microsoft Corporation)
Task: {4D35E9D6-2F13-4F19-94A1-9D0147CA4C2F} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-23] (ASUSTek Computer Inc.)
Task: {502F7378-EE68-47A0-B167-F400972F7600} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-19] (Microsoft Corporation)
Task: {58DC61D8-7C16-4596-8729-66DACB665384} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2016-10-13] (ASUS)
Task: {5CF04BCC-319C-4D5D-AB40-1FF400CAD200} - System32\Tasks\WpsExternal_20161114023648 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2016-11-14] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {659BBE7E-EFA0-4075-A965-524772489BF3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-12] (Microsoft Corporation)
Task: {766AA44C-2036-44F0-8F0C-8FD67D2736AF} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {7E1FF9C5-497C-4CFC-A0A7-970786E1567C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-08-19] (Realtek Semiconductor)
Task: {860D6D03-A36E-473E-871B-DE0E6A4CA2D7} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2016-02-24] (ASUSTek Computer Inc.)
Task: {8C223AE5-B7AE-481C-AE98-94B4F414D505} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-05-16] (Bitdefender)
Task: {92097617-FE9B-43F8-B82B-9CC932D1CC07} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-12] (Microsoft Corporation)
Task: {93E70AEB-2C00-47E6-B5DF-3CC72C1EC639} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {96E024A3-ABE7-4EA8-9FA8-1D14CA3A42B1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-12] (Microsoft Corporation)
Task: {998C62F7-53CC-4583-8426-A484F13C2761} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2016-05-17] (AsusTek)
Task: {A5EC497B-47E1-401B-B9CE-EB2E4A25E578} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {B3B2D967-ED80-4089-9931-201625A7B328} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-07-08] (ASUSTek COMPUTER INC.)
Task: {D3843407-7A1B-4645-A90A-054717178181} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-19] (Microsoft Corporation)
Task: {E325C323-30E1-492F-B3AC-4EF743F4F8F3} - System32\Tasks\ASUSTek Computer Inc\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [2017-07-03] (ASUSTek Computer Inc)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\WpsExternal_20161114023648.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exeÃqing 10.1.0.5644 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> -disable-gpu
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 21:41 - 2017-09-29 21:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-05-03 16:46 - 2018-05-13 22:43 - 000278280 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2018-05-09 11:29 - 2018-05-09 11:29 - 000992704 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttpbr.mdl
2018-05-09 11:29 - 2018-05-09 11:29 - 000543344 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttpdsp.mdl
2018-05-09 11:29 - 2018-05-09 11:29 - 003228632 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttpph.mdl
2018-05-09 11:29 - 2018-05-09 11:29 - 001527808 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttprbl.mdl
2018-05-23 10:58 - 2018-05-23 11:00 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-23 10:58 - 2018-05-23 11:00 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-23 10:58 - 2018-05-23 11:01 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-23 10:58 - 2018-05-23 11:00 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-18 10:50 - 2018-05-16 09:08 - 002519800 _____ () C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefs_common_icuuc.dll
2018-05-18 10:50 - 2018-05-16 09:08 - 003299576 _____ () C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefs_icui18n.dll
2018-05-18 10:50 - 2018-05-16 09:08 - 003843832 _____ () C:\Program Files\Google\Drive File Stream\25.252.289.1553\drivefs_cc_icu_data_library_core.dll
2018-05-16 10:40 - 2018-02-22 08:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-05-16 10:40 - 2018-02-22 08:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-17 09:41 - 2018-05-15 11:13 - 002666328 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\swiftshader\libglesv2.dll
2018-05-17 09:41 - 2018-05-15 11:13 - 000127320 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\swiftshader\libegl.dll
2018-05-18 10:50 - 2018-05-16 09:08 - 096082680 _____ () C:\Program Files\Google\Drive File Stream\25.252.289.1553\libcef.dll
2018-05-18 10:50 - 2018-05-16 09:08 - 001771768 _____ () C:\Program Files\Google\Drive File Stream\25.252.289.1553\crashpad_handler.exe
2018-05-18 10:50 - 2018-05-16 09:08 - 004152568 _____ () C:\Program Files\Google\Drive File Stream\25.252.289.1553\libglesv2.dll
2018-05-18 10:50 - 2018-05-16 09:08 - 000101112 _____ () C:\Program Files\Google\Drive File Stream\25.252.289.1553\libegl.dll
2016-10-13 14:17 - 2016-10-13 14:17 - 000033280 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2016-10-13 14:17 - 2016-10-13 14:17 - 000125440 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-10-13 14:17 - 2016-10-13 14:17 - 000029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2016-10-06 13:17 - 2016-10-06 13:17 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 19:47 - 2018-05-31 20:06 - 000002050 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 www.reddit.com
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-743433023-1376000779-2915324046-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "StartCN"
HKU\S-1-5-21-743433023-1376000779-2915324046-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-743433023-1376000779-2915324046-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-743433023-1376000779-2915324046-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-743433023-1376000779-2915324046-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-743433023-1376000779-2915324046-1001\...\StartupApproved\Run: => "utweb"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{33F0FBEE-1779-4EE4-9B7A-18E250C52FC9}] => (Block) C:\users\elloisemanuel\appdata\roaming\spotify\spotify.exe
FirewallRules: [{922B3D05-4BC2-4A43-A721-9F5452B4CB37}] => (Block) C:\users\elloisemanuel\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{503C534B-8EF4-4616-96F9-F5B3873D2AE9}C:\users\elloisemanuel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\elloisemanuel\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{0AC3AF3D-27C7-44CA-BDBD-CBD6F73D6627}C:\users\elloisemanuel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\elloisemanuel\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B4B5CD31-68A4-429C-8CA7-A77FD50C995F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7960B6F5-01D7-4528-B637-439282547D35}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
25-05-2018 11:43:31 Scheduled Checkpoint
31-05-2018 19:57:04 December 19, 2016
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/01/2018 12:12:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program cbSetup.exe version 11.2.0.149 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1c4c
 
Start Time: 01d3f8fa02c388b7
 
Termination Time: 15
 
Application Path: C:\Users\elloisemanuel\Downloads\cbSetup.exe
 
Report Id: d8537fc3-f3b2-4db4-87ed-0b92da5d16d0
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/01/2018 12:11:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskmgr.exe, version: 10.0.16299.248, time stamp: 0xc182202c
Faulting module name: taskmgr.exe, version: 10.0.16299.248, time stamp: 0xc182202c
Exception code: 0xc0000409
Fault offset: 0x00000000000147d9
Faulting process id: 0x23d4
Faulting application start time: 0x01d3f8ef034ae55a
Faulting application path: C:\WINDOWS\system32\taskmgr.exe
Faulting module path: C:\WINDOWS\system32\taskmgr.exe
Report Id: e344e31c-8274-4a60-bc49-e59760a097e2
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/31/2018 10:20:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.16299.402, time stamp: 0x67b5448f
Faulting module name: ContextualComm.dll, version: 1.0.12.10, time stamp: 0x5ae075cd
Exception code: 0xc0000005
Fault offset: 0x0000000000004960
Faulting process id: 0x1aa8
Faulting application start time: 0x01d3f8e9d52e4c86
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\Program Files\Bitdefender Antivirus Free\ContextualComm.dll
Report Id: 747e56a4-f5da-42c6-b766-002832e2785d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/31/2018 08:05:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Facebook.exe, version: 1.4.16.0, time stamp: 0x58e52523
Faulting module name: Facebook.exe, version: 1.4.16.0, time stamp: 0x58e52523
Exception code: 0x80000003
Fault offset: 0x00266509
Faulting process id: 0x244c
Faulting application start time: 0x01d3f8d7a08a1c0c
Faulting application path: C:\Program Files (x86)\Facebook\Facebook.exe
Faulting module path: C:\Program Files (x86)\Facebook\Facebook.exe
Report Id: 8acfda7a-08e4-4c26-ac30-3a000693566d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/31/2018 04:42:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.16299.402 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1388
 
Start Time: 01d3f878052f1114
 
Termination Time: 0
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 5db43616-1d7d-4206-98c9-be3d6e7a9c9d
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/31/2018 04:33:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ASUS-X540U)
Description: Package Microsoft.MicrosoftEdge_41.16299.402.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend.
 
Error: (05/31/2018 04:22:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TFC.exe version 1.0.4.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 3a58
 
Start Time: 01d3f8ac51c3d33e
 
Termination Time: 0
 
Application Path: C:\Users\elloisemanuel\Downloads\TFC.exe
 
Report Id: 2c455ba5-4e7f-4fa9-942c-77c7c1af41a1
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/31/2018 02:56:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ByteFence.exe version 5.3.0.24 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 3b14
 
Start Time: 01d3f8784ccc8cf6
 
Termination Time: 281
 
Application Path: C:\Program Files\ByteFence\ByteFence.exe
 
Report Id: 7feffe5a-7ff6-43f6-8e44-d57b60261c84
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (05/31/2018 11:27:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/31/2018 11:27:01 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ELLOIS~1\AppData\Local\Temp\ehdrv.sys
 
Error: (05/31/2018 11:27:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/31/2018 11:27:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ELLOIS~1\AppData\Local\Temp\ehdrv.sys
 
Error: (05/31/2018 11:27:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ELLOIS~1\AppData\Local\Temp\ehdrv.sys
 
Error: (05/31/2018 11:27:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/31/2018 11:27:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ELLOIS~1\AppData\Local\Temp\ehdrv.sys
 
Error: (05/31/2018 11:27:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
 
CodeIntegrity:
===================================
 
Date: 2018-05-31 22:15:43.016
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-05-31 20:48:22.033
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-05-31 20:23:45.535
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-05-31 17:59:15.154
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-05-31 17:15:50.692
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-05-31 17:09:48.589
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-05-31 16:59:50.683
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-05-22 12:21:05.242
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 77%
Total physical RAM: 3979.11 MB
Available physical RAM: 882.23 MB
Total Virtual: 7051.11 MB
Available Virtual: 3135.62 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:930.75 GB) (Free:877.08 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Google Drive File Stream) (Fixed) (Total:1073741824 GB) (Free:833.23 GB) FAT32
 
\\?\Volume{5ce7a994-be8b-4d97-8fdc-d52baa76c658}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{d6576150-d526-4279-a604-04f5252245fb}\ (RECOVERY) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS
\\?\Volume{b1983812-406c-11e8-9712-704d7b9a67fb}\ () () (Total:0 GB) (Free:0 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2604B7DD)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:38 PM

Posted 31 May 2018 - 08:18 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)
 

  • Highlight the entire content of the quote box below.

Start::  
CHR Extension: (Sci-Hub) - C:\Users\elloisemanuel\Downloads\Sci-Hub [2018-02-23] [UpdateUrl: hxxps://sci-hub.tv/update] <==== ATTENTION
Task: {A5EC497B-47E1-401B-B9CE-EB2E4A25E578} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll => No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL => No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [No File]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {A5EC497B-47E1-401B-B9CE-EB2E4A25E578} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
CMD: fltmc instances
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 marborj

marborj
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 31 May 2018 - 10:03 PM

Hi.  Thank you for volunteering :)

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by elloisemanuel (01-06-2018 10:34:53) Run:1
Running from C:\Users\elloisemanuel\Downloads
Loaded Profiles: elloisemanuel (Available Profiles: defaultuser0 & elloisemanuel & EeMnl)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
CHR Extension: (Sci-Hub) - C:\Users\elloisemanuel\Downloads\Sci-Hub [2018-02-23] [UpdateUrl: hxxps://sci-hub.tv/update] <==== ATTENTION
Task: {A5EC497B-47E1-401B-B9CE-EB2E4A25E578} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll => No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL => No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [No File]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {A5EC497B-47E1-401B-B9CE-EB2E4A25E578} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
CMD: fltmc instances
EMPTYTEMP:
Reboot:
 
*****************
 
CHR Extension: (Sci-Hub) - C:\Users\elloisemanuel\Downloads\Sci-Hub [2018-02-23] [UpdateUrl: hxxps://sci-hub.tv/update] <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5EC497B-47E1-401B-B9CE-EB2E4A25E578}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5EC497B-47E1-401B-B9CE-EB2E4A25E578}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
ShellIconOverlayIdentifiers-x32-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL -> No File => Error: No automatic fix found for this entry.
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5EC497B-47E1-401B-B9CE-EB2E4A25E578} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
 
========= fltmc instances =========
 
Filter                Volume Name                              Altitude        Instance Name       Frame   SprtFtrs  VlStatus
--------------------  -------------------------------------  ------------  ----------------------  -----   --------  --------
FileInfo                                                         40500     FileInfo                  0     00000007  
FileInfo              C:                                         40500     FileInfo                  0     00000007  
FileInfo                                                         40500     FileInfo                  0     00000007  
FileInfo              \Device\HarddiskVolumeShadowCopy4          40500     FileInfo                  0     00000007  
FileInfo              \Device\Mup                                40500     FileInfo                  0     00000007  
FileInfo              G:                                         40500     FileInfo                  0     00000007  
PROCMON24             \Device\HarddiskVolumeShadowCopy4         385200     Process Monitor 24 Instance    0     00000007  
PROCMON24             G:                                        385200     Process Monitor 24 Instance    0     00000007  
Wof                   C:                                         40700     Wof Instance              0     00000007  
Wof                                                              40700     Wof Instance              0     00000007  
Wof                   \Device\HarddiskVolumeShadowCopy4          40700     Wof Instance              0     00000007  
atc                                                             320781     Atc Instance              0     00000007  
atc                   C:                                        320781     Atc Instance              0     00000007  
atc                                                             320781     Atc Instance              0     00000007  
atc                   \Device\Mup                               320781     Atc Instance              0     00000007  
atc                   G:                                        320781     Atc Instance              0     00000007  
avc3                                                            320780     avc3 Instance             0     00000004  
avc3                  C:                                        320780     avc3 Instance             0     00000004  
avc3                                                            320780     avc3 Instance             0     00000004  
avc3                  \Device\HarddiskVolumeShadowCopy4         320780     avc3 Instance             0     00000004  
avc3                  \Device\Mup                               320780     avc3 Instance             0     00000004  
avc3                  G:                                        320780     avc3 Instance             0     00000004  
edrsensor                                                       389025     EdrSensor Instance        0     00000007  
edrsensor             C:                                        389025     EdrSensor Instance        0     00000007  
edrsensor                                                       389025     EdrSensor Instance        0     00000007  
edrsensor             \Device\HarddiskVolumeShadowCopy4         389025     EdrSensor Instance        0     00000007  
edrsensor             \Device\Mailslot                          389025     EdrSensor Instance        0     00000007  
edrsensor             \Device\Mup                               389025     EdrSensor Instance        0     00000007  
edrsensor             \Device\NamedPipe                         389025     EdrSensor Instance        0     00000007  
edrsensor             G:                                        389025     EdrSensor Instance        0     00000007  
gzflt                                                           320820     gzflt Instance            0     00000004  
gzflt                 C:                                        320820     gzflt Instance            0     00000004  
gzflt                                                           320820     gzflt Instance            0     00000004  
gzflt                 \Device\HarddiskVolumeShadowCopy4         320820     gzflt Instance            0     00000004  
gzflt                 \Device\Mup                               320820     gzflt Instance            0     00000004  
gzflt                 G:                                        320820     gzflt Instance            0     00000004  
luafv                 C:                                        135000     luafv                     0     00000007  
npsvctrig             \Device\NamedPipe                          46000     npsvctrig                 0     00000000  
trufos                                                          320770     Trufos Instance           0     00000004  
trufos                C:                                        320770     Trufos Instance           0     00000004  
trufos                                                          320770     Trufos Instance           0     00000004  
trufos                G:                                        320770     Trufos Instance           0     00000004  
wcifs                 C:                                        189900     wcifs Instance            0     00000007  
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13973673 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 2709854890 B
Edge => 8886963 B
Chrome => 2722708 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 61674 B
NetworkService => 2538 B
defaultuser0 => 0 B
elloisemanuel => 62155823 B
EeMnl => 120191 B
 
RecycleBin => 21499 B
EmptyTemp: => 2.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:35:40 ====
 
 
For the AdwCleaner, no log opened after the restart. I checked this folder [C:\AdwCleaner\Logs] and I've pasted below two files because I do not know which of them is the one you need. The first is entitled "AdwCleaner[S04]" and the second is entitled "scanInfo"
 
# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-05-30.1
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    06-01-2018
# Duration: 00:00:35
# OS:       Windows 10 Home Single Language
# Scanned:  40974
# Detected: 3
 
 
***** [ Services ] *****
 
PUP.Optional.ByteFence          rtop
 
***** [ Folders ] *****
 
PUP.Optional.ByteFence          C:\ProgramData\ByteFence
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.ByteFence          HKCU\Software\ByteFence
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########
 
 
{
    "ObjectsScanned": 40974,
    "ScanTime": "00:00:39",
    "ThreatsDetected": 3,
    "ThreatsRemoved": 3
}
 


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:38 PM

Posted 01 June 2018 - 08:08 AM

  • Highlight the entire content of the quote box below.

Start::
Folder: C:\Windows\temp
S2 rtop; "c:\program files\bytefence\rtop\bin\rtop_svc.exe" [X]
2018-05-31 20:06 - 2018-05-31 20:06 - 000000000 ____D C:\ProgramData\ByteFence
C:\Program Files\ByteFence
Reg: Reg delete HKCU\Software\ByteFence /f
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted Fixlog.txt log

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 marborj

marborj
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 01 June 2018 - 10:24 AM

RogueKiller log
 
RogueKiller V12.12.19.0 (x64) [May 28 2018] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : elloisemanuel [Administrator]
Started from : C:\Users\elloisemanuel\Desktop\RogueKiller_portable64.exe
Mode : Delete -- Date : 06/01/2018 22:19:47 (Duration : 00:56:10)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-743433023-1376000779-2915324046-1001\Software\Microsoft\Windows\CurrentVersion\Run | utweb : "C:\Users\elloisemanuel\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED [x] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-743433023-1376000779-2915324046-1001\Software\Microsoft\Windows\CurrentVersion\Run | utweb : "C:\Users\elloisemanuel\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED [x] -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-743433023-1376000779-2915324046-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigURL :
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-743433023-1376000779-2915324046-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigURL :
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-743433023-1376000779-2915324046-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-743433023-1376000779-2915324046-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-743433023-1376000779-2915324046-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-743433023-1376000779-2915324046-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{55cbc0af-ab80-4c39-888e-efcaa98ae31a} | DhcpNameServer : 40.51.1.14 ([United States])  -> Replaced ()
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[PUP.uTorrentAds][File] C:\Users\elloisemanuel\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM035-1RK172 +++++
--- User ---
[MBR] e6e0cce7a8507f17c2f9d87925e7c9af
[BSP] 8adfd6cf2d4100f53059b016b581589d : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 953093 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1952501760 | Size: 499 MB
User = LL1 ... OK
User = LL2 ... OK
 


#7 marborj

marborj
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 01 June 2018 - 10:32 AM

I can't post the Fixlog.txt because it's too long :( 

 

But here's a link of the file: https://ufile.io/npqx5

I hope you can open it. Sorry for any inconvenience.



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:38 PM

Posted 01 June 2018 - 03:12 PM

  • Highlight the entire content of the quote box below.

Start::
C:\Windows\temp\tmp000004e8
C:\Windows\temp\tmp0000045f
C:\Windows\temp\tmp00000452
C:\Windows\temp\{3B87F533-9C5D-4076-8868-00D338D77AA8}
C:\Windows\temp\{69B22A0B-CF8D-4535-BE2F-7F9373508662}
C:\Windows\temp\{DC9F02D0-0CCB-405A-AAC0-354BCE2A9D75}
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 marborj

marborj
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 01 June 2018 - 08:00 PM

It's running normally. I think the speed of the computer is not that affected.
But looking at the temporary files, DPTF and tmp0000041e are still there.
 
Fixlog.txt log
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by elloisemanuel (02-06-2018 08:55:32) Run:3
Running from C:\Users\elloisemanuel\Downloads
Loaded Profiles: elloisemanuel (Available Profiles: defaultuser0 & elloisemanuel & EeMnl)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Windows\temp\tmp000004e8
C:\Windows\temp\tmp0000045f
C:\Windows\temp\tmp00000452
C:\Windows\temp\{3B87F533-9C5D-4076-8868-00D338D77AA8}
C:\Windows\temp\{69B22A0B-CF8D-4535-BE2F-7F9373508662}
C:\Windows\temp\{DC9F02D0-0CCB-405A-AAC0-354BCE2A9D75}
 
*****************
 
"C:\Windows\temp\tmp000004e8" => not found
C:\Windows\temp\tmp0000045f => moved successfully
C:\Windows\temp\tmp00000452 => moved successfully
C:\Windows\temp\{3B87F533-9C5D-4076-8868-00D338D77AA8} => moved successfully
C:\Windows\temp\{69B22A0B-CF8D-4535-BE2F-7F9373508662} => moved successfully
C:\Windows\temp\{DC9F02D0-0CCB-405A-AAC0-354BCE2A9D75} => moved successfully
 
==== End of Fixlog 08:55:33 ====


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:38 PM

Posted 01 June 2018 - 08:57 PM

Many temp folders are being created and will fill the drive if it continuous. Lets try to identify the file that produces these temp folders and files.

While they are PROBABLY harmless, if you want to know what is generating them, you can start by downloading and running Process Monitor which should track disk writes by process. Then you can filter and trace what process is creating these files. Please let me know your findings.

  • Highlight the entire content of the quote box below.

Start::
CMD: Type C:\Windows\temp\tmp000000e0\tmp00001553
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.


Edited by JSntgRvr, 01 June 2018 - 11:51 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 marborj

marborj
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 01 June 2018 - 10:49 PM

Thank you for explaining the purpose of DPTF. No, I don't want to remove it anymore :) 
 
The Fixlog.txt is again, too long. Here's the link of the file: https://ufile.io/fr18x


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:38 PM

Posted 02 June 2018 - 12:05 AM

There are to many temp files and folders being created in the C:\Windows\temp folder. While they are PROBABLY harmless, if you want to know what is generating them, you can start by downloading and running Process Monitor which should track disk writes by process. Then you can filter and trace what process is creating these files. Let me know your findings

  • Highlight the entire content of the quote box below.

Start::
CMD: Type C:\Windows\temp\tmp000000e0\tmp00001553

CMD: for /f %s in ('dir /b /s C:\Windows\temp\tmp*') do RD /Q /S %s
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 marborj

marborj
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 02 June 2018 - 01:08 AM

Are the tmp files dangerous? I'm asking because Bitdefender keeps notifying me whenever I attempt to delete the folder. Before posting my problem here, I tried to remove it through AdwCleaner. Right after the cleaning, the tmp folder is still there but the size of the folder read 0 bytes. But then after a while, the size of the tmp folder increases, it's as if it's regenerating. Sometimes it reaches 2 GB or more.

 

I do want to know what is generating these temp files. I've downloaded Process Monitor but I'm not really sure how to run it. Can you guide me?

 

Here's the link of the Fixlog.txt log: https://ufile.io/2otmi



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:38 PM

Posted 02 June 2018 - 10:08 AM

We wont be able to know, unless we identify the process responsible for creating these files and folders.

  • Highlight the entire content of the quote box below.

Start::
CMD: for /f %s in ('dir /a:d /b /s C:\Windows\temp\tmp*') do RD /Q /S %~dpns
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please upload one of those files here for review.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 marborj

marborj
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 02 June 2018 - 10:23 AM

Okay, I understand. So, if I run Process Monitor, I'll be able to identify those processes?

 

I submitted the Fixlog.txt log below in the link you sent :) 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by elloisemanuel (02-06-2018 23:16:47) Run:6
Running from C:\Users\elloisemanuel\Downloads
Loaded Profiles: elloisemanuel (Available Profiles: defaultuser0 & elloisemanuel & EeMnl)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: for /f %s in ('dir /a:d /b /s C:\Windows\temp\tmp*') do RD /Q /S %~dpns
 
*****************
 
 
========= for /f %s in ('dir /a:d /b /s C:\Windows\temp\tmp*') do RD /Q /S %~dpns =========
 
The directory is not empty.
 
========= End of CMD: =========
 
 
==== End of Fixlog 23:16:51 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users