A log for inspection [Archive] - Safer-Networking Forums

View Full Version : A log for inspection

FraserR

2016-11-10, 13:23

This follows my previous thread: https://forums.spybot.info/showthread.php?73964-No-antivirus-updates

FraserR

2016-11-10, 13:32

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Fraser Ross (administrator) on FROSSDESKTOP (10-11-2016 11:49:54)
Running from M:\Software\Farbar recovery scan tool
Loaded Profiles: Fraser Ross (Available Profiles: Fraser Ross)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(SODATSW spol. s .r.o.) C:\Program Files (x86)\StartW8\bin\StartW8Service.exe
(Check Point Software Technologies Ltd.) I:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\B-Link\Common\RaRegistry64.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\B-Link\Common\RaRegistry.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\VIA\RAID\vialogsv.exe
(Check Point Software Technologies, Ltd.) I:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Piriform Ltd) I:\Program Files\CCleaner\CCleaner64.exe
(Acronis) I:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
() C:\Program Files (x86)\VIA\RAID\raid_tool.exe
(Check Point Software Technologies Ltd.) I:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(SODATSW spol. s r.o.) C:\Program Files (x86)\StartW8\bin\StartW8Button.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(SODATSW spol. s r. o.) C:\Program Files (x86)\StartW8\bin\StartW8Menu.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2014-04-10] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518464 2013-07-18] (Acronis)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [990464 2016-11-06] (Webroot)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => I:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7806256 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102208 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [VIARaidUtl] => C:\Program Files (x86)\VIA\RAID\raid_tool.exe [2378352 2011-03-15] ()
HKLM-x32\...\Run: [ZoneAlarm] => I:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-03-24] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [StartW8Button] => C:\Program Files (x86)\StartW8\bin\StartW8Button.exe [59752 2014-12-15] (SODATSW spol. s r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Run: [CCleaner Monitoring] => I:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Run: [EPSON Stylus D92 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIBZE.EXE [213504 2007-10-05] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\RunOnce: [Uninstall C:\Users\Fraser Ross\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fraser Ross\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\RunOnce: [Uninstall C:\Users\Fraser Ross\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fraser Ross\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1"
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => I:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => I:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => I:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-11-06] ()
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3240783315-1213011343-4006949943-1000] => localhost:21320
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0c04b21a-1379-44c0-a844-be52cec79f7e}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{23b36322-0062-43c5-8a28-e4bfaef231ad}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3e9baf75-b5ed-4662-ae47-553353b64038}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
SearchScopes: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000 -> DefaultScope {F2872BFE-A208-4FD9-B4AC-B57C0068ABC9} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=13794224973f475f8661ba115960bb71&tu=10GXz00Dz2D13P0&sku=&tstsId=&ver=&&r=265
SearchScopes: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000 -> {F2872BFE-A208-4FD9-B4AC-B57C0068ABC9} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=13794224973f475f8661ba115960bb71&tu=10GXz00Dz2D13P0&sku=&tstsId=&ver=&&r=265
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> I:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2016-11-06] (Webroot)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-08] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2016-11-06] (Webroot)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-08] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1408106732135
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Fraser Ross\AppData\Roaming\Mozilla\Firefox\Profiles\k0ntdoc1.default [2016-11-10]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\k0ntdoc1.default -> Search By ZoneAlarm
FF Homepage: Mozilla\Firefox\Profiles\k0ntdoc1.default -> hxxps://en.wikipedia.org/wiki/Main_Page
FF NetworkProxy: Mozilla\Firefox\Profiles\k0ntdoc1.default -> http", "localhost"
FF NetworkProxy: Mozilla\Firefox\Profiles\k0ntdoc1.default -> http_port", 21320
FF NetworkProxy: Mozilla\Firefox\Profiles\k0ntdoc1.default -> no_proxies_on", "192.168.2.1,http://www.amazon.co.uk,https://www.grc.com"
FF NetworkProxy: Mozilla\Firefox\Profiles\k0ntdoc1.default -> ssl", "localhost"
FF NetworkProxy: Mozilla\Firefox\Profiles\k0ntdoc1.default -> ssl_port", 21320
FF NetworkProxy: Mozilla\Firefox\Profiles\k0ntdoc1.default -> type", 0
FF SearchPlugin: C:\Users\Fraser Ross\AppData\Roaming\Mozilla\Firefox\Profiles\k0ntdoc1.default\searchplugins\zonealarm.xml [2014-11-20]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2016-11-06]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-11-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-05-01] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-05-18] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> I:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-05-01] ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~3\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~4\MICROS~1\Office14\NPSPWRAP.DLL [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3240783315-1213011343-4006949943-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Fraser Ross\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-17] (Citrix Online)
StartMenuInternet: FIREFOX.EXE - I:\Program Files (x86)\Mozilla Firefox\firefox.exe

FraserR

2016-11-10, 13:35

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [713736 2015-04-23] (Garmin Ltd. or its subsidiaries)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-03-29] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-13] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\B-Link\Common\RaRegistry.exe [383280 2013-03-27] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\B-Link\Common\RaRegistry64.exe [452912 2013-02-04] (Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files (x86)\B-Link\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 StartW8Service; C:\Program Files (x86)\StartW8\bin\StartW8Service.exe [620392 2014-12-15] (SODATSW spol. s .r.o.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2016-03-28] (Microsoft Corporation) [File not signed]
S3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
R2 VRAID Log Service; C:\Program Files (x86)\VIA\RAID\vialogsv.exe [55920 2011-03-15] ()
R2 vsmon; I:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-03-24] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [990464 2016-11-06] (Webroot)
R2 ZAPrivacyService; I:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\WINDOWS\system32\ampa.sys [19568 2015-11-10] () [File not signed]
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [19568 2015-11-10] () [File not signed]
S3 DIRECTIO; I:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
S3 EfiInvoker; C:\Windows\SysWOW64\Drivers\invoker64.sys [13080 2013-07-02] (Windows (R) Server 2003 DDK provider)
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-11-03] (Kaspersky Lab ZAO)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-11-03] (Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [172920 2015-11-03] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [413008 2016-08-01] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [917880 2015-11-03] (AO Kaspersky Lab)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [65576 2015-06-16] (Safer-Networking Ltd.)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1120032 2013-09-24] (Acronis International GmbH)
S3 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [198432 2013-10-28] (Acronis International GmbH)
S3 USB_Ethernet_Adaptor; C:\WINDOWS\System32\drivers\USB_Ethernet_Adaptor.sys [21504 2013-01-22] (Corechip Semiconductor, Inc. Co Ltd.)
R1 Vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [462296 2016-07-29] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [143248 2016-11-09] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [66328 2016-11-06] (Webroot)
U3 aspnet_state; no ImagePath
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-10 11:47 - 2016-11-10 11:49 - 00000000 ___DC C:\FRST
2016-11-09 18:19 - 2016-11-09 18:19 - 05383592 _____ (Gougelet Pierre-e ) C:\Users\Fraser Ross\Downloads\XnView-win.exe
2016-11-09 15:36 - 2016-11-06 10:45 - 00066328 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2016-11-09 15:07 - 2016-11-09 15:07 - 00000000 ____D C:\WINDOWS\Panther
2016-11-08 18:02 - 2015-07-28 17:52 - 00821920 ____C (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-11-08 17:35 - 2016-09-15 17:18 - 06654616 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-08 17:34 - 2016-10-15 04:51 - 01051112 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-08 17:34 - 2016-10-15 04:51 - 00894088 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-08 17:34 - 2016-10-15 04:48 - 07817568 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-08 17:34 - 2016-10-15 04:48 - 01354320 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-08 17:34 - 2016-10-15 04:48 - 01173496 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-08 17:34 - 2016-10-15 04:48 - 00773712 ____C (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-08 17:34 - 2016-10-15 04:48 - 00498952 ____C (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-11-08 17:34 - 2016-10-15 04:47 - 01883784 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-08 17:34 - 2016-10-15 04:37 - 00063328 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-11-08 17:34 - 2016-10-15 04:33 - 00455040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-11-08 17:34 - 2016-10-15 04:26 - 22224480 ____C (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-08 17:34 - 2016-10-15 04:26 - 04673304 ____C (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-08 17:34 - 2016-10-15 04:26 - 04129928 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-08 17:34 - 2016-10-15 04:26 - 01990648 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-11-08 17:34 - 2016-10-15 04:26 - 01472536 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-11-08 17:34 - 2016-10-15 04:26 - 01274712 ____C (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-08 17:34 - 2016-10-15 04:26 - 01062480 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-08 17:34 - 2016-10-15 04:26 - 00811416 ____C (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-11-08 17:34 - 2016-10-15 04:26 - 00691080 ____C (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-11-08 17:34 - 2016-10-15 04:22 - 01608896 ____C (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-08 17:34 - 2016-10-15 04:22 - 01461200 ____C (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-11-08 17:34 - 2016-10-15 04:22 - 01418312 ____C (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-08 17:34 - 2016-10-15 04:22 - 00628040 ____C (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-08 17:34 - 2016-10-15 04:18 - 00749920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-11-08 17:34 - 2016-10-15 04:18 - 00576400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-08 17:34 - 2016-10-15 04:18 - 00186424 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-08 17:34 - 2016-10-15 04:15 - 20969928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-08 17:34 - 2016-10-15 04:15 - 01557808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-11-08 17:34 - 2016-10-15 04:11 - 01424488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-08 17:34 - 2016-10-15 04:11 - 01263848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-08 17:34 - 2016-10-15 04:01 - 01631232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-11-08 17:34 - 2016-10-15 03:57 - 00186880 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-11-08 17:34 - 2016-10-15 03:56 - 00095232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-11-08 17:34 - 2016-10-15 03:56 - 00081408 ____C (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-11-08 17:34 - 2016-10-15 03:55 - 00236544 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-11-08 17:34 - 2016-10-15 03:55 - 00182784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-08 17:34 - 2016-10-15 03:54 - 00555008 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-08 17:34 - 2016-10-15 03:54 - 00211456 ____C (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-08 17:34 - 2016-10-15 03:54 - 00179712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-08 17:34 - 2016-10-15 03:54 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-11-08 17:34 - 2016-10-15 03:53 - 00744448 ____C (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-08 17:34 - 2016-10-15 03:53 - 00222720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-08 17:34 - 2016-10-15 03:53 - 00198144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-08 17:34 - 2016-10-15 03:53 - 00147456 ____C (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-11-08 17:34 - 2016-10-15 03:52 - 06285312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-11-08 17:34 - 2016-10-15 03:52 - 00274432 ____C (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-08 17:34 - 2016-10-15 03:50 - 17188352 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-11-08 17:34 - 2016-10-15 03:50 - 00509440 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-11-08 17:34 - 2016-10-15 03:49 - 09131008 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-08 17:34 - 2016-10-15 03:49 - 00495104 ____C (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-08 17:34 - 2016-10-15 03:49 - 00187904 ____C (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-11-08 17:34 - 2016-10-15 03:48 - 03778560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-08 17:34 - 2016-10-15 03:48 - 01323008 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-11-08 17:34 - 2016-10-15 03:47 - 01113600 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-11-08 17:34 - 2016-10-15 03:47 - 00558080 ____C (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-11-08 17:34 - 2016-10-15 03:46 - 00471552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-11-08 17:34 - 2016-10-15 03:45 - 00406016 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-11-08 17:34 - 2016-10-15 03:44 - 00747008 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-11-08 17:34 - 2016-10-15 03:44 - 00470016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-11-08 17:34 - 2016-10-15 03:43 - 00574976 ____C (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-11-08 17:34 - 2016-10-15 03:42 - 00539136 ____C (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-11-08 17:34 - 2016-10-15 03:42 - 00459776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-11-08 17:34 - 2016-10-15 03:42 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-08 17:34 - 2016-10-15 03:41 - 12174848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-08 17:34 - 2016-10-15 03:41 - 00496128 ____C (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-08 17:34 - 2016-10-15 03:41 - 00067584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-11-08 17:34 - 2016-10-15 03:40 - 13081600 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-08 17:34 - 2016-10-15 03:39 - 04749312 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-08 17:34 - 2016-10-15 03:39 - 03400192 ____C (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-08 17:34 - 2016-10-15 03:39 - 01228288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-08 17:34 - 2016-10-15 03:39 - 00982528 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-08 17:34 - 2016-10-15 03:38 - 07468032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-08 17:34 - 2016-10-15 03:38 - 01993216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-11-08 17:34 - 2016-10-15 03:38 - 00913920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-11-08 17:34 - 2016-10-15 03:38 - 00828416 ____C (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-08 17:34 - 2016-10-15 03:37 - 08075776 ____C (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-08 17:34 - 2016-10-15 03:37 - 01643008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-11-08 17:34 - 2016-10-15 03:36 - 03617792 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-08 17:34 - 2016-10-15 03:36 - 02290176 ____C (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-11-08 17:34 - 2016-10-15 03:36 - 01880576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-08 17:34 - 2016-10-15 03:35 - 00701952 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-11-08 17:34 - 2016-10-15 03:34 - 00842240 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-08 17:34 - 2016-10-15 03:31 - 00227328 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-11-08 17:34 - 2016-10-05 10:33 - 00128864 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-11-08 17:34 - 2016-10-05 10:31 - 02213248 ____C (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-11-08 17:34 - 2016-10-05 10:13 - 01859264 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-11-08 17:34 - 2016-10-05 10:09 - 01071728 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-11-08 17:34 - 2016-10-05 10:09 - 00064352 ____C (Avago Technologies) C:\WINDOWS\system32\Drivers\MegaSas2i.sys
2016-11-08 17:34 - 2016-10-05 10:03 - 01705976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-11-08 17:34 - 2016-10-05 09:51 - 01430720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-11-08 17:34 - 2016-10-05 09:34 - 00144896 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-11-08 17:34 - 2016-10-05 09:32 - 00379904 ____C (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-11-08 17:34 - 2016-10-05 09:25 - 01589248 ____C (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-11-08 17:34 - 2016-10-05 09:23 - 01908224 ____C (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-11-08 17:34 - 2016-10-05 09:23 - 00284672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-11-08 17:34 - 2016-10-05 09:23 - 00125952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-11-08 17:34 - 2016-10-05 09:18 - 01656832 ____C (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-11-08 17:34 - 2016-10-05 09:18 - 00983040 ____C (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-11-08 17:34 - 2016-10-05 09:18 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-11-08 17:34 - 2016-10-05 09:17 - 04136960 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-11-08 17:34 - 2016-10-05 09:16 - 00765440 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2016-11-08 17:34 - 2016-10-05 09:15 - 00774656 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-11-08 17:34 - 2016-10-05 09:14 - 01456640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-11-08 17:34 - 2016-10-05 09:13 - 01328128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-11-08 17:34 - 2016-10-05 09:13 - 00055808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-11-08 17:34 - 2016-10-05 09:12 - 00998912 ____C (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2016-11-08 17:34 - 2016-10-05 09:12 - 00924672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-11-08 17:34 - 2016-10-05 09:09 - 00691712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-11-08 17:34 - 2016-10-05 09:05 - 03105792 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-08 17:34 - 2016-10-05 00:01 - 00446124 ____C C:\WINDOWS\system32\ApnDatabase.xml
2016-11-08 17:34 - 2016-09-15 17:29 - 00823136 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2016-11-08 17:34 - 2016-09-15 17:29 - 00704352 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2016-11-08 17:34 - 2016-09-15 17:29 - 00603488 ____C (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-11-08 17:34 - 2016-09-15 17:29 - 00218008 ____C (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-11-08 17:34 - 2016-09-15 17:29 - 00169056 ____C (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2016-11-08 17:34 - 2016-09-15 17:29 - 00127328 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppVStrm.sys
2016-11-08 17:34 - 2016-09-15 17:29 - 00074080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-11-08 17:34 - 2016-09-15 17:29 - 00023392 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-11-08 17:34 - 2016-09-15 17:27 - 00434528 ____C (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-11-08 17:34 - 2016-09-15 17:27 - 00128352 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-11-08 17:34 - 2016-09-15 17:25 - 02681200 ____C C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-08 17:34 - 2016-09-15 17:25 - 00340320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-08 17:34 - 2016-09-15 17:25 - 00280472 ____C (Microsoft Corporation) C:\WINDOWS\system32\bdeunlock.exe
2016-11-08 17:34 - 2016-09-15 17:25 - 00262960 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-11-08 17:34 - 2016-09-15 17:24 - 00764936 ____C (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-11-08 17:34 - 2016-09-15 17:22 - 05722320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-11-08 17:34 - 2016-09-15 17:22 - 00975744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2016-11-08 17:34 - 2016-09-15 17:22 - 00860512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-11-08 17:34 - 2016-09-15 17:21 - 01000288 ____C (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-11-08 17:34 - 2016-09-15 17:16 - 07219672 ____C (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-11-08 17:34 - 2016-09-15 17:16 - 01292640 ____C (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-11-08 17:34 - 2016-09-15 17:15 - 00223584 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-11-08 17:34 - 2016-09-15 17:14 - 01415752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-08 17:34 - 2016-09-15 17:14 - 00435040 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-11-08 17:34 - 2016-09-15 17:11 - 01300600 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-11-08 17:34 - 2016-09-15 17:11 - 00862064 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-11-08 17:34 - 2016-09-15 17:11 - 00725664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2016-11-08 17:34 - 2016-09-15 17:07 - 01572768 ____C (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-08 17:34 - 2016-09-15 17:07 - 00128864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2016-11-08 17:34 - 2016-09-15 16:58 - 00248832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlancfg.dll
2016-11-08 17:34 - 2016-09-15 16:57 - 00374784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2016-11-08 17:34 - 2016-09-15 16:57 - 00237056 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2016-11-08 17:34 - 2016-09-15 16:57 - 00231936 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-08 17:34 - 2016-09-15 16:56 - 00298496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-11-08 17:34 - 2016-09-15 16:56 - 00262656 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2016-11-08 17:34 - 2016-09-15 16:56 - 00257536 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DataExchange.dll
2016-11-08 17:34 - 2016-09-15 16:55 - 00455168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll
2016-11-08 17:34 - 2016-09-15 16:55 - 00332288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-11-08 17:34 - 2016-09-15 16:55 - 00325120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-11-08 17:34 - 2016-09-15 16:55 - 00213504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2016-11-08 17:34 - 2016-09-15 16:55 - 00152064 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2016-11-08 17:34 - 2016-09-15 16:55 - 00114176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-11-08 17:34 - 2016-09-15 16:54 - 00747520 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2016-11-08 17:34 - 2016-09-15 16:54 - 00498688 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2016-11-08 17:34 - 2016-09-15 16:54 - 00431104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2016-11-08 17:34 - 2016-09-15 16:53 - 00340480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-11-08 17:34 - 2016-09-15 16:52 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-11-08 17:34 - 2016-09-15 16:51 - 00288256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2016-11-08 17:34 - 2016-09-15 16:49 - 00901120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-11-08 17:34 - 2016-09-15 16:49 - 00653312 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-11-08 17:34 - 2016-09-15 16:47 - 00366080 ____C (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-11-08 17:34 - 2016-09-15 16:43 - 03520512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2016-11-08 17:34 - 2016-09-15 16:42 - 00719872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll
2016-11-08 17:34 - 2016-09-15 16:42 - 00545792 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-11-08 17:34 - 2016-09-15 16:42 - 00049664 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll
2016-11-08 17:34 - 2016-09-15 16:41 - 00051200 ____C (Microsoft Corporation) C:\WINDOWS\system32\NfcRadioMedia.dll
2016-11-08 17:34 - 2016-09-15 16:40 - 02026496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-11-08 17:34 - 2016-09-15 16:40 - 00395264 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-11-08 17:34 - 2016-09-15 16:40 - 00140800 ____C (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2016-11-08 17:34 - 2016-09-15 16:40 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-11-08 17:34 - 2016-09-15 16:39 - 02740224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-11-08 17:34 - 2016-09-15 16:39 - 00827904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-11-08 17:34 - 2016-09-15 16:39 - 00408576 ____C (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-11-08 17:34 - 2016-09-15 16:39 - 00368640 ____C (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2016-11-08 17:34 - 2016-09-15 16:39 - 00295936 ____C (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2016-11-08 17:34 - 2016-09-15 16:38 - 00691200 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-11-08 17:34 - 2016-09-15 16:38 - 00671232 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetworkCollectionAgent.dll
2016-11-08 17:34 - 2016-09-15 16:38 - 00654336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2016-11-08 17:34 - 2016-09-15 16:38 - 00427008 ____C (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2016-11-08 17:34 - 2016-09-15 16:38 - 00349696 ____C (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2016-11-08 17:34 - 2016-09-15 16:38 - 00343552 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2016-11-08 17:34 - 2016-09-15 16:38 - 00171520 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2016-11-08 17:34 - 2016-09-15 16:37 - 01507840 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2016-11-08 17:34 - 2016-09-15 16:37 - 00680448 ____C (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2016-11-08 17:34 - 2016-09-15 16:37 - 00296448 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlancfg.dll
2016-11-08 17:34 - 2016-09-15 16:37 - 00171520 ____C (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2016-11-08 17:34 - 2016-09-15 16:36 - 00719360 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-11-08 17:34 - 2016-09-15 16:36 - 00686592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2016-11-08 17:34 - 2016-09-15 16:36 - 00640000 ____C (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-11-08 17:34 - 2016-09-15 16:36 - 00456192 ____C (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-11-08 17:34 - 2016-09-15 16:36 - 00448512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2016-11-08 17:34 - 2016-09-15 16:36 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-11-08 17:34 - 2016-09-15 16:36 - 00324608 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-08 17:34 - 2016-09-15 16:36 - 00324608 ____C (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-11-08 17:34 - 2016-09-15 16:35 - 00496128 ____C (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2016-11-08 17:34 - 2016-09-15 16:35 - 00337408 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2016-11-08 17:34 - 2016-09-15 16:35 - 00305152 ____C (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2016-11-08 17:34 - 2016-09-15 16:34 - 00642048 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-11-08 17:34 - 2016-09-15 16:34 - 00441856 ____C (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-11-08 17:34 - 2016-09-15 16:33 - 01004032 ____C (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-11-08 17:34 - 2016-09-15 16:33 - 00963584 ____C (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2016-11-08 17:34 - 2016-09-15 16:32 - 01037312 ____C (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2016-11-08 17:34 - 2016-09-15 16:31 - 00090624 ____C (Microsoft Corporation) C:\WINDOWS\system32\pwrshplugin.dll
2016-11-08 17:34 - 2016-09-15 16:30 - 01639424 ____C (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-11-08 17:34 - 2016-09-15 16:30 - 01403392 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-11-08 17:34 - 2016-09-15 16:29 - 00156672 ____C (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe
2016-11-08 17:34 - 2016-09-15 16:27 - 01078784 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-11-08 17:34 - 2016-09-15 16:27 - 00796672 ____C (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-11-08 17:34 - 2016-09-15 16:27 - 00627200 ____C (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2016-11-08 17:34 - 2016-09-15 16:26 - 00279552 ____C (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-11-08 17:34 - 2016-09-15 16:25 - 01217024 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-11-08 17:34 - 2016-09-15 16:25 - 00411648 ____C (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-11-08 17:34 - 2016-09-15 16:24 - 04596224 ____C (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2016-11-08 17:34 - 2016-09-15 16:23 - 01361408 ____C (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-11-08 17:34 - 2016-09-15 16:23 - 01040896 ____C (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2016-11-08 17:34 - 2016-09-15 16:23 - 00650752 ____C (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-11-08 17:34 - 2016-09-15 16:23 - 00611328 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-11-08 17:34 - 2016-09-15 16:23 - 00347648 ____C (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-11-08 17:34 - 2016-09-15 16:22 - 00770560 ____C (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-08 17:34 - 2016-09-15 16:20 - 02095616 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-11-08 17:34 - 2016-09-15 16:19 - 01424896 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2016-11-08 17:34 - 2016-09-15 16:18 - 01369088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2016-11-08 17:34 - 2016-09-10 13:21 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-11-08 17:34 - 2016-09-07 05:48 - 02256224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-08 17:34 - 2016-09-07 05:48 - 00379744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-11-08 17:34 - 2016-09-07 05:44 - 02049480 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-11-08 17:34 - 2016-09-07 05:33 - 00450392 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-11-08 17:34 - 2016-09-07 05:29 - 00595488 ____C (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-11-08 17:34 - 2016-09-07 05:29 - 00523712 ____C (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2016-11-08 17:34 - 2016-09-07 05:27 - 01362504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2016-11-08 17:34 - 2016-09-07 05:13 - 00640976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-11-08 17:34 - 2016-09-07 05:12 - 00321792 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-11-08 17:34 - 2016-09-07 04:58 - 00208896 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2016-11-08 17:34 - 2016-09-07 04:56 - 00223744 ____C (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-11-08 17:34 - 2016-09-07 04:55 - 00781824 ____C (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-11-08 17:34 - 2016-09-07 04:54 - 00678912 ____C (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-11-08 17:34 - 2016-09-07 04:54 - 00468992 ____C (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-11-08 17:34 - 2016-09-07 04:54 - 00461312 ____C (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-11-08 17:34 - 2016-09-07 04:54 - 00285184 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-08 17:34 - 2016-09-07 04:53 - 00253952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-08 17:34 - 2016-09-07 04:50 - 01755136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-11-08 17:34 - 2016-09-07 04:50 - 00866816 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-08 17:34 - 2016-09-07 04:46 - 00846336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2016-11-08 17:34 - 2016-09-07 04:46 - 00755200 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-11-08 17:34 - 2016-09-07 04:41 - 01891328 ____C (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-11-08 17:34 - 2016-09-07 04:40 - 01312768 ____C (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2016-11-08 17:34 - 2016-09-07 04:38 - 01555456 ____C (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-11-08 17:34 - 2016-09-07 04:37 - 02370048 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-11-08 17:34 - 2016-09-07 04:37 - 00540160 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-11-08 17:34 - 2016-09-07 04:35 - 03299328 ____C (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-08 17:34 - 2016-09-07 04:33 - 00058368 ____C (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-11-08 17:34 - 2016-09-07 04:31 - 01293312 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-11-08 17:34 - 2016-08-27 05:12 - 00244816 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-11-08 17:34 - 2016-08-20 06:06 - 00108384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-11-08 17:34 - 2016-08-20 05:20 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-11-08 17:34 - 2016-08-20 05:17 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-11-08 17:34 - 2016-08-20 05:11 - 00410624 ____C (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-11-08 17:34 - 2016-08-20 05:08 - 00204288 ____C (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-11-08 17:34 - 2016-08-20 05:06 - 00389632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-11-08 17:34 - 2016-08-06 04:13 - 01847048 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-11-08 17:34 - 2016-08-06 04:13 - 01453992 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-11-08 17:34 - 2016-08-06 04:13 - 00044472 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-11-08 17:34 - 2016-08-06 04:08 - 00313560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-11-08 17:34 - 2016-08-06 03:48 - 00015360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2016-11-08 17:34 - 2016-08-06 03:47 - 00034304 ____C (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-11-08 17:34 - 2016-08-06 03:45 - 00066560 ____C (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-11-08 17:34 - 2016-08-06 03:45 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-11-08 17:34 - 2016-08-06 03:45 - 00029696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-11-08 17:34 - 2016-08-06 03:45 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2016-11-08 17:34 - 2016-08-06 03:44 - 00061440 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-11-08 17:34 - 2016-08-06 03:43 - 00280064 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-11-08 17:34 - 2016-08-06 03:41 - 00243712 ____C (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-11-08 17:34 - 2016-08-06 03:41 - 00231424 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2016-11-08 17:34 - 2016-08-06 03:40 - 00259584 ____C (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-08 17:34 - 2016-08-06 03:40 - 00083968 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2016-11-08 17:34 - 2016-08-06 03:39 - 00181760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2016-11-08 17:34 - 2016-08-06 03:37 - 00253952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-11-08 17:34 - 2016-08-06 03:35 - 00471552 ____C (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-11-08 17:34 - 2016-08-02 08:44 - 00114192 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-11-08 17:34 - 2016-08-02 08:20 - 00210944 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-08 17:34 - 2016-08-02 08:14 - 00289792 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-11-08 17:33 - 2016-10-15 05:11 - 00484584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 02186896 ____C (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 01637728 ____C (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 01235296 ____C (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 00595296 ____C (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 00584032 ____C (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 00322912 ____C (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 00232800 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 00137568 ____C (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 00078688 ____C (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-11-08 17:33 - 2016-10-15 04:43 - 01356352 ____C (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-11-08 17:33 - 2016-10-15 04:41 - 05622088 ____C (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-11-08 17:33 - 2016-10-15 04:38 - 00500064 ____C (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-11-08 17:33 - 2016-10-15 04:34 - 01969912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-11-08 17:33 - 2016-10-15 04:32 - 01570680 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-08 17:33 - 2016-10-15 04:31 - 02827864 ____C (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-11-08 17:33 - 2016-10-15 04:30 - 00682816 ____C (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-08 17:33 - 2016-10-15 04:30 - 00509280 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-11-08 17:33 - 2016-10-15 04:30 - 00341936 ____C (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-11-08 17:33 - 2016-10-15 04:30 - 00238056 ____C (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-08 17:33 - 2016-10-15 04:29 - 02913104 ____C (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-11-08 17:33 - 2016-10-15 04:29 - 00908640 ____C (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-11-08 17:33 - 2016-10-15 04:29 - 00079200 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-11-08 17:33 - 2016-10-15 04:26 - 01600632 ____C (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-11-08 17:33 - 2016-10-15 04:21 - 00292872 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-11-08 17:33 - 2016-10-15 04:14 - 04311736 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-08 17:33 - 2016-10-15 04:10 - 00254656 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-11-08 17:33 - 2016-10-15 04:06 - 05685760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-11-08 17:33 - 2016-10-15 04:05 - 07216640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-11-08 17:33 - 2016-10-15 04:00 - 01631232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-11-08 17:33 - 2016-10-15 04:00 - 00048640 ____C (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-11-08 17:33 - 2016-10-15 04:00 - 00018432 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-11-08 17:33 - 2016-10-15 03:59 - 00272384 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-11-08 17:33 - 2016-10-15 03:59 - 00187904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-11-08 17:33 - 2016-10-15 03:59 - 00130560 ____C (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-11-08 17:33 - 2016-10-15 03:58 - 00258560 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-11-08 17:33 - 2016-10-15 03:58 - 00032768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-08 17:33 - 2016-10-15 03:57 - 00217600 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-11-08 17:33 - 2016-10-15 03:57 - 00175104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-11-08 17:33 - 2016-10-15 03:56 - 00339968 ____C (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-11-08 17:33 - 2016-10-15 03:56 - 00306688 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-11-08 17:33 - 2016-10-15 03:56 - 00065024 ____C (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-11-08 17:33 - 2016-10-15 03:55 - 00567296 ____C (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-08 17:33 - 2016-10-15 03:55 - 00126464 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-11-08 17:33 - 2016-10-15 03:54 - 00717312 ____C (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-11-08 17:33 - 2016-10-15 03:54 - 00217088 ____C (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-11-08 17:33 - 2016-10-15 03:54 - 00102912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-11-08 17:33 - 2016-10-15 03:53 - 00549376 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-08 17:33 - 2016-10-15 03:53 - 00240640 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-08 17:33 - 2016-10-15 03:52 - 00432128 ____C (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-08 17:33 - 2016-10-15 03:52 - 00163328 ____C (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-11-08 17:33 - 2016-10-15 03:52 - 00115200 ____C (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-08 17:33 - 2016-10-15 03:51 - 13868544 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-11-08 17:33 - 2016-10-15 03:50 - 02716672 ____C (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-11-08 17:33 - 2016-10-15 03:50 - 00090112 ____C (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-11-08 17:33 - 2016-10-15 03:50 - 00074752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-11-08 17:33 - 2016-10-15 03:49 - 01913344 ____C (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-11-08 17:33 - 2016-10-15 03:49 - 00838144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-11-08 17:33 - 2016-10-15 03:49 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-11-08 17:33 - 2016-10-15 03:48 - 01554944 ____C (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-11-08 17:33 - 2016-10-15 03:48 - 01054208 ____C (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-11-08 17:33 - 2016-10-15 03:47 - 07792640 ____C (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-11-08 17:33 - 2016-10-15 03:47 - 07626752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-08 17:33 - 2016-10-15 03:46 - 03287552 ____C (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-11-08 17:33 - 2016-10-15 03:46 - 00336896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-08 17:33 - 2016-10-15 03:44 - 00465920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-08 17:33 - 2016-10-15 03:44 - 00090112 ____C (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-11-08 17:33 - 2016-10-15 03:43 - 02748928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-11-08 17:33 - 2016-10-15 03:43 - 00078336 ____C (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-11-08 17:33 - 2016-10-15 03:42 - 12349440 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-08 17:33 - 2016-10-15 03:42 - 06108672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-11-08 17:33 - 2016-10-15 03:42 - 00130560 ____C (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-08 17:33 - 2016-10-15 03:42 - 00090624 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-08 17:33 - 2016-10-15 03:41 - 07654912 ____C (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-11-08 17:33 - 2016-10-15 03:41 - 05376000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-11-08 17:33 - 2016-10-15 03:41 - 00940032 ____C (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-08 17:33 - 2016-10-15 03:41 - 00655872 ____C (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-08 17:33 - 2016-10-15 03:40 - 00779776 ____C (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-11-08 17:33 - 2016-10-15 03:39 - 00869888 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-11-08 17:33 - 2016-10-15 03:39 - 00357376 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-11-08 17:33 - 2016-10-15 03:39 - 00109568 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-08 17:33 - 2016-10-15 03:39 - 00079360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-08 17:33 - 2016-10-15 03:38 - 13441024 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-08 17:33 - 2016-10-15 03:38 - 00675840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-11-08 17:33 - 2016-10-15 03:37 - 04708864 ____C (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-08 17:33 - 2016-10-15 03:37 - 02611200 ____C (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-08 17:33 - 2016-10-15 03:37 - 02256896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-08 17:33 - 2016-10-15 03:37 - 01980416 ____C (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-11-08 17:33 - 2016-10-15 03:37 - 00715264 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-11-08 17:33 - 2016-10-15 03:37 - 00093184 ____C (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-11-08 17:33 - 2016-10-15 03:36 - 02512384 ____C (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-08 17:33 - 2016-10-15 03:36 - 00881664 ____C (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-08 17:33 - 2016-10-15 03:36 - 00792064 ____C (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-11-08 17:33 - 2016-10-15 03:36 - 00629248 ____C (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-08 17:33 - 2016-10-15 03:36 - 00542208 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-11-08 17:33 - 2016-10-15 03:36 - 00347136 ____C (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-11-08 17:33 - 2016-10-15 03:36 - 00338944 ____C (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-11-08 17:33 - 2016-10-15 03:36 - 00081408 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-11-08 17:33 - 2016-10-15 03:35 - 03054080 ____C (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-11-08 17:33 - 2016-10-15 03:35 - 02999808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-08 17:33 - 2016-10-15 03:35 - 02708992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-11-08 17:33 - 2016-10-15 03:35 - 02315264 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-11-08 17:33 - 2016-10-15 03:35 - 00772608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-08 17:33 - 2016-10-15 03:35 - 00760832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-11-08 17:33 - 2016-10-15 03:35 - 00483328 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-08 17:33 - 2016-10-15 03:35 - 00391168 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-11-08 17:33 - 2016-10-15 03:35 - 00389632 ____C (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-08 17:33 - 2016-10-15 03:34 - 02688512 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-08 17:33 - 2016-10-15 03:34 - 01726976 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-08 17:33 - 2016-10-05 10:17 - 01322848 ____C (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-11-08 17:33 - 2016-10-05 10:12 - 02446696 ____C (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-11-08 17:33 - 2016-10-05 09:38 - 00237568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2016-11-08 17:33 - 2016-10-05 09:36 - 00073216 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-11-08 17:33 - 2016-10-05 09:35 - 00352768 ____C (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2016-11-08 17:33 - 2016-10-05 09:35 - 00122880 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-11-08 17:33 - 2016-10-05 09:33 - 00651264 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2016-11-08 17:33 - 2016-10-05 09:33 - 00268800 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-11-08 17:33 - 2016-10-05 09:32 - 00223744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2016-11-08 17:33 - 2016-10-05 09:31 - 00561664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2016-11-08 17:33 - 2016-10-05 09:31 - 00425472 ____C (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-11-08 17:33 - 2016-10-05 09:31 - 00176128 ____C (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-11-08 17:33 - 2016-10-05 09:30 - 00396800 ____C (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-11-08 17:33 - 2016-10-05 09:29 - 00368640 ____C (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-11-08 17:33 - 2016-10-05 09:28 - 03059200 ____C (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-11-08 17:33 - 2016-10-05 09:28 - 00156672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2016-11-08 17:33 - 2016-10-05 09:28 - 00123904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2016-11-08 17:33 - 2016-10-05 09:27 - 00945664 ____C (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-11-08 17:33 - 2016-10-05 09:26 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-11-08 17:33 - 2016-10-05 09:26 - 00137216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2016-11-08 17:33 - 2016-10-05 09:26 - 00088576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2016-11-08 17:33 - 2016-10-05 09:25 - 00404992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2016-11-08 17:33 - 2016-10-05 09:25 - 00117760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-11-08 17:33 - 2016-10-05 09:23 - 00431616 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-11-08 17:33 - 2016-10-05 09:23 - 00426496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2016-11-08 17:33 - 2016-10-05 09:23 - 00187904 ____C (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2016-11-08 17:33 - 2016-10-05 09:22 - 00073216 ____C (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-11-08 17:33 - 2016-10-05 09:20 - 00936960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-11-08 17:33 - 2016-10-05 09:20 - 00661504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-11-08 17:33 - 2016-10-05 09:17 - 02914304 ____C (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-11-08 17:33 - 2016-10-05 09:17 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-11-08 17:33 - 2016-10-05 09:16 - 06664192 ____C (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-11-08 17:33 - 2016-10-05 09:15 - 02800128 ____C (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-11-08 17:33 - 2016-10-05 09:15 - 00833024 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-11-08 17:33 - 2016-10-05 09:12 - 01107456 ____C (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-11-08 17:33 - 2016-10-05 09:11 - 03496960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-08 17:33 - 2016-10-05 09:09 - 03369984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-11-08 17:33 - 2016-10-05 09:08 - 00598528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-11-08 17:33 - 2016-10-05 09:07 - 02682880 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-11-08 17:33 - 2016-10-05 09:07 - 00589312 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2016-11-08 17:33 - 2016-10-05 09:06 - 01013248 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-11-08 17:33 - 2016-10-05 09:05 - 00751104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-11-08 17:33 - 2016-09-15 17:33 - 00083120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-11-08 17:33 - 2016-09-15 17:32 - 02048496 ____C C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-11-08 17:33 - 2016-09-15 17:30 - 00354264 ____C (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-11-08 17:33 - 2016-09-15 17:29 - 01117024 ____C (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2016-11-08 17:33 - 2016-09-15 17:29 - 00512416 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2016-11-08 17:33 - 2016-09-15 17:26 - 00090400 ____C (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-11-08 17:33 - 2016-09-15 17:18 - 00328008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-11-08 17:33 - 2016-09-15 17:16 - 00527808 ____C (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-11-08 17:33 - 2016-09-15 17:15 - 00649568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-11-08 17:33 - 2016-09-15 17:14 - 01100128 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-11-08 17:33 - 2016-09-15 17:14 - 00988512 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-11-08 17:33 - 2016-09-15 17:14 - 00947552 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-11-08 17:33 - 2016-09-15 17:13 - 00113504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2016-11-08 17:33 - 2016-09-15 17:12 - 08158672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-08 17:33 - 2016-09-15 17:06 - 00387872 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2016-11-08 17:33 - 2016-09-15 17:03 - 00067584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll
2016-11-08 17:33 - 2016-09-15 17:03 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2016-11-08 17:33 - 2016-09-15 17:01 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2016-11-08 17:33 - 2016-09-15 17:00 - 00518656 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-11-08 17:33 - 2016-09-15 17:00 - 00138240 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-11-08 17:33 - 2016-09-15 16:58 - 00203776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-11-08 17:33 - 2016-09-15 16:58 - 00129024 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2016-11-08 17:33 - 2016-09-15 16:58 - 00059904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2016-11-08 17:33 - 2016-09-15 16:56 - 01300480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2016-11-08 17:33 - 2016-09-15 16:56 - 00670208 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2016-11-08 17:33 - 2016-09-15 16:56 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManagerApi.dll
2016-11-08 17:33 - 2016-09-15 16:55 - 01243136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2016-11-08 17:33 - 2016-09-15 16:55 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-11-08 17:33 - 2016-09-15 16:55 - 00562176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2016-11-08 17:33 - 2016-09-15 16:55 - 00386048 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2016-11-08 17:33 - 2016-09-15 16:55 - 00185856 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2016-11-08 17:33 - 2016-09-15 16:55 - 00175616 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-11-08 17:33 - 2016-09-15 16:54 - 00391168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-11-08 17:33 - 2016-09-15 16:53 - 00466432 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-11-08 17:33 - 2016-09-15 16:53 - 00314368 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2016-11-08 17:33 - 2016-09-15 16:53 - 00284672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2016-11-08 17:33 - 2016-09-15 16:52 - 00445952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprapi.dll
2016-11-08 17:33 - 2016-09-15 16:52 - 00238080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-11-08 17:33 - 2016-09-15 16:47 - 00355328 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2016-11-08 17:33 - 2016-09-15 16:47 - 00134656 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
2016-11-08 17:33 - 2016-09-15 16:46 - 00713216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2016-11-08 17:33 - 2016-09-15 16:45 - 02642944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2016-11-08 17:33 - 2016-09-15 16:45 - 00248832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2016-11-08 17:33 - 2016-09-15 16:44 - 02153984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-11-08 17:33 - 2016-09-15 16:44 - 00209920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2016-11-08 17:33 - 2016-09-15 16:43 - 03196416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-08 17:33 - 2016-09-15 16:43 - 00433664 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
2016-11-08 17:33 - 2016-09-15 16:43 - 00036864 ____C (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2016-11-08 17:33 - 2016-09-15 16:43 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2016-11-08 17:33 - 2016-09-15 16:42 - 00492544 ____C (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2016-11-08 17:33 - 2016-09-15 16:42 - 00123904 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2016-11-08 17:33 - 2016-09-15 16:41 - 00259072 ____C (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2016-11-08 17:33 - 2016-09-15 16:41 - 00185344 ____C (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-11-08 17:33 - 2016-09-15 16:41 - 00156160 ____C (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2016-11-08 17:33 - 2016-09-15 16:41 - 00108032 ____C (Microsoft Corporation) C:\WINDOWS\system32\Family.Authentication.dll
2016-11-08 17:33 - 2016-09-15 16:41 - 00090624 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2016-11-08 17:33 - 2016-09-15 16:40 - 02138112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-11-08 17:33 - 2016-09-15 16:40 - 01988096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2016-11-08 17:33 - 2016-09-15 16:40 - 01656320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2016-11-08 17:33 - 2016-09-15 16:40 - 00348160 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2016-11-08 17:33 - 2016-09-15 16:40 - 00094720 ____C (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-08 17:33 - 2016-09-15 16:39 - 01004544 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-11-08 17:33 - 2016-09-15 16:39 - 00418304 ____C C:\WINDOWS\system32\Windows.Perception.Stub.dll
2016-11-08 17:33 - 2016-09-15 16:38 - 00773120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2016-11-08 17:33 - 2016-09-15 16:38 - 00730112 ____C (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-11-08 17:33 - 2016-09-15 16:38 - 00620544 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-11-08 17:33 - 2016-09-15 16:38 - 00573952 ____C (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrGidsHandler.dll
2016-11-08 17:33 - 2016-09-15 16:38 - 00505856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2016-11-08 17:33 - 2016-09-15 16:38 - 00243712 ____C (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-11-08 17:33 - 2016-09-15 16:38 - 00208896 ____C (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-11-08 17:33 - 2016-09-15 16:38 - 00205824 ____C (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2016-11-08 17:33 - 2016-09-15 16:38 - 00125952 ____C (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-11-08 17:33 - 2016-09-15 16:37 - 00912384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2016-11-08 17:33 - 2016-09-15 16:37 - 00390144 ____C (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2016-11-08 17:33 - 2016-09-15 16:37 - 00321024 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-08 17:33 - 2016-09-15 16:36 - 00407552 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-11-08 17:33 - 2016-09-15 16:36 - 00358912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2016-11-08 17:33 - 2016-09-15 16:36 - 00349184 ____C (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2016-11-08 17:33 - 2016-09-15 16:36 - 00310784 ____C (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2016-11-08 17:33 - 2016-09-15 16:36 - 00216576 ____C (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-11-08 17:33 - 2016-09-15 16:36 - 00125952 ____C (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-11-08 17:33 - 2016-09-15 16:35 - 01087488 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2016-11-08 17:33 - 2016-09-15 16:35 - 01013248 ____C (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-11-08 17:33 - 2016-09-15 16:35 - 00280064 ____C (Microsoft Corporation) C:\WINDOWS\system32\DataExchange.dll
2016-11-08 17:33 - 2016-09-15 16:35 - 00252416 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2016-11-08 17:33 - 2016-09-15 16:35 - 00168960 ____C (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-11-08 17:33 - 2016-09-15 16:34 - 00424960 ____C (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-11-08 17:33 - 2016-09-15 16:33 - 03753984 ____C (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2016-11-08 17:33 - 2016-09-15 16:33 - 00560128 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-11-08 17:33 - 2016-09-15 16:33 - 00512000 ____C (Microsoft Corporation) C:\WINDOWS\system32\mprapi.dll
2016-11-08 17:33 - 2016-09-15 16:30 - 00713216 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-11-08 17:33 - 2016-09-15 16:30 - 00458752 ____C (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2016-11-08 17:33 - 2016-09-15 16:30 - 00175616 ____C (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-11-08 17:33 - 2016-09-15 16:30 - 00169984 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2016-11-08 17:33 - 2016-09-15 16:30 - 00104960 ____C (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-11-08 17:33 - 2016-09-15 16:29 - 01105408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2016-11-08 17:33 - 2016-09-15 16:29 - 01082368 ____C (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-11-08 17:33 - 2016-09-15 16:29 - 00715264 ____C (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-11-08 17:33 - 2016-09-15 16:29 - 00329728 ____C (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-11-08 17:33 - 2016-09-15 16:28 - 00442368 ____C (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-11-08 17:33 - 2016-09-15 16:27 - 05111296 ____C (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-08 17:33 - 2016-09-15 16:27 - 02860032 ____C (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-11-08 17:33 - 2016-09-15 16:27 - 00582656 ____C (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2016-11-08 17:33 - 2016-09-15 16:27 - 00250368 ____C (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2016-11-08 17:33 - 2016-09-15 16:27 - 00070656 ____C (Microsoft Corporation) C:\WINDOWS\system32\Sens.dll
2016-11-08 17:33 - 2016-09-15 16:26 - 00374784 ____C (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-11-08 17:33 - 2016-09-15 16:26 - 00361472 ____C (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2016-11-08 17:33 - 2016-09-15 16:26 - 00112128 ____C (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-11-08 17:33 - 2016-09-15 16:25 - 00947200 ____C (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2016-11-08 17:33 - 2016-09-15 16:25 - 00628736 ____C (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-11-08 17:33 - 2016-09-15 16:25 - 00130560 ____C (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2016-11-08 17:33 - 2016-09-15 16:24 - 00800768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-11-08 17:33 - 2016-09-15 16:24 - 00538624 ____C (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-11-08 17:33 - 2016-09-15 16:23 - 03405824 ____C (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2016-11-08 17:33 - 2016-09-15 16:23 - 01020928 ____C (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-11-08 17:33 - 2016-09-15 16:22 - 05611008 ____C (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-11-08 17:33 - 2016-09-15 16:22 - 01709056 ____C (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-11-08 17:33 - 2016-09-15 16:22 - 01586176 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-08 17:33 - 2016-09-15 16:22 - 00960000 ____C (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-11-08 17:33 - 2016-09-15 16:22 - 00857600 ____C (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2016-11-08 17:33 - 2016-09-15 16:22 - 00376832 ____C (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-11-08 17:33 - 2016-09-15 16:21 - 02538496 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2016-11-08 17:33 - 2016-09-15 16:21 - 02208768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-11-08 17:33 - 2016-09-15 16:21 - 00971264 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-11-08 17:33 - 2016-09-15 16:20 - 01710080 ____C (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-11-08 17:33 - 2016-09-15 16:20 - 01275392 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-11-08 17:33 - 2016-09-15 16:20 - 01266176 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-11-08 17:33 - 2016-09-15 16:20 - 00875520 ____C (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-11-08 17:33 - 2016-09-15 16:19 - 01130496 ____C (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-11-08 17:33 - 2016-09-15 16:19 - 00903680 ____C (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2016-11-08 17:33 - 2016-09-15 16:19 - 00730112 ____C (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-11-08 17:33 - 2016-09-15 16:18 - 00455168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-11-08 17:33 - 2016-09-15 16:17 - 00180224 ____C (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-11-08 17:33 - 2016-09-15 16:16 - 01817088 ____C (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-11-08 17:33 - 2016-09-15 16:16 - 00035328 ____C (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2016-11-08 17:33 - 2016-09-07 05:53 - 02481768 ____C (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-11-08 17:33 - 2016-09-07 05:34 - 00857440 ____C (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-11-08 17:33 - 2016-09-07 05:33 - 00681304 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2016-11-08 17:33 - 2016-09-07 05:29 - 00118112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys
2016-11-08 17:33 - 2016-09-07 05:17 - 00782176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-11-08 17:33 - 2016-09-07 05:13 - 00529928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-11-08 17:33 - 2016-09-07 05:02 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\system32\PhoneServiceRes.dll
2016-11-08 17:33 - 2016-09-07 05:02 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2016-11-08 17:33 - 2016-09-07 05:00 - 00009728 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-11-08 17:33 - 2016-09-07 05:00 - 00009216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-11-08 17:33 - 2016-09-07 04:59 - 00409088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2016-11-08 17:33 - 2016-09-07 04:59 - 00110080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2016-11-08 17:33 - 2016-09-07 04:59 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-11-08 17:33 - 2016-09-07 04:58 - 00133632 ____C (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2016-11-08 17:33 - 2016-09-07 04:58 - 00058880 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-11-08 17:33 - 2016-09-07 04:56 - 00349184 ____C (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-11-08 17:33 - 2016-09-07 04:56 - 00116224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-11-08 17:33 - 2016-09-07 04:55 - 06574592 ____C (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-11-08 17:33 - 2016-09-07 04:55 - 00070656 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-11-08 17:33 - 2016-09-07 04:54 - 00057344 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2016-11-08 17:33 - 2016-09-07 04:53 - 00091648 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2016-11-08 17:33 - 2016-09-07 04:52 - 00536576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-11-08 17:33 - 2016-09-07 04:52 - 00331264 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-11-08 17:33 - 2016-09-07 04:52 - 00289280 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-11-08 17:33 - 2016-09-07 04:52 - 00243712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2016-11-08 17:33 - 2016-09-07 04:52 - 00104448 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2016-11-08 17:33 - 2016-09-07 04:50 - 00282624 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-11-08 17:33 - 2016-09-07 04:50 - 00235008 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2016-11-08 17:33 - 2016-09-07 04:49 - 00409088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-11-08 17:33 - 2016-09-07 04:47 - 00197120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2016-11-08 17:33 - 2016-09-07 04:46 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-11-08 17:33 - 2016-09-07 04:46 - 00295424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2016-11-08 17:33 - 2016-09-07 04:45 - 00248320 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-11-08 17:33 - 2016-09-07 04:41 - 05511680 ____C (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-11-08 17:33 - 2016-09-07 04:40 - 01282048 ____C (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-08 17:33 - 2016-09-07 04:39 - 05384192 ____C (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2016-11-08 17:33 - 2016-09-07 04:39 - 03116544 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-11-08 17:33 - 2016-09-07 04:37 - 01062912 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-11-08 17:33 - 2016-09-07 04:36 - 02423296 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll
2016-11-08 17:33 - 2016-09-07 04:36 - 02360832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-11-08 17:33 - 2016-09-07 04:35 - 02107392 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-11-08 17:33 - 2016-09-07 04:35 - 00650240 ____C (Microsoft) C:\WINDOWS\system32\DbgModel.dll
2016-11-08 17:33 - 2016-09-07 04:34 - 00860672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-11-08 17:33 - 2016-09-07 04:34 - 00444416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-11-08 17:33 - 2016-08-27 04:44 - 00027136 ____C (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-11-08 17:33 - 2016-08-27 04:43 - 00022528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll
2016-11-08 17:33 - 2016-08-20 05:22 - 00028672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-11-08 17:33 - 2016-08-20 05:21 - 00227840 ____C (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2016-11-08 17:33 - 2016-08-20 05:21 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-11-08 17:33 - 2016-08-20 05:21 - 00014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-11-08 17:33 - 2016-08-20 05:20 - 00119808 ____C (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-11-08 17:33 - 2016-08-20 05:20 - 00085504 ____C (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-11-08 17:33 - 2016-08-20 05:20 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-11-08 17:33 - 2016-08-20 05:20 - 00017408 ____C (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-11-08 17:33 - 2016-08-20 05:19 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-11-08 17:33 - 2016-08-20 05:19 - 00083968 ____C (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-11-08 17:33 - 2016-08-20 05:18 - 00200704 ____C (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-11-08 17:33 - 2016-08-20 05:18 - 00066048 ____C (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-11-08 17:33 - 2016-08-20 05:17 - 00235008 ____C (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-11-08 17:33 - 2016-08-20 05:15 - 00295424 ____C (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-11-08 17:33 - 2016-08-20 05:14 - 00225280 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL
2016-11-08 17:33 - 2016-08-20 05:14 - 00086016 ____C (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-11-08 17:33 - 2016-08-20 05:14 - 00014336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL
2016-11-08 17:33 - 2016-08-20 05:14 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL
2016-11-08 17:33 - 2016-08-20 05:06 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-11-08 17:33 - 2016-08-20 05:04 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-11-08 17:33 - 2016-08-20 04:58 - 00020480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll
2016-11-08 17:33 - 2016-08-20 04:56 - 00020992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll
2016-11-08 17:33 - 2016-08-19 01:33 - 00162850 ____C C:\WINDOWS\system32\C_932.NLS
2016-11-08 17:33 - 2016-08-06 04:31 - 00041824 ____C (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-11-08 17:33 - 2016-08-06 04:29 - 00199008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-11-08 17:33 - 2016-08-06 04:18 - 00396168 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-11-08 17:33 - 2016-08-06 04:16 - 00026408 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-11-08 17:33 - 2016-08-06 03:48 - 00032768 ____C (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-11-08 17:33 - 2016-08-06 03:48 - 00015872 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-11-08 17:33 - 2016-08-06 03:48 - 00011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-11-08 17:33 - 2016-08-06 03:48 - 00010752 ____C (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-11-08 17:33 - 2016-08-06 03:48 - 00009216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-11-08 17:33 - 2016-08-06 03:48 - 00005120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-11-08 17:33 - 2016-08-06 03:48 - 00005120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-11-08 17:33 - 2016-08-06 03:47 - 00043008 ____C (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-08 17:33 - 2016-08-06 03:47 - 00027648 ____C (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-11-08 17:33 - 2016-08-06 03:47 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-11-08 17:33 - 2016-08-06 03:47 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-11-08 17:33 - 2016-08-06 03:46 - 09260032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-11-08 17:33 - 2016-08-06 03:46 - 09260032 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-11-08 17:33 - 2016-08-06 03:46 - 00057344 ____C (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-11-08 17:33 - 2016-08-06 03:46 - 00047104 ____C (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-11-08 17:33 - 2016-08-06 03:45 - 00226304 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2016-11-08 17:33 - 2016-08-06 03:45 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-11-08 17:33 - 2016-08-06 03:43 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-11-08 17:33 - 2016-08-06 03:41 - 00462336 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-11-08 17:33 - 2016-08-06 03:41 - 00412160 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-11-08 17:33 - 2016-08-06 03:41 - 00068096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2016-11-08 17:33 - 2016-08-06 03:40 - 00234496 ____C (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-11-08 17:33 - 2016-08-06 03:39 - 00298496 ____C (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-11-08 17:33 - 2016-08-06 03:39 - 00295424 ____C (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-11-08 17:33 - 2016-08-06 03:38 - 00320000 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-11-08 17:33 - 2016-08-06 03:38 - 00049152 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-08 17:33 - 2016-08-06 03:34 - 00023552 ____C (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-11-08 17:33 - 2016-08-06 03:33 - 00020992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-11-08 17:33 - 2016-08-06 03:23 - 00520192 ____C (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-11-08 17:33 - 2016-08-05 08:29 - 00568832 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-11-08 17:33 - 2016-08-05 08:29 - 00019968 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2016-11-08 17:33 - 2016-08-02 04:47 - 00079536 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-11-08 17:33 - 2016-08-02 04:36 - 00150528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-08 17:33 - 2016-07-22 01:25 - 00389000 ____C (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-11-08 17:32 - 2016-10-15 04:51 - 00590960 ____C (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-08 17:32 - 2016-10-15 04:51 - 00283488 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-11-08 17:32 - 2016-10-15 04:38 - 00409952 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-11-08 17:32 - 2016-10-15 04:32 - 00601712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-08 17:32 - 2016-10-15 04:31 - 02750384 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-08 17:32 - 2016-10-15 04:31 - 02190688 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-11-08 17:32 - 2016-10-15 04:31 - 00658272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-11-08 17:32 - 2016-10-15 04:31 - 00402272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-11-08 17:32 - 2016-10-15 04:30 - 01851696 ____C (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-11-08 17:32 - 2016-10-15 04:30 - 00557408 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-11-08 17:32 - 2016-10-15 04:29 - 01267504 ____C (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-11-08 17:32 - 2016-10-15 04:29 - 00335712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-11-08 17:32 - 2016-10-15 04:26 - 01694712 ____C (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-11-08 17:32 - 2016-10-15 04:26 - 00534096 ____C (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-08 17:32 - 2016-10-15 04:26 - 00160096 ____C (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-11-08 17:32 - 2016-10-15 04:25 - 00882680 ____C (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-11-08 17:32 - 2016-10-15 04:25 - 00742704 ____C (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-11-08 17:32 - 2016-10-15 04:21 - 02537824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-11-08 17:32 - 2016-10-15 04:21 - 01100128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-11-08 17:32 - 2016-10-15 04:21 - 00584032 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-11-08 17:32 - 2016-10-15 04:20 - 02276736 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-11-08 17:32 - 2016-10-15 04:19 - 02256592 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-08 17:32 - 2016-10-15 04:19 - 00272720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-11-08 17:32 - 2016-10-15 04:18 - 02166232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-11-08 17:32 - 2016-10-15 04:18 - 01556712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-11-08 17:32 - 2016-10-15 04:18 - 00846560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-11-08 17:32 - 2016-10-15 04:15 - 03892352 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-08 17:32 - 2016-10-15 04:15 - 01853776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-11-08 17:32 - 2016-10-15 04:15 - 01123368 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-11-08 17:32 - 2016-10-15 04:15 - 00959112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-08 17:32 - 2016-10-15 04:15 - 00952416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-08 17:32 - 2016-10-15 04:15 - 00687936 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-11-08 17:32 - 2016-10-15 04:11 - 01435896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-11-08 17:32 - 2016-10-15 04:11 - 00545944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-08 17:32 - 2016-10-15 04:02 - 22568960 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-08 17:32 - 2016-10-15 04:00 - 00323584 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-11-08 17:32 - 2016-10-15 03:59 - 00018432 ____C (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-11-08 17:32 - 2016-10-15 03:58 - 00040448 ____C (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-08 17:32 - 2016-10-15 03:57 - 00081408 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-08 17:32 - 2016-10-15 03:57 - 00039424 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-11-08 17:32 - 2016-10-15 03:56 - 00327680 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-11-08 17:32 - 2016-10-15 03:56 - 00227328 ____C (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-11-08 17:32 - 2016-10-15 03:56 - 00219648 ____C (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-11-08 17:32 - 2016-10-15 03:56 - 00193536 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-11-08 17:32 - 2016-10-15 03:56 - 00120832 ____C (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-11-08 17:32 - 2016-10-15 03:56 - 00098816 ____C (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-11-08 17:32 - 2016-10-15 03:55 - 00635904 ____C (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-08 17:32 - 2016-10-15 03:55 - 00329216 ____C (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-11-08 17:32 - 2016-10-15 03:55 - 00265728 ____C (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-11-08 17:32 - 2016-10-15 03:55 - 00156672 ____C (Microsoft Corporation) C:\WINDOWS\system32\hidclass.sys
2016-11-08 17:32 - 2016-10-15 03:55 - 00156672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-11-08 17:32 - 2016-10-15 03:55 - 00142336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-11-08 17:32 - 2016-10-15 03:54 - 00463872 ____C (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-11-08 17:32 - 2016-10-15 03:54 - 00410112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-11-08 17:32 - 2016-10-15 03:54 - 00314880 ____C (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-08 17:32 - 2016-10-15 03:54 - 00296960 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-08 17:32 - 2016-10-15 03:54 - 00241152 ____C (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-11-08 17:32 - 2016-10-15 03:54 - 00152064 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-11-08 17:32 - 2016-10-15 03:53 - 00566784 ____C (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-08 17:32 - 2016-10-15 03:53 - 00313856 ____C (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-11-08 17:32 - 2016-10-15 03:53 - 00270336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-08 17:32 - 2016-10-15 03:52 - 00690176 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-08 17:32 - 2016-10-15 03:52 - 00632832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-08 17:32 - 2016-10-15 03:52 - 00523776 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-11-08 17:32 - 2016-10-15 03:52 - 00506880 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-08 17:32 - 2016-10-15 03:52 - 00410624 ____C (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-11-08 17:32 - 2016-10-15 03:52 - 00339456 ____C (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-11-08 17:32 - 2016-10-15 03:52 - 00306176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-08 17:32 - 2016-10-15 03:52 - 00288256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-11-08 17:32 - 2016-10-15 03:52 - 00088576 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-08 17:32 - 2016-10-15 03:51 - 00429568 ____C (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-11-08 17:32 - 2016-10-15 03:51 - 00261632 ____C (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-08 17:32 - 2016-10-15 03:51 - 00226304 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-11-08 17:32 - 2016-10-15 03:50 - 02333184 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-11-08 17:32 - 2016-10-15 03:50 - 00896512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-08 17:32 - 2016-10-15 03:50 - 00438784 ____C (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-11-08 17:32 - 2016-10-15 03:50 - 00310272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-11-08 17:32 - 2016-10-15 03:50 - 00198656 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-08 17:32 - 2016-10-15 03:49 - 00388608 ____C (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-08 17:32 - 2016-10-15 03:49 - 00348672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-08 17:32 - 2016-10-15 03:49 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-11-08 17:32 - 2016-10-15 03:49 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-11-08 17:32 - 2016-10-15 03:48 - 23680000 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-08 17:32 - 2016-10-15 03:47 - 04612608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-11-08 17:32 - 2016-10-15 03:47 - 00720896 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-11-08 17:32 - 2016-10-15 03:47 - 00369664 ____C (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-08 17:32 - 2016-10-15 03:46 - 19418112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-08 17:32 - 2016-10-15 03:46 - 19416576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-08 17:32 - 2016-10-15 03:46 - 00718848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-11-08 17:32 - 2016-10-15 03:45 - 01790464 ____C (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-11-08 17:32 - 2016-10-15 03:45 - 00942080 ____C (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-08 17:32 - 2016-10-15 03:45 - 00702464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-11-08 17:32 - 2016-10-15 03:45 - 00337920 ____C (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-08 17:32 - 2016-10-15 03:44 - 03307520 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-08 17:32 - 2016-10-15 03:44 - 00636928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-11-08 17:32 - 2016-10-15 03:43 - 01365504 ____C (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-11-08 17:32 - 2016-10-15 03:42 - 00956416 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-08 17:32 - 2016-10-15 03:42 - 00805376 ____C (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-08 17:32 - 2016-10-15 03:42 - 00467968 ____C (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-11-08 17:32 - 2016-10-15 03:42 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-11-08 17:32 - 2016-10-15 03:41 - 00945664 ____C (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-11-08 17:32 - 2016-10-15 03:41 - 00161792 ____C (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-11-08 17:32 - 2016-10-15 03:40 - 01690112 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-08 17:32 - 2016-10-15 03:39 - 04474368 ____C (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-11-08 17:32 - 2016-10-15 03:39 - 02266624 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-08 17:32 - 2016-10-15 03:39 - 01060864 ____C (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-11-08 17:32 - 2016-10-15 03:39 - 01005568 ____C (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-11-08 17:32 - 2016-10-15 03:39 - 00817664 ____C (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-11-08 17:32 - 2016-10-15 03:39 - 00806400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-11-08 17:32 - 2016-10-15 03:39 - 00631296 ____C (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-11-08 17:32 - 2016-10-15 03:39 - 00243712 ____C (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-08 17:32 - 2016-10-15 03:38 - 02458112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-08 17:32 - 2016-10-15 03:38 - 00579072 ____C (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-08 17:32 - 2016-10-15 03:37 - 03733504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-11-08 17:32 - 2016-10-15 03:37 - 01029632 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-11-08 17:32 - 2016-10-15 03:37 - 00884224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-08 17:32 - 2016-10-15 03:37 - 00712192 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-08 17:32 - 2016-10-15 03:37 - 00709120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-11-08 17:32 - 2016-10-15 03:36 - 04423680 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-08 17:32 - 2016-10-15 03:36 - 02484736 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-08 17:32 - 2016-10-15 03:36 - 01637888 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-08 17:32 - 2016-10-15 03:36 - 01595392 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-08 17:32 - 2016-10-15 03:36 - 01556992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-08 17:32 - 2016-10-15 03:36 - 01492480 ____C (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-08 17:32 - 2016-10-15 03:36 - 01359360 ____C (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-08 17:32 - 2016-10-15 03:36 - 01170944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-11-08 17:32 - 2016-10-15 03:36 - 00983040 ____C (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-11-08 17:32 - 2016-10-15 03:36 - 00909824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-08 17:32 - 2016-10-15 03:36 - 00673792 ____C (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-11-08 17:32 - 2016-10-15 03:36 - 00580608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-08 17:32 - 2016-10-15 03:36 - 00358912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-08 17:32 - 2016-10-15 03:35 - 02670592 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-08 17:32 - 2016-10-15 03:35 - 02005504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-11-08 17:32 - 2016-10-15 03:35 - 01779712 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-08 17:32 - 2016-10-15 03:35 - 01512960 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-08 17:32 - 2016-10-15 03:35 - 01509376 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-08 17:32 - 2016-10-15 03:35 - 00905216 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-11-08 17:32 - 2016-10-15 03:35 - 00798208 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-08 17:32 - 2016-10-15 03:35 - 00422400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-08 17:32 - 2016-10-15 03:34 - 02476544 ____C (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-11-08 17:32 - 2016-10-15 03:34 - 01840640 ____C (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-11-08 17:32 - 2016-10-15 03:34 - 00936448 ____C (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-11-08 17:32 - 2016-10-15 03:32 - 00886784 ____C (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-11-08 17:32 - 2016-10-05 10:35 - 00279904 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-11-08 17:32 - 2016-10-05 10:22 - 01181536 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-11-08 17:32 - 2016-10-05 10:16 - 00187232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-11-08 17:32 - 2016-10-05 10:13 - 00146784 ____C (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2016-11-08 17:32 - 2016-10-05 10:12 - 01112928 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-11-08 17:32 - 2016-10-05 10:08 - 00241504 ____C (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-11-08 17:32 - 2016-10-05 09:50 - 00116576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2016-11-08 17:32 - 2016-10-05 09:49 - 01980768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-11-08 17:32 - 2016-10-05 09:48 - 01022304 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-11-08 17:32 - 2016-10-05 09:46 - 01360456 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-11-08 17:32 - 2016-10-05 09:46 - 00980824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-11-08 17:32 - 2016-10-05 09:38 - 00584192 ____C (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-11-08 17:32 - 2016-10-05 09:36 - 00113664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-11-08 17:32 - 2016-10-05 09:35 - 00196096 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2016-11-08 17:32 - 2016-10-05 09:35 - 00101888 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2016-11-08 17:32 - 2016-10-05 09:33 - 00157696 ____C (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2016-11-08 17:32 - 2016-10-05 09:32 - 00590336 ____C (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-11-08 17:32 - 2016-10-05 09:32 - 00146432 ____C (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-11-08 17:32 - 2016-10-05 09:31 - 00837632 ____C (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-11-08 17:32 - 2016-10-05 09:31 - 00748544 ____C (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-11-08 17:32 - 2016-10-05 09:31 - 00480768 ____C (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2016-11-08 17:32 - 2016-10-05 09:31 - 00058880 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-11-08 17:32 - 2016-10-05 09:29 - 01145856 ____C (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-11-08 17:32 - 2016-10-05 09:28 - 00775168 ____C (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-11-08 17:32 - 2016-10-05 09:28 - 00584192 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2016-11-08 17:32 - 2016-10-05 09:27 - 00094208 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-11-08 17:32 - 2016-10-05 09:27 - 00087040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-11-08 17:32 - 2016-10-05 09:26 - 00590848 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-11-08 17:32 - 2016-10-05 09:25 - 00822784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-08 17:32 - 2016-10-05 09:25 - 00299520 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-11-08 17:32 - 2016-10-05 09:24 - 00483840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2016-11-08 17:32 - 2016-10-05 09:24 - 00099328 ____C (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-11-08 17:32 - 2016-10-05 09:21 - 03689984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-11-08 17:32 - 2016-10-05 09:21 - 00567808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-11-08 17:32 - 2016-10-05 09:21 - 00167936 ____C (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-08 17:32 - 2016-10-05 09:20 - 00143872 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-11-08 17:32 - 2016-10-05 09:19 - 02390016 ____C (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2016-11-08 17:32 - 2016-10-05 09:18 - 00858112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-11-08 17:32 - 2016-10-05 09:17 - 08126464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-08 17:32 - 2016-10-05 09:16 - 04747776 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-08 17:32 - 2016-10-05 09:16 - 00771072 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-11-08 17:32 - 2016-10-05 09:16 - 00508416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-11-08 17:32 - 2016-10-05 09:15 - 00716800 ____C (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-11-08 17:32 - 2016-10-05 09:15 - 00141312 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2016-11-08 17:32 - 2016-10-05 09:14 - 01255936 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-11-08 17:32 - 2016-10-05 09:14 - 01013760 ____C (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-11-08 17:32 - 2016-10-05 09:11 - 06043136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-08 17:32 - 2016-10-05 09:11 - 00640000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-11-08 17:32 - 2016-10-05 09:10 - 06474752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-11-08 17:32 - 2016-10-05 09:09 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-11-08 17:32 - 2016-10-05 09:08 - 02356736 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-08 17:32 - 2016-10-05 09:08 - 00873472 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-11-08 17:32 - 2016-10-05 09:07 - 03667456 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-08 17:32 - 2016-10-05 09:07 - 02646016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-11-08 17:32 - 2016-10-05 09:07 - 00566784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-11-08 17:32 - 2016-10-05 09:06 - 00850944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-11-08 17:32 - 2016-09-15 17:40 - 00965472 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2016-11-08 17:32 - 2016-09-15 17:37 - 00496872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-11-08 17:32 - 2016-09-15 17:37 - 00402352 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-11-08 17:32 - 2016-09-15 17:30 - 00646136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-11-08 17:32 - 2016-09-15 17:29 - 00424640 ____C (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-11-08 17:32 - 2016-09-15 17:29 - 00081760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-11-08 17:32 - 2016-09-15 17:23 - 01503032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-11-08 17:32 - 2016-09-15 17:23 - 00170960 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-11-08 17:32 - 2016-09-15 17:22 - 00433832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-11-08 17:32 - 2016-09-15 17:20 - 00634944 ____C (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2016-11-08 17:32 - 2016-09-15 17:19 - 00361104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-11-08 17:32 - 2016-09-15 17:18 - 01201872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-11-08 17:32 - 2016-09-15 17:18 - 00856872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-11-08 17:32 - 2016-09-15 17:18 - 00404832 ____C (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-08 17:32 - 2016-09-15 17:16 - 01738040 ____C (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-11-08 17:32 - 2016-09-15 17:16 - 01157000 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2016-11-08 17:32 - 2016-09-15 17:16 - 00206096 ____C (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-11-08 17:32 - 2016-09-15 17:15 - 00218976 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-11-08 17:32 - 2016-09-15 17:15 - 00130912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2016-11-08 17:32 - 2016-09-15 17:14 - 00811872 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-11-08 17:32 - 2016-09-15 17:14 - 00119648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2016-11-08 17:32 - 2016-09-15 17:12 - 00092512 ____C (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-08 17:32 - 2016-09-15 17:06 - 00455520 ____C (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-11-08 17:32 - 2016-09-15 17:06 - 00372440 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-11-08 17:32 - 2016-09-15 17:03 - 00094720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-11-08 17:32 - 2016-09-15 17:01 - 00141824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2016-11-08 17:32 - 2016-09-15 17:00 - 00554496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2016-11-08 17:32 - 2016-09-15 17:00 - 00156672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-08 17:32 - 2016-09-15 16:59 - 00255488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2016-11-08 17:32 - 2016-09-15 16:59 - 00143872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovslegacy.dll
2016-11-08 17:32 - 2016-09-15 16:59 - 00136192 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2016-11-08 17:32 - 2016-09-15 16:58 - 00491008 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-08 17:32 - 2016-09-15 16:58 - 00291840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2016-11-08 17:32 - 2016-09-15 16:58 - 00092672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-11-08 17:32 - 2016-09-15 16:57 - 00392192 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2016-11-08 17:32 - 2016-09-15 16:57 - 00315904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2016-11-08 17:32 - 2016-09-15 16:57 - 00171520 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-11-08 17:32 - 2016-09-15 16:56 - 00609280 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2016-11-08 17:32 - 2016-09-15 16:56 - 00265728 ____C C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2016-11-08 17:32 - 2016-09-15 16:56 - 00115712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2016-11-08 17:32 - 2016-09-15 16:55 - 00218624 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2016-11-08 17:32 - 2016-09-15 16:55 - 00202752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-08 17:32 - 2016-09-15 16:54 - 00461312 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-11-08 17:32 - 2016-09-15 16:54 - 00262144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2016-11-08 17:32 - 2016-09-15 16:53 - 00819200 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-11-08 17:32 - 2016-09-15 16:52 - 01358336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-11-08 17:32 - 2016-09-15 16:52 - 00816640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2016-11-08 17:32 - 2016-09-15 16:52 - 00525824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2016-11-08 17:32 - 2016-09-15 16:52 - 00500224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2016-11-08 17:32 - 2016-09-15 16:52 - 00297472 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2016-11-08 17:32 - 2016-09-15 16:51 - 00762368 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2016-11-08 17:32 - 2016-09-15 16:50 - 01534464 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2016-11-08 17:32 - 2016-09-15 16:50 - 00071168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\pwrshplugin.dll
2016-11-08 17:32 - 2016-09-15 16:49 - 00499200 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-11-08 17:32 - 2016-09-15 16:49 - 00468992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-11-08 17:32 - 2016-09-15 16:48 - 01320448 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-11-08 17:32 - 2016-09-15 16:47 - 01077760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-11-08 17:32 - 2016-09-15 16:46 - 00795648 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2016-11-08 17:32 - 2016-09-15 16:46 - 00558080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-11-08 17:32 - 2016-09-15 16:46 - 00343040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-11-08 17:32 - 2016-09-15 16:46 - 00049664 ____C (Microsoft Corporation) C:\WINDOWS\system32\ffbroker.dll
2016-11-08 17:32 - 2016-09-15 16:44 - 00118784 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-11-08 17:32 - 2016-09-15 16:43 - 00220672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2016-11-08 17:32 - 2016-09-15 16:43 - 00210432 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-11-08 17:32 - 2016-09-15 16:43 - 00039424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2016-11-08 17:32 - 2016-09-15 16:42 - 01220608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-11-08 17:32 - 2016-09-15 16:42 - 00051712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2016-11-08 17:32 - 2016-09-15 16:41 - 00400384 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-11-08 17:32 - 2016-09-15 16:41 - 00295424 ____C (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2016-11-08 17:32 - 2016-09-15 16:40 - 05061120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-11-08 17:32 - 2016-09-15 16:40 - 01247232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-08 17:32 - 2016-09-15 16:40 - 00467968 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2016-11-08 17:32 - 2016-09-15 16:40 - 00160768 ____C (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-08 17:32 - 2016-09-15 16:40 - 00114688 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-11-08 17:32 - 2016-09-15 16:40 - 00082432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2016-11-08 17:32 - 2016-09-15 16:39 - 01232384 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2016-11-08 17:32 - 2016-09-15 16:39 - 01170944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2016-11-08 17:32 - 2016-09-15 16:39 - 00547840 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2016-11-08 17:32 - 2016-09-15 16:39 - 00322048 ____C (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-08 17:32 - 2016-09-15 16:39 - 00186368 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2016-11-08 17:32 - 2016-09-15 16:38 - 01291264 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2016-11-08 17:32 - 2016-09-15 16:38 - 00203776 ____C (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-11-08 17:32 - 2016-09-15 16:38 - 00132096 ____C (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll
2016-11-08 17:32 - 2016-09-15 16:37 - 00568320 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2016-11-08 17:32 - 2016-09-15 16:37 - 00279552 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-08 17:32 - 2016-09-15 16:37 - 00266240 ____C (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-11-08 17:32 - 2016-09-15 16:37 - 00216576 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-11-08 17:32 - 2016-09-15 16:36 - 00852480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2016-11-08 17:32 - 2016-09-15 16:36 - 00648192 ____C (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-11-08 17:32 - 2016-09-15 16:36 - 00257024 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2016-11-08 17:32 - 2016-09-15 16:36 - 00166912 ____C (Microsoft Corporation) C:\WINDOWS\system32\credprovslegacy.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 01060352 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00949248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00645120 ____C (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00538112 ____C (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00472064 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00431616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00417792 ____C (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00358400 ____C (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00331776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00329728 ____C (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00128000 ____C (Microsoft Corporation) C:\WINDOWS\system32\rshx32.dll
2016-11-08 17:32 - 2016-09-15 16:34 - 00671744 ____C (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2016-11-08 17:32 - 2016-09-15 16:34 - 00560640 ____C (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-11-08 17:32 - 2016-09-15 16:34 - 00437248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2016-11-08 17:32 - 2016-09-15 16:34 - 00284160 ____C (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-11-08 17:32 - 2016-09-15 16:33 - 00966144 ____C (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2016-11-08 17:32 - 2016-09-15 16:33 - 00896512 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-11-08 17:32 - 2016-09-15 16:32 - 00634368 ____C (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-11-08 17:32 - 2016-09-15 16:32 - 00361472 ____C (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-11-08 17:32 - 2016-09-15 16:30 - 01227264 ____C (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-11-08 17:32 - 2016-09-15 16:30 - 00112640 ____C (Microsoft Corporation) C:\WINDOWS\system32\baaupdate.exe
2016-11-08 17:32 - 2016-09-15 16:28 - 00864256 ____C (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2016-11-08 17:32 - 2016-09-15 16:28 - 00798720 ____C (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2016-11-08 17:32 - 2016-09-15 16:28 - 00440320 ____C (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2016-11-08 17:32 - 2016-09-15 16:28 - 00159744 ____C (Microsoft Corporation) C:\WINDOWS\system32\fveprompt.exe
2016-11-08 17:32 - 2016-09-15 16:27 - 00883712 ____C (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-11-08 17:32 - 2016-09-15 16:27 - 00279040 ____C (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-11-08 17:32 - 2016-09-15 16:27 - 00228352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSAC3ENC.DLL
2016-11-08 17:32 - 2016-09-15 16:27 - 00211968 ____C (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2016-11-08 17:32 - 2016-09-15 16:27 - 00171008 ____C (Microsoft Corporation) C:\WINDOWS\system32\fvenotify.exe
2016-11-08 17:32 - 2016-09-15 16:26 - 00501248 ____C (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2016-11-08 17:32 - 2016-09-15 16:26 - 00033792 ____C (Microsoft Corporation) C:\WINDOWS\system32\bdeui.dll
2016-11-08 17:32 - 2016-09-15 16:25 - 00237056 ____C (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-11-08 17:32 - 2016-09-15 16:25 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\BackgroundMediaPolicy.dll
2016-11-08 17:32 - 2016-09-15 16:24 - 01080320 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2016-11-08 17:32 - 2016-09-15 16:24 - 00139776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-11-08 17:32 - 2016-09-15 16:23 - 00460800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2016-11-08 17:32 - 2016-09-15 16:21 - 00816640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-11-08 17:32 - 2016-09-15 16:20 - 02424320 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2016-11-08 17:32 - 2016-09-15 16:20 - 01535488 ____C (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2016-11-08 17:32 - 2016-09-15 16:20 - 00845824 ____C (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2016-11-08 17:32 - 2016-09-15 16:20 - 00691712 ____C (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-11-08 17:32 - 2016-09-15 16:20 - 00283648 ____C (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-11-08 17:32 - 2016-09-15 16:19 - 03202048 ____C (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-11-08 17:32 - 2016-09-15 16:19 - 00717824 ____C (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-11-08 17:32 - 2016-09-15 16:17 - 00122368 ____C (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-11-08 17:32 - 2016-09-15 16:16 - 00531456 ____C (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2016-11-08 17:32 - 2016-09-15 16:16 - 00483840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-11-08 17:32 - 2016-09-15 16:16 - 00387072 ____C (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2016-11-08 17:32 - 2016-09-15 16:16 - 00221696 ____C (Microsoft Corporation) C:\WINDOWS\system32\tspubwmi.dll
2016-11-08 17:32 - 2016-09-07 05:54 - 00133472 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-11-08 17:32 - 2016-09-07 05:46 - 00423776 ____C (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-08 17:32 - 2016-09-07 05:41 - 00172528 ____C (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-11-08 17:32 - 2016-09-07 05:34 - 00584544 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-11-08 17:32 - 2016-09-07 05:34 - 00360040 ____C (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-11-08 17:32 - 2016-09-07 05:34 - 00178528 ____C (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2016-11-08 17:32 - 2016-09-07 05:32 - 02206496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-11-08 17:32 - 2016-09-07 05:29 - 00755656 ____C (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-11-08 17:32 - 2016-09-07 05:29 - 00382272 ____C (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-11-08 17:32 - 2016-09-07 05:24 - 00057400 ____C (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2016-11-08 17:32 - 2016-09-07 05:17 - 00509792 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-11-08 17:32 - 2016-09-07 05:07 - 00117240 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-11-08 17:32 - 2016-09-07 05:04 - 00009216 ____C (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-11-08 17:32 - 2016-09-07 05:03 - 00409088 ____C (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-11-08 17:32 - 2016-09-07 05:03 - 00110080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-11-08 17:32 - 2016-09-07 05:03 - 00095232 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-11-08 17:32 - 2016-09-07 05:03 - 00009728 ____C (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-11-08 17:32 - 2016-09-07 05:03 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccessRes.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00045568 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00044032 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00023552 ____C (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00015360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\system32\PhoneutilRes.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-11-08 17:32 - 2016-09-07 05:01 - 00137728 ____C (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-11-08 17:32 - 2016-09-07 05:01 - 00068096 ____C (Microsoft Corporation) C:\WINDOWS\system32\AddressParser.dll
2016-11-08 17:32 - 2016-09-07 05:01 - 00065024 ____C (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-11-08 17:32 - 2016-09-07 05:00 - 00052224 ____C (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-11-08 17:32 - 2016-09-07 05:00 - 00049152 ____C (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00263680 ____C (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00150528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00095232 ____C (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00088064 ____C (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00071168 ____C (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00064512 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00054784 ____C (Microsoft Corporation) C:\WINDOWS\system32\ContactActivation.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00040448 ____C (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00363520 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00187904 ____C (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00170496 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00057344 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00054784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AddressParser.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00038400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00037888 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccessRes.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneutilRes.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2016-11-08 17:32 - 2016-09-07 04:57 - 00224256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-11-08 17:32 - 2016-09-07 04:57 - 00045568 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-11-08 17:32 - 2016-09-07 04:57 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2016-11-08 17:32 - 2016-09-07 04:56 - 00418304 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-08 17:32 - 2016-09-07 04:56 - 00327168 ____C (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2016-11-08 17:32 - 2016-09-07 04:56 - 00157696 ____C (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll
2016-11-08 17:32 - 2016-09-07 04:56 - 00140288 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-11-08 17:32 - 2016-09-07 04:56 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2016-11-08 17:32 - 2016-09-07 04:56 - 00077312 ____C (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-11-08 17:32 - 2016-09-07 04:56 - 00048128 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactActivation.dll
2016-11-08 17:32 - 2016-09-07 04:55 - 00820736 ____C (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-11-08 17:32 - 2016-09-07 04:55 - 00323584 ____C (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-11-08 17:32 - 2016-09-07 04:55 - 00243200 ____C (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2016-11-08 17:32 - 2016-09-07 04:55 - 00147456 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-11-08 17:32 - 2016-09-07 04:54 - 00805888 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-11-08 17:32 - 2016-09-07 04:54 - 00446464 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-11-08 17:32 - 2016-09-07 04:54 - 00366592 ____C (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2016-11-08 17:32 - 2016-09-07 04:54 - 00315904 ____C (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2016-11-08 17:32 - 2016-09-07 04:54 - 00055808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-11-08 17:32 - 2016-09-07 04:53 - 02083840 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-11-08 17:32 - 2016-09-07 04:53 - 01388544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-08 17:32 - 2016-09-07 04:53 - 00526848 ____C (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-11-08 17:32 - 2016-09-07 04:53 - 00302592 ____C (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2016-11-08 17:32 - 2016-09-07 04:53 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-11-08 17:32 - 2016-09-07 04:52 - 00605184 ____C (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-08 17:32 - 2016-09-07 04:50 - 00426496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-11-08 17:32 - 2016-09-07 04:49 - 00635904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-08 17:32 - 2016-09-07 04:49 - 00260096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2016-11-08 17:32 - 2016-09-07 04:45 - 05398016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-11-08 17:32 - 2016-09-07 04:43 - 00484352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-11-08 17:32 - 2016-09-07 04:41 - 03435008 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-11-08 17:32 - 2016-09-07 04:41 - 02947072 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-11-08 17:32 - 2016-09-07 04:41 - 02510848 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-11-08 17:32 - 2016-09-07 04:41 - 00932864 ____C (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-11-08 17:32 - 2016-09-07 04:40 - 02852864 ____C (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-11-08 17:32 - 2016-09-07 04:39 - 00895488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-11-08 17:32 - 2016-09-07 04:38 - 01232384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-11-08 17:32 - 2016-09-07 04:37 - 04148224 ____C (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-08 17:32 - 2016-09-07 04:37 - 02820096 ____C (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-11-08 17:32 - 2016-09-07 04:37 - 01349120 ____C (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-08 17:32 - 2016-09-07 04:34 - 04557824 ____C (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-11-08 17:32 - 2016-09-07 04:31 - 00461312 ____C (Microsoft) C:\WINDOWS\SysWOW64\DbgModel.dll
2016-11-08 17:32 - 2016-08-27 04:58 - 00121368 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-11-08 17:32 - 2016-08-20 05:34 - 00136032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2016-11-08 17:32 - 2016-08-20 05:16 - 00380928 ____C (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-11-08 17:32 - 2016-08-20 05:12 - 00476672 ____C (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-11-08 17:32 - 2016-08-20 05:07 - 00288768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-11-08 17:32 - 2016-08-20 05:07 - 00203776 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-11-08 17:32 - 2016-08-20 05:04 - 00592384 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-11-08 17:32 - 2016-08-20 05:00 - 00141824 ____C (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll
2016-11-08 17:32 - 2016-08-06 04:26 - 01176664 ____C (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-11-08 17:32 - 2016-08-06 04:23 - 00168800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-11-08 17:32 - 2016-08-06 04:17 - 00790760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-11-08 17:32 - 2016-08-06 04:17 - 00619368 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-11-08 17:32 - 2016-08-06 04:16 - 00073568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-11-08 17:32 - 2016-08-06 04:16 - 00020320 ____C (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-11-08 17:32 - 2016-08-06 04:15 - 00408600 ____C (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-11-08 17:32 - 2016-08-06 04:03 - 01343928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-11-08 17:32 - 2016-08-06 04:03 - 00036168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-11-08 17:32 - 2016-08-06 03:50 - 02755584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-11-08 17:32 - 2016-08-06 03:48 - 02755584 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-11-08 17:32 - 2016-08-06 03:48 - 00034304 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-08 17:32 - 2016-08-06 03:47 - 00038400 ____C (Microsoft Corporation) C:\WINDOWS\system32\hidusb.sys
2016-11-08 17:32 - 2016-08-06 03:47 - 00038400 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-11-08 17:32 - 2016-08-06 03:46 - 00094720 ____C (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-11-08 17:32 - 2016-08-06 03:46 - 00040960 ____C (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2016-11-08 17:32 - 2016-08-06 03:46 - 00040960 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-11-08 17:32 - 2016-08-06 03:45 - 00327680 ____C (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-11-08 17:32 - 2016-08-06 03:45 - 00049664 ____C (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-11-08 17:32 - 2016-08-06 03:44 - 00047616 ____C (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-11-08 17:32 - 2016-08-06 03:44 - 00035328 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2016-11-08 17:32 - 2016-08-06 03:43 - 00200704 ____C (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-11-08 17:32 - 2016-08-06 03:40 - 00239104 ____C (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-11-08 17:32 - 2016-08-06 03:36 - 00447488 ____C (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-11-08 17:32 - 2016-08-06 03:33 - 00396800 ____C (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-11-08 17:32 - 2016-08-06 03:31 - 00100864 ____C (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-11-08 17:32 - 2016-08-06 03:29 - 00298496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2016-11-08 17:32 - 2016-08-06 03:29 - 00123904 ____C (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-11-08 17:32 - 2016-08-06 03:28 - 00086016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-11-08 17:32 - 2016-08-06 03:21 - 00102400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-11-08 17:32 - 2016-08-06 03:19 - 00114688 ____C (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-11-08 17:32 - 2016-08-05 09:14 - 01066328 ____C (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-11-08 17:32 - 2016-08-05 09:10 - 00939872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2016-11-08 17:32 - 2016-08-05 09:05 - 00665768 ____C (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-11-08 17:32 - 2016-08-05 08:29 - 00568832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-11-08 17:32 - 2016-08-05 08:28 - 00022016 ____C (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-11-08 17:32 - 2016-08-05 08:23 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2016-11-08 17:32 - 2016-08-05 08:22 - 00138240 ____C (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-11-08 17:32 - 2016-08-05 08:18 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2016-11-08 17:32 - 2016-08-05 08:08 - 00135168 ____C (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-11-08 17:32 - 2016-08-02 08:21 - 00140288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-11-08 17:32 - 2016-08-02 08:15 - 00231424 ____C (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-11-08 17:32 - 2016-08-02 08:15 - 00058880 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-08 17:32 - 2016-08-02 08:13 - 01081856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-11-08 17:32 - 2016-08-02 04:37 - 00121344 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-11-08 17:32 - 2016-08-02 04:33 - 00047104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-08 17:32 - 2016-07-22 01:18 - 00297552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-11-08 11:00 - 2016-11-08 11:00 - 00000000 ____D C:\Users\Fraser Ross\AppData\Roaming\TuneUp Software
2016-11-08 11:00 - 2016-11-08 11:00 - 00000000 ____D C:\Users\Fraser Ross\AppData\Roaming\AVG
2016-11-08 10:55 - 2016-11-08 15:50 - 00000000 ____D C:\Users\Fraser Ross\AppData\Local\AvgSetupLog
2016-11-08 10:55 - 2016-11-08 15:44 - 00000000 ____D C:\Users\Fraser Ross\AppData\Local\Avg
2016-11-08 10:54 - 2016-11-08 10:55 - 03312896 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Fraser Ross\Downloads\AVG_Protection_Free_698.exe
2016-11-08 10:40 - 2016-11-08 10:43 - 00000000 ___DC C:\AdwCleaner
2016-11-08 10:39 - 2016-11-08 10:40 - 03910208 _____ C:\Users\Fraser Ross\Downloads\adwcleaner_6.030.exe
2016-11-07 16:07 - 2016-11-07 16:07 - 00001475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-11-07 16:07 - 2016-11-07 16:07 - 00001463 ____C C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-11-07 16:07 - 2016-11-07 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-11-07 16:07 - 2015-06-16 17:32 - 00020760 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2016-11-07 15:55 - 2016-11-07 11:08 - 00457132 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20161107-155502.backup
2016-11-07 11:10 - 2016-11-07 11:12 - 00001024 ___HC C:\AMTAG.BIN
2016-11-07 11:06 - 2016-11-07 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartW8
2016-11-07 10:41 - 2016-11-07 10:41 - 00000000 ____D C:\Program Files (x86)\StartW8
2016-11-07 01:02 - 2016-11-07 01:02 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-11-07 01:01 - 2016-11-07 01:01 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-11-07 01:01 - 2016-11-07 01:01 - 00000000 ____D C:\Program Files\MSBuild
2016-11-07 01:01 - 2016-11-07 01:01 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-11-07 01:01 - 2016-11-06 17:21 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-07 01:00 - 2016-05-25 22:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-11-07 01:00 - 2016-05-25 22:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-11-07 01:00 - 2016-05-25 22:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-11-07 01:00 - 2016-05-25 19:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-11-07 01:00 - 2016-05-25 19:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-11-07 01:00 - 2016-05-25 19:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-11-06 18:11 - 2016-11-06 18:11 - 00000000 ____D C:\ProgramData\USOShared
2016-11-06 18:10 - 2016-11-06 18:10 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-11-06 18:06 - 2016-11-06 18:30 - 00000000 ____D C:\Users\Fraser Ross\AppData\Local\ConnectedDevicesPlatform
2016-11-06 18:06 - 2016-11-06 18:06 - 00000020 ___SH C:\Users\Fraser Ross\ntuser.ini
2016-11-06 17:55 - 2016-11-06 17:55 - 00000000 _SHDL C:\Users\Default\My Documents
2016-11-06 17:55 - 2016-11-06 17:55 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-11-06 17:55 - 2016-11-06 17:55 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-11-06 17:55 - 2016-11-06 17:55 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-11-06 17:55 - 2016-11-06 17:55 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-11-06 17:55 - 2016-11-06 17:55 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-11-06 17:55 - 2016-11-06 17:55 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-11-06 17:52 - 2016-11-06 17:54 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-11-06 17:52 - 2016-11-06 17:54 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-11-06 17:50 - 2016-11-09 17:39 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2016-11-06 17:50 - 2016-11-06 17:50 - 00002880 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3240783315-1213011343-4006949943-1000
2016-11-06 17:50 - 2016-11-06 17:50 - 00002344 _____ C:\WINDOWS\System32\Tasks\{6DDCC59A-CD43-492C-AF13-CAAF0BD3C4DD}
2016-11-06 17:50 - 2016-11-06 17:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-11-06 17:50 - 2016-11-06 17:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-11-06 17:50 - 2016-11-06 17:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-11-06 17:49 - 2016-11-09 14:04 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-06 17:49 - 2016-11-06 17:50 - 00003318 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3240783315-1213011343-4006949943-1000
2016-11-06 17:49 - 2016-11-06 17:50 - 00003222 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3240783315-1213011343-4006949943-1000
2016-11-06 17:49 - 2016-11-06 17:50 - 00002236 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-11-06 17:31 - 2016-11-06 17:31 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-06 17:31 - 2016-11-06 17:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-11-06 17:31 - 2016-11-06 17:31 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-11-06 17:31 - 2016-11-06 17:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-11-06 17:31 - 2016-11-06 17:31 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-11-06 17:21 - 2016-11-06 17:21 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-11-06 17:19 - 2016-11-06 17:33 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-11-06 17:16 - 2016-11-09 15:06 - 00000000 ____D C:\Users\Fraser Ross
2016-11-06 17:16 - 2016-11-06 17:16 - 00000000 _SHDL C:\Users\Fraser Ross\My Documents
2016-11-06 17:16 - 2016-11-06 17:16 - 00000000 _SHDL C:\Users\Fraser Ross\Documents\My Videos
2016-11-06 17:16 - 2016-11-06 17:16 - 00000000 _SHDL C:\Users\Fraser Ross\Documents\My Pictures
2016-11-06 17:16 - 2016-11-06 17:16 - 00000000 _SHDL C:\Users\Fraser Ross\Documents\My Music
2016-11-06 17:12 - 2016-11-06 17:12 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2016-11-06 17:12 - 2016-11-06 17:12 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-11-06 17:12 - 2016-11-06 17:12 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-11-06 17:12 - 2016-11-06 17:12 - 00000000 ____D C:\Program Files\Realtek
2016-11-06 17:11 - 2016-07-16 11:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-11-06 17:09 - 2016-11-10 11:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-06 17:09 - 2016-11-08 17:50 - 00357960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-06 17:09 - 2016-11-06 17:09 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-11-06 10:46 - 2016-11-09 17:51 - 00000000 ____C C:\WINDOWS\system32\version.tmp
2016-10-13 21:55 - 2016-10-13 21:55 - 02468304 _____ (Logitech, Inc.) C:\WINDOWS\system32\LdaCx2.dll

FraserR

2016-11-10, 13:36

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-10 11:47 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-10 11:47 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-10 11:14 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-10 11:11 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-09 19:29 - 2014-02-26 12:16 - 00000000 __RDC C:\Users\Fraser Ross\Sync
2016-11-09 18:40 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 18:20 - 2013-12-06 12:22 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
2016-11-09 18:20 - 2013-05-05 17:05 - 00000000 ___DC C:\ProgramData\WRData
2016-11-09 17:46 - 2015-07-30 17:14 - 01017038 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-09 17:39 - 2013-05-05 17:06 - 00143248 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2016-11-09 17:38 - 2016-07-16 06:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-11-09 15:55 - 2015-09-04 13:44 - 00000214 ____C C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-11-09 14:39 - 2014-05-21 14:47 - 00192216 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-08 18:02 - 2016-02-22 11:33 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-11-08 17:59 - 2015-07-30 17:18 - 00000000 _RHDC C:\Users\Public\AccountPictures
2016-11-08 17:46 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-11-08 17:46 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-11-08 17:46 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-08 17:46 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-11-08 17:45 - 2016-07-16 14:29 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-11-08 17:45 - 2016-07-16 11:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ___RD C:\Program Files\Windows Defender
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\setup
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-11-08 17:45 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-11-08 17:45 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-11-08 16:43 - 2013-07-18 11:11 - 00000000 ___DC C:\WINDOWS\system32\MRT
2016-11-08 16:42 - 2013-10-19 14:05 - 00000000 ___DC C:\ProgramData\Oracle
2016-11-08 16:38 - 2014-10-18 07:40 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-08 16:37 - 2014-12-30 11:28 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-11-08 16:37 - 2014-08-14 09:40 - 00000000 ___DC C:\Program Files (x86)\Java
2016-11-08 16:36 - 2013-05-03 14:14 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-08 15:44 - 2013-07-15 16:09 - 00000000 ___DC C:\ProgramData\MFAData
2016-11-08 13:05 - 2016-07-16 11:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-11-08 11:02 - 2016-07-16 06:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2016-11-08 10:24 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-07 16:07 - 2015-07-30 17:37 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2016-11-07 15:55 - 2014-01-16 11:35 - 00002496 ____C C:\WINDOWS\wininit.ini
2016-11-07 10:32 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-11-07 01:07 - 2016-07-16 11:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-11-06 18:34 - 2013-06-01 15:15 - 00000000 ___DC C:\Users\Fraser Ross\AppData\Local\Packages
2016-11-06 18:28 - 2015-08-05 11:27 - 00000568 __RSH C:\ProgramData\ntuser.pol
2016-11-06 18:11 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-11-06 18:11 - 2015-07-30 17:22 - 00002439 _____ C:\Users\Fraser Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-11-06 18:11 - 2015-07-30 17:22 - 00000000 __RDC C:\Users\Fraser Ross\OneDrive
2016-11-06 17:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-06 17:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Registration
2016-11-06 17:52 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-11-06 17:52 - 2015-10-30 07:24 - 00000000 ___DC C:\WINDOWS\system32\Tasks_Migrated
2016-11-06 17:50 - 2015-06-17 13:00 - 00000720 ____C C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3240783315-1213011343-4006949943-1000.job
2016-11-06 17:44 - 2013-06-01 15:02 - 00022840 ____C C:\WINDOWS\system32\emptyregdb.dat
2016-11-06 17:43 - 2016-07-16 11:47 - 00000000 __RSD C:\WINDOWS\Media
2016-11-06 17:42 - 2016-07-16 11:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-11-06 17:33 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-11-06 17:33 - 2016-07-16 08:13 - 00000000 __RDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero RAD Studio 10.1 Berlin
2016-11-06 17:33 - 2016-06-03 10:42 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-11-06 17:33 - 2016-05-14 12:30 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Measurement
2016-11-06 17:33 - 2016-04-05 08:56 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 6.0
2016-11-06 17:33 - 2016-02-23 13:27 - 00000000 ___DC C:\WINDOWS\SysWOW64\PolicyDefinitions
2016-11-06 17:33 - 2016-02-23 13:27 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
2016-11-06 17:33 - 2016-02-22 14:12 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
2016-11-06 17:33 - 2016-02-22 13:32 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Processor Identification Utility
2016-11-06 17:33 - 2016-02-22 12:32 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-11-06 17:33 - 2015-10-30 18:09 - 00000000 ___DC C:\WINDOWS\ShellNew
2016-11-06 17:33 - 2015-09-01 12:42 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-11-06 17:33 - 2015-08-12 11:01 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-11-06 17:33 - 2015-08-12 10:56 - 00000000 ___DC C:\WINDOWS\SysWOW64\1033
2016-11-06 17:33 - 2015-08-12 10:56 - 00000000 ___DC C:\WINDOWS\system32\1033
2016-11-06 17:33 - 2015-07-26 11:06 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft .NET Framework SDK v1.1
2016-11-06 17:33 - 2015-07-23 10:18 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2016-11-06 17:33 - 2015-07-22 13:57 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B-Link Wireless
2016-11-06 17:33 - 2015-07-08 12:58 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Laplink PCmover Image Assistant
2016-11-06 17:33 - 2015-06-15 12:56 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch
2016-11-06 17:33 - 2015-06-15 10:39 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrar Registry Manager
2016-11-06 17:33 - 2015-06-03 16:46 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDE Information Utility
2016-11-06 17:33 - 2015-05-12 11:27 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Borland Developer Studio 2006
2016-11-06 17:33 - 2015-04-30 12:04 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-11-06 17:33 - 2015-04-15 14:54 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2016-11-06 17:33 - 2015-04-08 14:48 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-11-06 17:33 - 2014-12-30 11:49 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-11-06 17:33 - 2014-08-19 11:34 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE Outlook PST File Viewer
2016-11-06 17:33 - 2014-07-24 14:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartitionGuru
2016-11-06 17:33 - 2014-05-21 14:47 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-06 17:33 - 2014-03-26 17:09 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ File Recovery
2016-11-06 17:33 - 2013-11-28 18:00 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-06 17:33 - 2013-11-28 16:34 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-11-06 17:33 - 2013-08-25 17:50 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-11-06 17:33 - 2013-06-25 18:02 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ Partition Manager
2016-11-06 17:33 - 2013-06-24 17:19 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCoupe
2016-11-06 17:33 - 2013-06-15 13:45 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2016-11-06 17:33 - 2013-06-05 12:43 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerQuest Drive Image 2002
2016-11-06 17:33 - 2013-06-04 18:56 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
2016-11-06 17:33 - 2013-06-04 18:12 - 00000000 ___DC C:\Users\Fraser Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Graph
2016-11-06 17:33 - 2013-05-09 11:12 - 00000000 ___DC C:\Users\Fraser Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldWave
2016-11-06 17:33 - 2013-05-09 11:02 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2016-11-06 17:33 - 2013-05-09 10:48 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compare It!
2016-11-06 17:33 - 2013-05-05 17:06 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2016-11-06 17:33 - 2013-05-02 13:31 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2016-11-06 17:31 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-06 17:31 - 2015-10-30 06:28 - 00000000 ___DC C:\Users\Default.migrated
2016-11-06 17:24 - 2016-07-16 14:14 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-11-06 17:24 - 2016-07-16 14:14 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-11-06 17:24 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-11-06 17:24 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-11-06 17:24 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-11-06 17:24 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-11-06 17:24 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-11-06 17:24 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-11-06 17:24 - 2013-05-03 19:45 - 00000000 ___DC C:\WINDOWS\SysWOW64\x64
2016-11-06 17:23 - 2016-07-16 14:14 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-11-06 17:23 - 2016-07-16 14:14 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-11-06 17:23 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-11-06 17:23 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-11-06 17:23 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-11-06 17:23 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\IME
2016-11-06 17:23 - 2015-07-22 13:56 - 00000000 ___DC C:\WINDOWS\system32\RaLanguages
2016-11-06 17:23 - 2013-08-22 15:36 - 00000000 ___DC C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-11-06 17:23 - 2013-08-22 15:36 - 00000000 ___DC C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-11-06 17:22 - 2016-07-16 14:15 - 00000000 ____D C:\WINDOWS\OCR
2016-11-06 17:22 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\System
2016-11-06 17:22 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\schemas
2016-11-06 17:22 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\InputMethod
2016-11-06 17:22 - 2013-06-02 13:13 - 00000000 ___DC C:\WINDOWS\system32\appmgmt
2016-11-06 17:21 - 2016-07-19 15:44 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leckie and Leckie Success CDs
2016-11-06 17:21 - 2016-07-16 11:47 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-11-06 17:21 - 2016-07-16 11:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-11-06 17:21 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\IME
2016-11-06 17:21 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Help
2016-11-06 17:21 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-11-06 17:21 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-11-06 17:21 - 2016-06-07 13:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cppcheck x64 1.74
2016-11-06 17:21 - 2016-05-14 12:06 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GLPCCamera
2016-11-06 17:21 - 2016-04-05 08:58 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-11-06 17:21 - 2016-02-22 13:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2016-11-06 17:21 - 2015-08-12 11:01 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2016-11-06 17:21 - 2014-03-11 19:09 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA
2016-11-06 17:21 - 2013-11-12 09:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2016-11-06 17:21 - 2013-09-24 16:25 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2016-11-06 17:21 - 2013-06-04 18:12 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graph
2016-11-06 17:21 - 2013-05-09 18:10 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-11-06 17:21 - 2013-05-03 19:50 - 00000000 __RDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-11-06 17:21 - 2011-04-12 08:28 - 00000000 __RDC C:\Users\Public\Recorded TV
2016-11-06 17:19 - 2013-08-22 15:36 - 00000000 __HDC C:\WINDOWS\system32\GroupPolicy
2016-11-06 17:13 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-11-06 17:13 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-11-06 16:49 - 2013-04-27 22:19 - 00008192 _RSHC C:\BOOTSECT.BAK
2016-11-06 16:37 - 2015-06-17 13:00 - 00000624 ____C C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3240783315-1213011343-4006949943-1000.job
2016-11-06 12:49 - 2015-10-26 16:21 - 00000742 ____C C:\Users\Public\Desktop\CCleaner.lnk
2016-11-06 11:01 - 2016-05-01 15:43 - 00002457 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-06 10:51 - 2013-05-05 17:06 - 00184760 ____C (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2016-11-06 10:51 - 2013-05-05 17:06 - 00118384 ____C (Webroot) C:\WINDOWS\system32\WRusr.dll
2016-10-24 23:30 - 2016-07-16 11:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-24 23:30 - 2016-07-16 11:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-15 09:01 - 2013-04-27 22:19 - 00389400 __RSH C:\bootmgr
2016-10-13 21:55 - 2012-09-20 15:02 - 03942864 _____ (Logitech, Inc.) C:\WINDOWS\system32\LogiLDA.DLL

==================== Files in the root of some directories =======

2015-05-11 17:47 - 2015-05-11 17:47 - 0013030 ____C () C:\Users\Fraser Ross\AppData\Roaming\PDOXUSRS.NET
2013-06-14 12:16 - 2013-10-20 16:17 - 0241245 ____C () C:\Users\Fraser Ross\AppData\Roaming\Safer-Networking.log
2015-04-15 14:58 - 2015-04-15 14:58 - 0000000 ____C () C:\Users\Fraser Ross\AppData\Roaming\wklnhst.dat
2013-09-24 13:50 - 2013-11-03 11:10 - 0004608 ____C () C:\Users\Fraser Ross\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-12 10:45 - 2015-05-12 10:45 - 0000099 ____C () C:\Users\Fraser Ross\AppData\Local\fusioncache.dat
2013-05-04 14:44 - 2015-08-03 14:37 - 0007598 ____C () C:\Users\Fraser Ross\AppData\Local\resmon.resmoncfg
2013-12-04 19:44 - 2013-12-04 19:44 - 0214898 ____C () C:\ProgramData\1386185953.bdinstall.bin
2013-12-18 17:24 - 2013-12-18 17:24 - 0037670 ____C () C:\ProgramData\1387387460.bdinstall.bin
2013-12-18 17:28 - 2013-12-18 17:28 - 0099170 ____C () C:\ProgramData\1387387463.bdinstall.bin
2014-01-16 10:44 - 2014-01-16 10:50 - 0050560 ____C () C:\ProgramData\1389869065.1444.bin
2014-01-16 10:50 - 2014-01-16 10:50 - 0029592 ____C () C:\ProgramData\1389869065.2208.bin
2014-01-16 10:44 - 2014-01-16 10:50 - 0008459 ____C () C:\ProgramData\1389869065.2940.bin
2014-01-16 10:45 - 2014-01-16 10:50 - 0002538 ____C () C:\ProgramData\1389869065.4112.bin
2014-01-16 10:45 - 2014-01-16 10:50 - 0013719 ____C () C:\ProgramData\1389869065.5048.bin
2014-01-16 10:45 - 2014-01-16 10:50 - 0009919 ____C () C:\ProgramData\1389869065.5176.bin
2014-01-16 10:44 - 2014-01-16 10:45 - 0003305 ____C () C:\ProgramData\1389869065.5388.bin
2014-01-16 10:45 - 2014-01-16 10:50 - 0000507 ____C () C:\ProgramData\1389869065.5684.bin
2014-01-16 10:50 - 2014-01-16 10:50 - 0034522 ____C () C:\ProgramData\1389869410.bdinstall.bin
2014-01-16 10:55 - 2014-01-16 10:55 - 0048222 ____C () C:\ProgramData\1389869441.bdinstall.bin
2016-11-06 17:12 - 2016-11-06 17:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-06 17:09

==================== End of FRST.txt ============================

I could not get a log file from aswMBR because it crashed the computer.

FraserR

2016-11-10, 17:59

I have finally updated Spybot now in safe mode. I have ran it but it only found low level stuff.

tashi

2016-11-10, 18:04

Hello FraserR,

Posting additional comments or logs before a volunteer responds can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count, they look for topics with a 0 response.

https://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance)-Updated

You have made five posts in your new topic. :lip: I will see if I can flag a helper, meanwhile please do not add additional comments.

Thank you. :)

Juliet

2016-11-10, 23:25

Welcome

I need to ask a few questions

R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-11-03] (Kaspersky Lab ZAO)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-11-03] (Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [172920 2015-11-03] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [413008 2016-08-01] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [917880 2015-11-03] (AO Kaspersky Lab)
All the above are related to Kaspersky antivirus/security suite?

And you also have Webroot Inc./Webroot AntiVirus - Internet Security ?
AVG_Antivirus_Free ?
SpyBot Antivirus?
What you need to do first is to downsize to 1 antivirus software for this machine.

~~~~

Do you connect to the internet by ProxyServer?

I see items related to a proxy but I shouldn't remove them if this is how this machine connects to the internet.
Please let me know in your next reply.

Now, when Farbar Recovery Scan Tool was first run it should had created an Addition.txt
Can you copy and paste this in your next reply please along with info on above questions.

FraserR

2016-11-11, 11:10

I don't have Kaspersky. I can't remember ever trying it. It might have been installed as part of something else. I have uninstalled AVG. My anti-malware software is Secure Anywhere, Zone Alarm, Spybot and Malwarebytes Anti-malware. All of these can coexist I would say from experience.

I don't use a proxy other than the Spybot proxy. It is not a real proxy server only an extention to the system.

Here is Addition.txt;

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Fraser Ross (10-11-2016 11:52:02)
Running from M:\Software\Farbar recovery scan tool
Windows 10 Pro Version 1607 (X64) (2016-11-06 17:59:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3240783315-1213011343-4006949943-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3240783315-1213011343-4006949943-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-3240783315-1213011343-4006949943-503 - Limited - Disabled)
Fraser Ross (S-1-5-21-3240783315-1213011343-4006949943-1000 - Administrator - Enabled) => C:\Users\Fraser Ross
Guest (S-1-5-21-3240783315-1213011343-4006949943-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3240783315-1213011343-4006949943-1009 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Spybot - Search and Destroy (Enabled - Up to date) {1A0DDE8C-B4BA-EFDD-22A8-0F557C7985F0}
AV: ZoneAlarm Free Firewall Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: ZoneAlarm Free Firewall Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Acronis True Image 2014 (HKLM-x32\...\{F11B92AF-B753-455B-BD04-898A84863B0B}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Active@ File Recovery 12 (HKLM\...\{177608F6-F029-4301-B176-15BA7C605B73}_is1) (Version: 12 - LSoft Technologies Inc)
Active@ Partition Manager 5 (HKLM\...\{FE2483C5-A90C-401D-967F-023A9C3CAAAF}_is1) (Version: 5 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AOMEI Partition Assistant Standard Edition 6.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
Application Verifier x64 External Package (Version: 10.1.10586.212 - Microsoft) Hidden
AX88772C_772B_772A_772 Windows 8.x Drivers [v3.16.10.0] (HKLM-x32\...\InstallShield_{64D4DE98-8A33-4ED6-BF91-B52F6358B166}) (Version: 3.0.3.0 - ASIX Electronics Corporation)
AX88772C_772B_772A_772 Windows 8.x Drivers [v3.16.10.0] (x32 Version: 3.0.3.0 - ASIX Electronics Corporation) Hidden
BDE Information Utility (HKLM-x32\...\BDE Information Utility) (Version: - InterBase Installation Info (and BDE Information Utility))
BDE_ENT (x32 Version: 5.1.1 - Borland Software Corp.) Hidden
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
B-Link Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.26.0 - B-Link)
Borland Turbo C++ (HKLM-x32\...\{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}) (Version: 10.0.3 - Borland Software Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Compare It! (HKLM-x32\...\Compare It!_is1) (Version: 4.2 - Grig Software)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cppcheck x64 1.74 (HKLM\...\{C8F47281-B55C-4F6D-BBB2-F11C76482ABD}) (Version: 1.74 - The Cppcheck team)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Drive Image (x32 Version: 6.00.000 - PowerQuest) Hidden
Eassos PartitionGuru 4.7.2 (HKLM\...\{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1) (Version: - Eassos Co., Ltd.)
Elevated Installer (x32 Version: 4.0.19.0 - Garmin Ltd or its subsidiaries) Hidden
Entity Framework 6.1.3 Tools for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FREE Outlook PST File Viewer version 2.0 (HKLM-x32\...\{FC708B30-BA65-4091-B93C-A50A367B6448}_is1) (Version: 2.0 - www.freeviewer.org)
Garmin Express (HKLM-x32\...\{3ee9d193-ab0b-47f1-a31c-cce4678679ce}) (Version: 4.0.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.19.0 - Garmin Ltd or its subsidiaries) Hidden
GL USB2.0 UVC Camera Device (HKLM-x32\...\{9897BBD8-013A-49F3-928E-866A59B6E00C}) (Version: 14.03.11.0 - GenesysLogic)
GoldWave v5.68 (HKLM-x32\...\GoldWave v5.68) (Version: 5.68 - GoldWave Inc.)
GoToMeeting 7.26.0.5808 (HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\GoToMeeting) (Version: 7.26.0.5808 - CitrixOnline)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version: - Ivan Johansen)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: - HDS)
HWiNFO64 Version 5.02 (HKLM\...\HWiNFO64_is1) (Version: 5.02 - Martin Malík - REALiX)
Intel(R) Chipset Device Software (x32 Version: 10.0.26 - Intel(R) Corporation) Hidden
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Integrator Toolkit 5 (HKLM-x32\...\{E7597FFE-2C87-4939-89E6-38EF01C247DF}) (Version: 1.0.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel(R) Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) SMBus (HKLM\...\SMBus) (Version: - )
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intellisense Lang Pack Mobile Extension SDK 10.0.10586.0 (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
IsoBuster 3.7 (HKLM-x32\...\IsoBuster_is1) (Version: 3.7 - Smart Projects)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 10.1.10586.212 - Microsoft) Hidden
Laplink PCmover Image Assistant (HKLM-x32\...\{880C0A42-B220-4136-AC91-A19A6C9B17B9}) (Version: 8.20.635 - Laplink Software, Inc.)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Measurement version 2.0 (HKLM-x32\...\{D694A790-B0B4-43A3-9482-2E7AC0B95C7C}_is1) (Version: 2.0 - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework SDK (English) 1.1 (HKLM-x32\...\{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}) (Version: 1.1.4322 - Microsoft)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2015 for Windows Desktop - ENU (HKLM-x32\...\{cf9e81f7-4c03-403e-92b1-93d18aa8c3a4}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Windows 10 SDK Installer (HKLM-x32\...\Microsoft Windows 10 SDK Installer) (Version: 18.0 - Embarcadero Technologies Inc.)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-GB) (HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Mozilla Firefox 48.0.2 (x86 en-GB)) (Version: 48.0.2 - Mozilla)
Mozilla Thunderbird 45.3.0 (x86 en-GB) (HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Mozilla Thunderbird 45.3.0 (x86 en-GB)) (Version: 45.3.0 - Mozilla)
MSI Development Tools (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1053.0 - Passmark Software)
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
RAD Studio 10.1 Berlin version 18.0 (HKLM-x32\...\{F4A93EC9-7AD8-4874-853D-02C09A51B141}_is1) (Version: 18.0 - Embarcadero Technologies, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Registrar Registry Manager 8.00 (HKLM\...\RegistrarHome_is1) (Version: - Resplendence Software Projects Sp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
SDK Debuggers (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SimCoupe (HKLM-x32\...\SimCoupe) (Version: - )
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.)
Standard Grade English Success Guide (HKLM-x32\...\{C726D498-724F-4F86-907D-278083340CC8}) (Version: 3.0.0.0 - 3MRT)
StartW8 1.2.111.0 (HKLM-x32\...\{2FA895E0-C8CF-4216-90AB-C2E21A62BCB1}) (Version: 1.2.111.0 - SODATSW spol. s r. o.)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - )
UltraSearch V2.0.3 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.0.3 - JAM Software)
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.13.62 - Webroot)
WinAppDeploy (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows SDK AddOn (HKLM-x32\...\{75C39BA6-1D02-4BEA-844F-0EA6C4B7FA1B}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation)
WinRT Intellisense Desktop - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WPT Redistributables (x32 Version: 10.1.10586.212 - Microsoft) Hidden
WPTx64 (x32 Version: 10.1.10586.212 - Microsoft) Hidden
XnView 2.39 (HKLM-x32\...\XnView_is1) (Version: 2.39 - Gougelet Pierre-e)
ZoneAlarm Antivirus (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 14.1.057.000 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Fraser Ross\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Fraser Ross\AppData\Local\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0446197A-0B7A-4D11-BFEC-89B876792820} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1C4768E9-953E-470B-81D4-06316CE2FF31} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1FED9775-13FA-4DDC-8703-AAF8D49E67D7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2BDDB070-F020-49A5-9220-82D3129DFFD9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2CC84D94-3EE5-44A4-8647-B22D7F547F18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {346BF243-F675-478A-BDBD-3CFB38198A3A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {377C4ED5-B272-4657-939B-CBA97F5887EF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {47E9A61D-A100-4FCC-A76F-61C5AAAC12BC} - \Microsoft\Windows\Setup\GWXTriggers\Time-3xd -> No File <==== ATTENTION
Task: {48595EC4-1D31-4A88-99B3-AB45CDD63EDD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {515A6BBD-898D-4C19-A593-4B849587BDD4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53959AED-D485-4CBB-ACC2-FEF27F5EE8A4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6CD94585-513A-469C-9329-02802BFDB211} - System32\Tasks\G2MUpdateTask-S-1-5-21-3240783315-1213011343-4006949943-1000 => C:\Users\Fraser Ross\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe [2016-11-06] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6EE898C9-D8A9-466F-9241-ED7E6FCAC876} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {727DBBF7-E3A0-4AE7-A257-B9A0A1536799} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {76150396-6FDD-45B9-9FAA-279A9BB9D189} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7617D5C2-B966-44C9-8E3A-1C529B076AA1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {7B2D1CDD-9D4D-461C-8D89-240FE5D6A32E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7CB35667-A61D-40E7-BDF4-0DB532A18327} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {930F199B-1229-4FFB-B1C0-167A3C9F638B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {93D7E656-3CD3-4C3B-97A5-F4640A21D915} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {9C013B01-5D9E-4C9B-A0ED-6EFEEF07F9DD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9F46620C-3403-44C7-8E1C-E09133BD2476} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A75A5409-1266-4CCC-93CE-1514722F7CCF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0C1C488-F8B6-4260-B522-36FDB60D97A9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {B6FE9F2A-ACA5-4ECC-B625-9DBB32EDD93C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BD8BCE79-B145-453A-98AB-33DE7536E50E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BFC18358-6B16-4810-899F-DF2DA5932BC8} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C472FF2B-C064-46B1-B8F0-ED17BBBC28B8} - System32\Tasks\CCleanerSkipUAC => I:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {D09BFFB9-0840-46A4-AA20-8B126ABC634C} - System32\Tasks\{6DDCC59A-CD43-492C-AF13-CAAF0BD3C4DD} => pcalua.exe -a "F:\Program Files (x86)\Borland\BDS\4.0\Bin\bds.exe" -d "C:\Users\Fraser Ross\Desktop" -c -pCBuilder
Task: {D88F3FB4-A089-422A-B189-5C10B64AC68D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DFA8DD62-74B1-4532-B046-965AEF719A75} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {E1F2A746-33F2-4467-9BC7-5782C90C121A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {E8EC5650-8483-4716-9C6B-BE1F14AC5371} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ECAF5FA7-1443-4275-BD1E-A1401949D6B1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ECD18769-71C6-4A06-819E-C2C99305EDC7} - System32\Tasks\G2MUploadTask-S-1-5-21-3240783315-1213011343-4006949943-1000 => C:\Users\Fraser Ross\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe [2016-11-06] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {EF86434C-58BB-47B1-8E28-9E9F3C07AB7B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F40D6D82-F477-4957-AB54-77FC67BACCD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3240783315-1213011343-4006949943-1000.job => C:\Users\Fraser Ross\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3240783315-1213011343-4006949943-1000.job => C:\Users\Fraser Ross\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Fraser Ross\Desktop\CheckAll.BAT - Shortcut.lnk -> D:\CheckAll.BAT ()

ShortcutWithArgument: C:\Users\Fraser Ross\Desktop\Intel(R) Integrator Toolkit 5.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.intel.com/go/itk

==================== Loaded Modules (Whitelisted) ==============

2014-03-11 19:09 - 2011-03-15 14:18 - 00055920 _____ () C:\Program Files (x86)\VIA\RAID\vialogsv.exe
2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-11-08 17:34 - 2016-09-15 17:25 - 02681200 ____C () C:\WINDOWS\System32\CoreUIComponents.dll
2016-11-08 17:34 - 2016-09-15 17:25 - 02681200 ____C () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-08 17:34 - 2016-09-15 17:25 - 02681200 ____C () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-06 18:11 - 2016-11-06 18:11 - 00959168 ____C () C:\Users\Fraser Ross\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2013-10-01 11:00 - 2013-10-01 11:00 - 02811008 _____ () I:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2016-11-08 17:34 - 2016-09-07 04:56 - 00134656 ____C () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-08 17:34 - 2016-10-05 09:35 - 00474112 ____C () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-08 17:34 - 2016-10-15 03:41 - 09760256 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 17:34 - 2016-10-15 03:34 - 01401344 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 17:34 - 2016-10-15 03:34 - 00757248 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 17:34 - 2016-10-15 03:34 - 02424832 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 17:34 - 2016-10-15 03:38 - 04853760 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-20 17:14 - 2015-11-20 17:14 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-11 19:09 - 2011-03-15 14:18 - 02378352 _____ () C:\Program Files (x86)\VIA\RAID\raid_tool.exe
2015-11-03 06:42 - 2015-11-03 06:42 - 00794920 _____ () I:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll
2016-11-07 16:07 - 2014-05-13 12:04 - 00109400 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-11-07 16:07 - 2014-05-13 12:04 - 00167768 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-11-07 16:07 - 2014-05-13 12:04 - 00416600 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-11-07 16:07 - 2012-08-23 10:38 - 00574840 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-11 19:09 - 2011-02-14 10:42 - 00200704 _____ () C:\Program Files (x86)\VIA\RAID\drvInterface.dll
2014-03-11 19:09 - 2011-02-14 10:53 - 00581632 ____R () C:\Program Files (x86)\VIA\RAID\language.dll
2015-09-04 12:59 - 2013-05-13 14:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () I:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:3C57BFC0 [121]
AlternateDataStreams: C:\ProgramData\TEMP:6EEE61F0 [121]
AlternateDataStreams: C:\ProgramData\TEMP:753C01E7 [143]
AlternateDataStreams: C:\ProgramData\TEMP:9E00596C [264]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7916 more sites.

IE trusted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\amazon.co.uk -> hxxps://www.amazon.co.uk
IE trusted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\flightradar24.com -> hxxp://www.flightradar24.com
IE trusted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\grc.com -> hxxps://www.grc.com
IE trusted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\mathhelpforum.com -> hxxp://mathhelpforum.com
IE trusted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\spybot.info -> hxxps://forums.spybot.info
IE trusted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\sqa.org.uk -> hxxp://www.sqa.org.uk
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\123simsen.com -> www.123simsen.com

There are 7917 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 05:26 - 2016-11-07 15:55 - 00457232 ___RC C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15664 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "ipTray.exe"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{DDE39860-F093-48C0-92AE-F20AE4E9293C}F:\program files (x86)\embarcadero\studio\18.0\bin\bds.exe] => (Allow) F:\program files (x86)\embarcadero\studio\18.0\bin\bds.exe
FirewallRules: [TCP Query User{94D7EFA7-7C30-41C0-A646-B034E18CCDE5}F:\program files (x86)\embarcadero\studio\18.0\bin\bds.exe] => (Allow) F:\program files (x86)\embarcadero\studio\18.0\bin\bds.exe
FirewallRules: [{69BB2A43-6432-4197-84BA-0A6D53CC67DF}] => (Allow) I:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{71CE1664-5775-451E-BDEA-3165794CD998}] => (Allow) I:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F48EC2A6-8641-4D65-A3E3-A7A94E9E38E6}] => (Allow) I:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{60A08461-5E5D-49F6-899F-EAD93C58EAFC}] => (Allow) I:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{3A86F1FA-02AA-4954-ABDC-8DDD72BF183A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{03C4DB14-47F2-4AA8-B96A-36F2BE0BCB4B}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{621C3756-B648-4EAC-B040-F1C3D66B0419}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{3CEA4340-F82C-4FA2-B5A0-208369499C82}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{1FAE52D3-36E4-4407-8F26-3BD4DDE04367}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{EA787F38-A4F2-4A92-BEDE-1C9F8BC6553A}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{C420BEAD-F384-4E95-9976-654B744379C0}] => (Allow) C:\Users\Fraser Ross\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E7665847-4365-41FB-83D8-BF2BE8F04754}] => (Allow) C:\Users\Fraser Ross\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{48433FEE-4B5F-48F7-842A-88546111B894}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{6E89B0E9-370B-4874-BF47-EA4184861981}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{6B77AE7A-446E-4455-8E21-9F3D59ED4FB7}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{4472BECD-C723-4EC9-95AD-753C9284F96D}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{55EC2839-BFF4-43AA-8E21-D7CE37FDDABE}I:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) I:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{592C50DC-EF56-4866-A47D-B0A6E8B2B3AF}I:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) I:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [{F010CB94-478A-41C0-86E8-DE523D3C7DBD}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{9B722DDC-F588-4389-8930-25C4A0F98814}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{A8025628-85E1-486C-B4C8-4E2A4156EC7B}F:\program files (x86)\embarcadero\studio\16.0\bin\bds.exe] => (Allow) F:\program files (x86)\embarcadero\studio\16.0\bin\bds.exe
FirewallRules: [UDP Query User{1197FF32-6D62-42A7-B594-03FC86103457}F:\program files (x86)\embarcadero\studio\16.0\bin\bds.exe] => (Allow) F:\program files (x86)\embarcadero\studio\16.0\bin\bds.exe
FirewallRules: [{DCAECFA8-378C-4D3F-A3B6-B7F810C0956E}] => (Allow) I:\Program Files (x86)\Laplink\PCmover\pcmover.exe
FirewallRules: [{E5545D88-90F9-415F-A6B6-0E0540A5C18F}] => (Allow) C:\Program Files (x86)\B-Link\Common\RaUI.exe
FirewallRules: [{095D6308-9CDF-4AF0-BDDF-F2087E2861C4}] => (Allow) C:\Program Files (x86)\B-Link\Common\RaUI.exe
FirewallRules: [{121694BF-C97A-4903-9AE9-582983BD51EB}] => (Allow) C:\Program Files (x86)\B-Link\Common\ApUI.exe
FirewallRules: [{546BA8E0-B040-4D0F-9AC3-28345CCA57C4}] => (Allow) C:\Program Files (x86)\B-Link\Common\ApUI.exe
FirewallRules: [{0221E934-7552-4A09-BF77-CA179CF70C42}] => (Allow) I:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{02133C94-EF5E-403B-BAB4-1548E9DFEE0A}] => (Allow) I:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EB22DF4B-2815-4A53-888E-0DBB3092AEE6}] => (Allow) C:\Program Files (x86)\B-Link\Common\RaMediaServer.exe
FirewallRules: [{93D7A67C-BFFC-4337-9FA4-80D1EA76C875}] => (Allow) C:\Program Files (x86)\B-Link\Common\RaMediaServer.exe
FirewallRules: [{F201ED2B-46DB-4B8A-B40E-50898AEC4B2B}] => (Allow) F:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\WDExpress.exe
FirewallRules: [{EFCA261C-2C31-4FB6-84BA-C3273561C64D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{AE64BBD5-3E5D-4910-BB61-27136B21B39F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2016 11:13:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2016 11:13:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2016 11:13:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2016 11:13:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/09/2016 06:27:40 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Windows\System32\sdnclean64.exe".Error in manifest or policy file "C:\Windows\System32\sdnclean64.exe" on line 2.
The manifest file root element must be assembly.

Error: (11/09/2016 06:27:40 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\Tools.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\Tools.dll" on line 2.
The manifest file root element must be assembly.

Error: (11/09/2016 06:27:40 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWinLogon.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWinLogon.dll" on line 2.
The manifest file root element must be assembly.

Error: (11/09/2016 06:27:40 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTasks.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTasks.dll" on line 2.
The manifest file root element must be assembly.

Error: (11/09/2016 06:27:39 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDResources.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDResources.dll" on line 2.
The manifest file root element must be assembly.

Error: (11/09/2016 06:27:38 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLists.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLists.dll" on line 2.
The manifest file root element must be assembly.

System errors:
=============
Error: (11/10/2016 11:15:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/10/2016 11:15:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (11/10/2016 11:15:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/10/2016 11:15:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (11/10/2016 11:13:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/10/2016 11:12:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the StartW8Service service.

Error: (11/10/2016 11:12:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

Error: (11/10/2016 11:12:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the StartW8Service service.

Error: (11/10/2016 11:12:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

Error: (11/10/2016 11:11:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the StartW8Service service.

CodeIntegrity:
===================================
Date: 2016-11-10 11:53:12.148
Description: Code Integrity determined that a process (\Device\HarddiskVolume11\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-10 11:45:54.464
Description: Code Integrity determined that a process (\Device\HarddiskVolume11\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-10 11:30:54.581
Description: Code Integrity determined that a process (\Device\HarddiskVolume11\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-10 11:22:42.119
Description: Code Integrity determined that a process (\Device\HarddiskVolume11\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-10 11:17:35.648
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-10 11:17:35.641
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-09 18:59:48.273
Description: Code Integrity determined that a process (\Device\HarddiskVolume11\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-09 18:54:44.998
Description: Code Integrity determined that a process (\Device\HarddiskVolume11\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-09 18:48:38.800
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-09 18:47:46.590
Description: Code Integrity determined that a process (\Device\HarddiskVolume11\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G840 @ 2.80GHz
Percentage of memory in use: 32%
Total physical RAM: 8085 MB
Available physical RAM: 5474.54 MB
Total Virtual: 16277 MB
Available Virtual: 13506.51 MB

==================== Drives ================================

Drive c: (WINDOWS8PRO) (Fixed) (Total:74.53 GB) (Free:28.34 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (PERSONAL) (Fixed) (Total:19.08 GB) (Free:13.97 GB) NTFS
Drive e: (MS-DOS) (Fixed) (Total:0.27 GB) (Free:0.17 GB) FAT32
Drive f: (PROGRAMMING) (Fixed) (Total:56.91 GB) (Free:50.87 GB) NTFS
Drive g: (STORE) (Fixed) (Total:10.47 GB) (Free:5.69 GB) NTFS
Drive h: (SOFTWARE) (Fixed) (Total:58.6 GB) (Free:32.67 GB) NTFS
Drive i: (PROGRAM FILES) (Fixed) (Total:26.26 GB) (Free:21.06 GB) NTFS
Drive j: (BACKUP) (Fixed) (Total:53.36 GB) (Free:26.95 GB) NTFS
Drive m: (HITMANPRO) (Removable) (Total:3.72 GB) (Free:0.4 GB) NTFS
Drive w: (VIDEOS) (Fixed) (Total:40.78 GB) (Free:0.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 445FB159)
Partition 1: (Not Active) - (Size=40.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=83.2 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 45FC08D3)
Partition 1: (Not Active) - (Size=26.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=206.6 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 0D061142)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 3.7 GB) (Disk ID: 22A01489)
Partition 1: (Active) - (Size=3.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Juliet

2016-11-11, 12:53

Your log shows a lot of (group) policies, did you make those settings or allow an application on the machine to set those?
I don't want to change those if it's something you allowed?

HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0

~~~~~~~~~~~~~~~`

This version of Java needs to be removed
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

~~~~

We'll take those Kaspersky files out, could be causing a little interference

Running from M:\Software\Farbar recovery scan tool

It's best we move Farbar's to desktop.
Please go to your M:\Software folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CreateRestorePoint:
CloseProcesses:
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-11-03] (Kaspersky Lab ZAO)
C:\WINDOWS\System32\DRIVERS\kl1.sys
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-11-03] (Kaspersky Lab)
C:\WINDOWS\System32\DRIVERS\klelam.sys
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [172920 2015-11-03] (AO Kaspersky Lab)
C:\WINDOWS\system32\DRIVERS\klflt.sys
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [413008 2016-08-01] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [917880 2015-11-03] (AO Kaspersky Lab)
ProxyServer: [S-1-5-21-3240783315-1213011343-4006949943-1000] => localhost:21320
Toolbar: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
U3 aspnet_state; no ImagePath
U3 idsvc; no ImagePath
Task: {0446197A-0B7A-4D11-BFEC-89B876792820} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {377C4ED5-B272-4657-939B-CBA97F5887EF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {47E9A61D-A100-4FCC-A76F-61C5AAAC12BC} - \Microsoft\Windows\Setup\GWXTriggers\Time-3xd -> No File <==== ATTENTION
Task: {7CB35667-A61D-40E7-BDF4-0DB532A18327} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9C013B01-5D9E-4C9B-A0ED-6EFEEF07F9DD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9F46620C-3403-44C7-8E1C-E09133BD2476} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B0C1C488-F8B6-4260-B522-36FDB60D97A9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {B6FE9F2A-ACA5-4ECC-B625-9DBB32EDD93C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D88F3FB4-A089-422A-B189-5C10B64AC68D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E8EC5650-8483-4716-9C6B-BE1F14AC5371} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ECAF5FA7-1443-4275-BD1E-A1401949D6B1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F40D6D82-F477-4957-AB54-77FC67BACCD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:3C57BFC0 [121]
AlternateDataStreams: C:\ProgramData\TEMP:6EEE61F0 [121]
AlternateDataStreams: C:\ProgramData\TEMP:753C01E7 [143]
AlternateDataStreams: C:\ProgramData\TEMP:9E00596C [264]
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
In order to use AdwCleaner, you have to agree the Eula:
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.
~~~~~~~~~

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt

FraserR

2016-11-11, 13:35

I have removed Java 8 update 91. The group policies were not made by me. I don't know much about policies.

FraserR

2016-11-11, 13:59

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Fraser Ross (11-11-2016 12:39:26) Run:1
Running from C:\Users\Fraser Ross\Desktop
Loaded Profiles: Fraser Ross (Available Profiles: Fraser Ross)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-11-03] (Kaspersky Lab ZAO)
C:\WINDOWS\System32\DRIVERS\kl1.sys
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-11-03] (Kaspersky Lab)
C:\WINDOWS\System32\DRIVERS\klelam.sys
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [172920 2015-11-03] (AO Kaspersky Lab)
C:\WINDOWS\system32\DRIVERS\klflt.sys
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [413008 2016-08-01] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [917880 2015-11-03] (AO Kaspersky Lab)
ProxyServer: [S-1-5-21-3240783315-1213011343-4006949943-1000] => localhost:21320
Toolbar: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
U3 aspnet_state; no ImagePath
U3 idsvc; no ImagePath
Task: {0446197A-0B7A-4D11-BFEC-89B876792820} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {377C4ED5-B272-4657-939B-CBA97F5887EF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {47E9A61D-A100-4FCC-A76F-61C5AAAC12BC} - \Microsoft\Windows\Setup\GWXTriggers\Time-3xd -> No File <==== ATTENTION
Task: {7CB35667-A61D-40E7-BDF4-0DB532A18327} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9C013B01-5D9E-4C9B-A0ED-6EFEEF07F9DD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9F46620C-3403-44C7-8E1C-E09133BD2476} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B0C1C488-F8B6-4260-B522-36FDB60D97A9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {B6FE9F2A-ACA5-4ECC-B625-9DBB32EDD93C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D88F3FB4-A089-422A-B189-5C10B64AC68D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E8EC5650-8483-4716-9C6B-BE1F14AC5371} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ECAF5FA7-1443-4275-BD1E-A1401949D6B1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F40D6D82-F477-4957-AB54-77FC67BACCD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:3C57BFC0 [121]
AlternateDataStreams: C:\ProgramData\TEMP:6EEE61F0 [121]
AlternateDataStreams: C:\ProgramData\TEMP:753C01E7 [143]
AlternateDataStreams: C:\ProgramData\TEMP:9E00596C [264]
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
EmptyTemp:
End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
KL1 => Unable to stop service.
KL1 => service removed successfully
C:\WINDOWS\System32\DRIVERS\kl1.sys => moved successfully
klelam => service removed successfully
C:\WINDOWS\System32\DRIVERS\klelam.sys => moved successfully
klflt => Unable to stop service.
klflt => service removed successfully
C:\WINDOWS\system32\DRIVERS\klflt.sys => moved successfully
klhk => Unable to stop service.
klhk => service removed successfully
KLIF => Unable to stop service.
KLIF => service could not remove
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value removed successfully
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} => value removed successfully
aspnet_state => service removed successfully
idsvc => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0446197A-0B7A-4D11-BFEC-89B876792820}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0446197A-0B7A-4D11-BFEC-89B876792820}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{377C4ED5-B272-4657-939B-CBA97F5887EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{377C4ED5-B272-4657-939B-CBA97F5887EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47E9A61D-A100-4FCC-A76F-61C5AAAC12BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E9A61D-A100-4FCC-A76F-61C5AAAC12BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-3xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CB35667-A61D-40E7-BDF4-0DB532A18327}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CB35667-A61D-40E7-BDF4-0DB532A18327}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C013B01-5D9E-4C9B-A0ED-6EFEEF07F9DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C013B01-5D9E-4C9B-A0ED-6EFEEF07F9DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F46620C-3403-44C7-8E1C-E09133BD2476}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F46620C-3403-44C7-8E1C-E09133BD2476}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0C1C488-F8B6-4260-B522-36FDB60D97A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0C1C488-F8B6-4260-B522-36FDB60D97A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6FE9F2A-ACA5-4ECC-B625-9DBB32EDD93C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6FE9F2A-ACA5-4ECC-B625-9DBB32EDD93C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D88F3FB4-A089-422A-B189-5C10B64AC68D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D88F3FB4-A089-422A-B189-5C10B64AC68D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8EC5650-8483-4716-9C6B-BE1F14AC5371}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8EC5650-8483-4716-9C6B-BE1F14AC5371}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECAF5FA7-1443-4275-BD1E-A1401949D6B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECAF5FA7-1443-4275-BD1E-A1401949D6B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F40D6D82-F477-4957-AB54-77FC67BACCD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F40D6D82-F477-4957-AB54-77FC67BACCD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
C:\ProgramData\TEMP => ":3C57BFC0" ADS removed successfully.
C:\ProgramData\TEMP => ":6EEE61F0" ADS removed successfully.
C:\ProgramData\TEMP => ":753C01E7" ADS removed successfully.
C:\ProgramData\TEMP => ":9E00596C" ADS removed successfully.
"HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\.exe" => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 63000482 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 2313 B
Edge => 0 B
Chrome => 0 B
Firefox => 8732335 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 24791225 B
NetworkService => 792 B
Fraser Ross => 18922741 B

RecycleBin => 0 B
EmptyTemp: => 110.1 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 12:39:58 ====

FraserR

2016-11-11, 14:58

# AdwCleaner v6.030 - Logfile created 11/11/2016 at 13:22:17
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-18.1 [Local]
# Operating System : Windows 10 Pro (X64)
# Username : Fraser Ross - FROSSDESKTOP
# Running from : C:\Users\Fraser Ross\Downloads\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Fraser Ross\AppData\Local\PackageAware
[-] Folder deleted: C:\Users\Fraser Ross\AppData\LocalLow\Check Point Software Technologies LTD
[-] Folder deleted: C:\Users\Fraser Ross\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
[!] Folder not deleted: C:\Users\Fraser Ross\Favorites\Birds

***** [ Files ] *****

[-] File deleted: C:\END

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

[!] Shortcut not disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\Mount Image.lnk

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
[-] Key deleted: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\eSupport.com
[-] Key deleted: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Headlight
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\eSupport.com
[#] Key deleted on reboot: HKCU\Software\Headlight
[-] Key deleted: HKLM\SOFTWARE\PIP
[-] Key deleted: HKLM\SOFTWARE\SupDp
[#] Key deleted on reboot: HKLM\SOFTWARE\SUPDP
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\eSupport.com
[#] Key deleted on reboot: [x64] HKCU\Software\Headlight
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
[-] Key deleted: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F2872BFE-A208-4FD9-B4AC-B57C0068ABC9}
[-] Data restored: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F2872BFE-A208-4FD9-B4AC-B57C0068ABC9}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F2872BFE-A208-4FD9-B4AC-B57C0068ABC9}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Value deleted: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtection]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
[-] Key deleted: HKLM\SOFTWARE\Classes\c

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5234 Bytes] - [11/11/2016 13:22:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [5074 Bytes] - [08/11/2016 10:43:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [5147 Bytes] - [11/11/2016 13:16:13]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5453 Bytes] ##########

I am now getting pages that were previously blocked. I have not tested much yet.

FraserR

2016-11-11, 16:11

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Pro x64
Ran by Fraser Ross (Administrator) on 11/11/2016 at 14:06:44.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 20

Successfully deleted: C:\ProgramData\1386185953.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1387387460.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1387387463.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1389869065.1444.bin (File)
Successfully deleted: C:\ProgramData\1389869065.2208.bin (File)
Successfully deleted: C:\ProgramData\1389869065.2940.bin (File)
Successfully deleted: C:\ProgramData\1389869065.4112.bin (File)
Successfully deleted: C:\ProgramData\1389869065.5048.bin (File)
Successfully deleted: C:\ProgramData\1389869065.5176.bin (File)
Successfully deleted: C:\ProgramData\1389869065.5388.bin (File)
Successfully deleted: C:\ProgramData\1389869065.5684.bin (File)
Successfully deleted: C:\ProgramData\1389869410.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1389869441.bdinstall.bin (File)
Successfully deleted: C:\Users\Fraser Ross\AppData\Roaming\Mozilla\Firefox\Profiles\k0ntdoc1.default\searchplugins\zonealarm.xml (File)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERCTRL.EXE-247CF562.pf (File)
Successfully deleted: C:\WINDOWS\SysWOW64\RENB33C.tmp (File)
Successfully deleted: C:\WINDOWS\SysWOW64\RENB33D.tmp (File)
Successfully deleted: C:\WINDOWS\SysWOW64\RENC411.tmp (File)
Successfully deleted: C:\WINDOWS\SysWOW64\RENC412.tmp (File)

Deleted the following from C:\Users\Fraser Ross\AppData\Roaming\Mozilla\Firefox\Profiles\k0ntdoc1.default\prefs.js
user_pref(extensions.zonealarm.kw_url, hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&gu=13794224973f475f8661ba115960bb71&tu=10G9z00H02D33N0&sku=&tstsId=&ver=&&
user_pref(extensions.zonealarm.tlbrSrchUrl, hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=13794224973f475f8661ba115960bb71&tu=10G9z00H02D33N0&sku=&ts

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F2872BFE-A208-4FD9-B4AC-B57C0068ABC9} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/11/2016 at 15:07:15.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I will reboot now. Do you have any more suggestions?

FraserR

2016-11-11, 16:30

After rebooting I can't access the same sites again.

Juliet

2016-11-11, 20:39

let's try another scan with MalwareBytes.

Juliet

2016-11-11, 20:57

Can you temporarily disable ZoneAlarm firewall to see if it's the firewall?

Check if your Internet security software (including firewalls, antivirus programs, anti-spyware programs, and more) is blocking the connection to the Internet.
http://download.zonealarm.com/bin/inclient/ZA_HelpCenter/91591.htm

Turning the Antivirus and Anti-Spyware ON or OFF

After you install the ZoneAlarm Free Antivirus + Firewall, the Antivirus & Anti-spyware engine is ON by default.

To turn Antivirus and Anti-Spyware OFF or ON:

Open the ZoneAlarm Free Antivirus + Firewall security software client.
Click inside the ANTIVIRUS panel.

The ANTIVIRUS tab opens.
Move the ON/OFF slider to either ON or OFF position.

If the Antivirus & Anti-Spyware engine is ON, the Real-time Protection field in the ANTIVIRUS tab shows Enabled, and the main status bar shows that YOUR COMPUTER IS SECURE.

If the Antivirus & Anti-spyware engine is OFF, the Real-time Protection field in the ANTIVIRUS tab shows Disabled. The main status bar gives the warning that YOUR COMPUTER IS AT RISK and shows the Fix Now! button. If you click the Fix Now! button, the Antivirus engine turns back ON.

http://www.ehow.com/how_5089600_disable-zone-alarm.html

Now try to open a browser and go to a site of choice?

~~~

Let's see if we can get Malwarebytes Anti-Malware to update and run a fresh scan

Open Malwarebytes Anti-Malware

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.

FraserR

2016-11-11, 21:20

Malwarebytes has found nothing. I haven't tried the other suggestions yet.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/11/2016
Scan Time: 20:02
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.11.08
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Fraser Ross

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344920
Time Elapsed: 13 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Juliet

2016-11-11, 21:32

temporarily try to disable ZoneAlarm firewall

FraserR

2016-11-11, 21:37

I have disabled everything and it makes no difference.

Juliet

2016-11-11, 21:59

OK

Let's see what policies are remaining.

Please run a new Farbar Recovery Scan

Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

Juliet

2016-11-12, 03:07

when you ran AdwCleaner you commented: I am now getting pages that were previously blocked.
The tool will perform 'Winsock settings cleared'

See if this link on how to 'To reset Winsock in Windows 10' helps here
http://forum.thewindowsclub.com/windows-tips-tutorials-articles/35087-reset-winsock-windows-10-8-7-a.html

FraserR

2016-11-12, 11:38

I still have the problem. I have tried some of the tools in FixWin10. I am running FarBar again now. It has updated today. I tried the winsock repair commands and they were not entirely successful.

FraserR

2016-11-12, 11:47

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Fraser Ross (administrator) on FROSSDESKTOP (12-11-2016 10:37:21)
Running from C:\Users\Fraser Ross\Desktop
Loaded Profiles: Fraser Ross (Available Profiles: Fraser Ross)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(SODATSW spol. s .r.o.) C:\Program Files (x86)\StartW8\bin\StartW8Service.exe
(Check Point Software Technologies Ltd.) I:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\B-Link\Common\RaRegistry.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\B-Link\Common\RaRegistry64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Check Point Software Technologies, Ltd.) I:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
() C:\Program Files (x86)\VIA\RAID\vialogsv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SODATSW spol. s r.o.) C:\Program Files (x86)\StartW8\bin\StartW8Button.exe
(SODATSW spol. s r. o.) C:\Program Files (x86)\StartW8\bin\StartW8Menu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Piriform Ltd) I:\Program Files\CCleaner\CCleaner64.exe
(Acronis) I:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
() C:\Program Files (x86)\VIA\RAID\raid_tool.exe
(Check Point Software Technologies Ltd.) I:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2014-04-10] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518464 2013-07-18] (Acronis)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [990464 2016-11-06] (Webroot)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => I:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7806256 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102208 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [VIARaidUtl] => C:\Program Files (x86)\VIA\RAID\raid_tool.exe [2378352 2011-03-15] ()
HKLM-x32\...\Run: [ZoneAlarm] => I:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-03-24] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [StartW8Button] => C:\Program Files (x86)\StartW8\bin\StartW8Button.exe [59752 2014-12-15] (SODATSW spol. s r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Run: [CCleaner Monitoring] => I:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Run: [EPSON Stylus D92 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIBZE.EXE [213504 2007-10-05] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\RunOnce: [Uninstall C:\Users\Fraser Ross\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fraser Ross\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\RunOnce: [Uninstall C:\Users\Fraser Ross\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fraser Ross\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1"
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => I:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => I:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => I:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-11-06] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0c04b21a-1379-44c0-a844-be52cec79f7e}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{23b36322-0062-43c5-8a28-e4bfaef231ad}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3e9baf75-b5ed-4662-ae47-553353b64038}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
SearchScopes: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000 -> DefaultScope {F2872BFE-A208-4FD9-B4AC-B57C0068ABC9} URL =
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> I:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2016-11-06] (Webroot)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-08] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2016-11-06] (Webroot)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-08] (Oracle Corporation)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1408106732135
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Fraser Ross\AppData\Roaming\Mozilla\Firefox\Profiles\k0ntdoc1.default [2016-11-12]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\k0ntdoc1.default -> Search By ZoneAlarm
FF Homepage: Mozilla\Firefox\Profiles\k0ntdoc1.default -> hxxps://en.wikipedia.org/wiki/Main_Page
FF NetworkProxy: Mozilla\Firefox\Profiles\k0ntdoc1.default -> http", "localhost"
FF NetworkProxy: Mozilla\Firefox\Profiles\k0ntdoc1.default -> http_port", 21320
FF NetworkProxy: Mozilla\Firefox\Profiles\k0ntdoc1.default -> no_proxies_on", "192.168.2.1,http://www.amazon.co.uk,https://www.grc.com"
FF NetworkProxy: Mozilla\Firefox\Profiles\k0ntdoc1.default -> ssl", "localhost"
FF NetworkProxy: Mozilla\Firefox\Profiles\k0ntdoc1.default -> ssl_port", 21320
FF NetworkProxy: Mozilla\Firefox\Profiles\k0ntdoc1.default -> type", 0
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2016-11-06]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-11-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-12] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-05-18] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> I:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~3\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~4\MICROS~1\Office14\NPSPWRAP.DLL [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3240783315-1213011343-4006949943-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Fraser Ross\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-17] (Citrix Online)
StartMenuInternet: FIREFOX.EXE - I:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [713736 2015-04-23] (Garmin Ltd. or its subsidiaries)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-03-29] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-13] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\B-Link\Common\RaRegistry.exe [383280 2013-03-27] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\B-Link\Common\RaRegistry64.exe [452912 2013-02-04] (Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files (x86)\B-Link\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 StartW8Service; C:\Program Files (x86)\StartW8\bin\StartW8Service.exe [620392 2014-12-15] (SODATSW spol. s .r.o.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2016-03-28] (Microsoft Corporation) [File not signed]
R2 VRAID Log Service; C:\Program Files (x86)\VIA\RAID\vialogsv.exe [55920 2011-03-15] ()
R2 vsmon; I:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-03-24] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [990464 2016-11-06] (Webroot)
R2 ZAPrivacyService; I:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\WINDOWS\system32\ampa.sys [19568 2015-11-10] () [File not signed]
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [19568 2015-11-10] () [File not signed]
S3 DIRECTIO; I:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
S3 EfiInvoker; C:\Windows\SysWOW64\Drivers\invoker64.sys [13080 2013-07-02] (Windows (R) Server 2003 DDK provider)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [917880 2015-11-03] (AO Kaspersky Lab)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [65576 2015-06-16] (Safer-Networking Ltd.)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1120032 2013-09-24] (Acronis International GmbH)
S3 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [198432 2013-10-28] (Acronis International GmbH)
S3 USB_Ethernet_Adaptor; C:\WINDOWS\System32\drivers\USB_Ethernet_Adaptor.sys [21504 2013-01-22] (Corechip Semiconductor, Inc. Co Ltd.)
R1 Vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [462296 2016-07-29] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [143248 2016-11-12] (Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [66328 2016-11-06] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FraserR

2016-11-12, 11:47

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-12 10:36 - 2016-11-12 10:36 - 00000000 ___DC C:\Users\Fraser Ross\Desktop\FRST-OlderVersion
2016-11-12 10:04 - 2016-11-12 10:04 - 00000000 ___DC C:\UWT
2016-11-12 08:47 - 2016-11-12 08:47 - 00106816 ____C C:\Users\Fraser Ross\Downloads\FixWin10.zip
2016-11-12 08:47 - 2016-11-12 08:47 - 00000000 ___DC C:\Users\Fraser Ross\Downloads\FixWin10
2016-11-12 08:34 - 2016-11-06 10:45 - 00066328 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2016-11-11 18:36 - 2016-11-12 10:38 - 00023621 ____C C:\Users\Fraser Ross\Desktop\FRST.txt
2016-11-11 16:36 - 2016-11-11 18:41 - 00056261 ____C C:\Users\Fraser Ross\Desktop\Addition.txt
2016-11-11 16:34 - 2016-11-11 16:36 - 00193919 ____C C:\Users\Fraser Ross\Desktop\1FRST.txt
2016-11-11 15:07 - 2016-11-11 15:07 - 00002556 ____C C:\Users\Fraser Ross\Desktop\JRT.txt
2016-11-11 12:39 - 2016-11-11 12:39 - 00011527 ____C C:\Users\Fraser Ross\Desktop\1Fixlog.txt
2016-11-11 12:36 - 2016-11-12 10:36 - 02411520 ____C (Farbar) C:\Users\Fraser Ross\Desktop\FRST64.exe
2016-11-11 11:28 - 2016-11-02 12:01 - 00484584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-11 11:28 - 2016-11-02 12:01 - 00315744 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-11 11:28 - 2016-11-02 11:22 - 01570672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-11 11:28 - 2016-11-02 11:22 - 00601712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-11 11:28 - 2016-11-02 11:20 - 00590960 ____C (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-11 11:28 - 2016-11-02 11:13 - 01883784 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-11 11:28 - 2016-11-02 11:13 - 00773720 ____C (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-11 11:28 - 2016-11-02 11:13 - 00423776 ____C (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-11 11:28 - 2016-11-02 11:12 - 02255712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-11 11:28 - 2016-11-02 11:12 - 00376672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-11 11:28 - 2016-11-02 11:12 - 00341344 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-11 11:28 - 2016-11-02 11:10 - 02323728 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-11 11:28 - 2016-11-02 11:09 - 02257104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-11 11:28 - 2016-11-02 11:08 - 00602464 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-11 11:28 - 2016-11-02 11:08 - 00576408 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-11 11:28 - 2016-11-02 11:08 - 00186424 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-11 11:28 - 2016-11-02 11:08 - 00111968 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-11 11:28 - 2016-11-02 11:05 - 06657176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-11 11:28 - 2016-11-02 11:05 - 03892352 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-11 11:28 - 2016-11-02 11:05 - 00959112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-11 11:28 - 2016-11-02 11:05 - 00951904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-11 11:28 - 2016-11-02 11:05 - 00405856 ____C (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-11 11:28 - 2016-11-02 11:04 - 04312248 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-11 11:28 - 2016-11-02 11:03 - 02750936 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-11 11:28 - 2016-11-02 11:03 - 00714592 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-11 11:28 - 2016-11-02 11:02 - 00682816 ____C (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-11 11:28 - 2016-11-02 11:02 - 00238056 ____C (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-11 11:28 - 2016-11-02 11:01 - 01425000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-11 11:28 - 2016-11-02 11:01 - 01415744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-11 11:28 - 2016-11-02 11:01 - 01263856 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-11 11:28 - 2016-11-02 11:01 - 00545936 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-11 11:28 - 2016-11-02 11:01 - 00276832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-11 11:28 - 2016-11-02 11:00 - 22223968 ____C (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-11 11:28 - 2016-11-02 11:00 - 08156080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-11 11:28 - 2016-11-02 11:00 - 01274712 ____C (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-11 11:28 - 2016-11-02 11:00 - 00534096 ____C (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-11 11:28 - 2016-11-02 10:59 - 04673304 ____C (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-11 11:28 - 2016-11-02 10:50 - 00034304 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-11 11:28 - 2016-11-02 10:49 - 00147968 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-11 11:28 - 2016-11-02 10:49 - 00037376 ____C (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-11 11:28 - 2016-11-02 10:48 - 00095232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-11 11:28 - 2016-11-02 10:47 - 00047104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-11 11:28 - 2016-11-02 10:46 - 00065536 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-11 11:28 - 2016-11-02 10:44 - 00180224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-11 11:28 - 2016-11-02 10:44 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-11 11:28 - 2016-11-02 10:43 - 00557568 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-11 11:28 - 2016-11-02 10:43 - 00270336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-11 11:28 - 2016-11-02 10:42 - 00632832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-11 11:28 - 2016-11-02 10:42 - 00506880 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-11 11:28 - 2016-11-02 10:42 - 00306176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-11 11:28 - 2016-11-02 10:42 - 00223232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-11 11:28 - 2016-11-02 10:40 - 00896512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-11 11:28 - 2016-11-02 10:40 - 00198656 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-11 11:28 - 2016-11-02 10:39 - 00465920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-11 11:28 - 2016-11-02 10:39 - 00348672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-11 11:28 - 2016-11-02 10:39 - 00236544 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-11 11:28 - 2016-11-02 10:38 - 22563840 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-11 11:28 - 2016-11-02 10:38 - 00760832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-11 11:28 - 2016-11-02 10:37 - 19415040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-11 11:28 - 2016-11-02 10:37 - 00299008 ____C (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2016-11-11 11:28 - 2016-11-02 10:36 - 19415552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-11 11:28 - 2016-11-02 10:36 - 07626752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-11 11:28 - 2016-11-02 10:36 - 00415744 ____C (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2016-11-11 11:28 - 2016-11-02 10:34 - 00043008 ____C (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-11 11:28 - 2016-11-02 10:33 - 12349952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-11 11:28 - 2016-11-02 10:33 - 03307520 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-11 11:28 - 2016-11-02 10:32 - 00040448 ____C (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-11 11:28 - 2016-11-02 10:31 - 03196416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-11 11:28 - 2016-11-02 10:31 - 01228288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-11 11:28 - 2016-11-02 10:31 - 00226304 ____C (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-11 11:28 - 2016-11-02 10:31 - 00159232 ____C (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-11 11:28 - 2016-11-02 10:31 - 00115712 ____C (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-11 11:28 - 2016-11-02 10:31 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-11 11:28 - 2016-11-02 10:31 - 00090624 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-11 11:28 - 2016-11-02 10:30 - 12175360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-11 11:28 - 2016-11-02 10:30 - 09131008 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-11 11:28 - 2016-11-02 10:30 - 00567296 ____C (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-11 11:28 - 2016-11-02 10:30 - 00363520 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-11 11:28 - 2016-11-02 10:30 - 00321536 ____C (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-11 11:28 - 2016-11-02 10:30 - 00109056 ____C (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-11 11:28 - 2016-11-02 10:30 - 00058880 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-11 11:28 - 2016-11-02 10:29 - 07469056 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-11 11:28 - 2016-11-02 10:29 - 03666432 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-11 11:28 - 2016-11-02 10:29 - 01247232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-11 11:28 - 2016-11-02 10:29 - 00884224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-11 11:28 - 2016-11-02 10:29 - 00336896 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-11 11:28 - 2016-11-02 10:29 - 00314880 ____C (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-11 11:28 - 2016-11-02 10:29 - 00296960 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-11 11:28 - 2016-11-02 10:29 - 00122368 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-11 11:28 - 2016-11-02 10:28 - 06044160 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-11 11:28 - 2016-11-02 10:28 - 04423680 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-11 11:28 - 2016-11-02 10:28 - 00807424 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-11 11:28 - 2016-11-02 10:28 - 00690176 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-11 11:28 - 2016-11-02 10:28 - 00566784 ____C (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-11 11:28 - 2016-11-02 10:28 - 00432128 ____C (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-11 11:28 - 2016-11-02 10:28 - 00411136 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-11 11:28 - 2016-11-02 10:28 - 00324608 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-11 11:28 - 2016-11-02 10:28 - 00279552 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-11 11:28 - 2016-11-02 10:28 - 00274432 ____C (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-11 11:28 - 2016-11-02 10:28 - 00252928 ____C (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-11 11:28 - 2016-11-02 10:28 - 00240640 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-11 11:28 - 2016-11-02 10:28 - 00115200 ____C (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-11 11:28 - 2016-11-02 10:28 - 00109568 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-11 11:28 - 2016-11-02 10:28 - 00079360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-11 11:28 - 2016-11-02 10:27 - 23677952 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-11 11:28 - 2016-11-02 10:27 - 02458112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-11 11:28 - 2016-11-02 10:27 - 01388544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-11 11:28 - 2016-11-02 10:27 - 00631296 ____C (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-11 11:28 - 2016-11-02 10:27 - 00605184 ____C (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-11 11:28 - 2016-11-02 10:27 - 00580608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-11 11:28 - 2016-11-02 10:27 - 00545792 ____C (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-11 11:28 - 2016-11-02 10:27 - 00495104 ____C (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-11 11:28 - 2016-11-02 10:27 - 00422400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-11 11:28 - 2016-11-02 10:27 - 00261632 ____C (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-11 11:28 - 2016-11-02 10:26 - 02747392 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-11 11:28 - 2016-11-02 10:26 - 02484736 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-11 11:28 - 2016-11-02 10:26 - 01509376 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-11 11:28 - 2016-11-02 10:26 - 00912896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-11 11:28 - 2016-11-02 10:26 - 00712192 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-11 11:28 - 2016-11-02 10:26 - 00579072 ____C (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-11 11:28 - 2016-11-02 10:26 - 00388608 ____C (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-11 11:28 - 2016-11-02 10:26 - 00358912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-11 11:28 - 2016-11-02 10:26 - 00278016 ____C (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-11 11:28 - 2016-11-02 10:26 - 00049152 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-11 11:28 - 2016-11-02 10:25 - 02998272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-11 11:28 - 2016-11-02 10:25 - 01556480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-11 11:28 - 2016-11-02 10:25 - 00956416 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-11 11:28 - 2016-11-02 10:25 - 00655872 ____C (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-11 11:28 - 2016-11-02 10:25 - 00496128 ____C (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-11 11:28 - 2016-11-02 10:24 - 00940032 ____C (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-11 11:28 - 2016-11-02 10:23 - 03106304 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-11 11:28 - 2016-11-02 10:23 - 02104320 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-11 11:28 - 2016-11-02 10:23 - 00101888 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-11 11:28 - 2016-11-02 10:23 - 00072704 ____C (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-11 11:28 - 2016-11-02 10:22 - 13441024 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-11 11:28 - 2016-11-02 10:22 - 13081600 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-11 11:28 - 2016-11-02 10:22 - 04749312 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-11 11:28 - 2016-11-02 10:22 - 00369664 ____C (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-11 11:28 - 2016-11-02 10:22 - 00337920 ____C (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-11 11:28 - 2016-11-02 10:21 - 05111296 ____C (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-11 11:28 - 2016-11-02 10:21 - 00942080 ____C (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-11 11:28 - 2016-11-02 10:20 - 02273792 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-11 11:28 - 2016-11-02 10:19 - 08127488 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-11 11:28 - 2016-11-02 10:19 - 08075776 ____C (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-11 11:28 - 2016-11-02 10:19 - 01586176 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-11 11:28 - 2016-11-02 10:19 - 00981504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-11 11:28 - 2016-11-02 10:19 - 00805888 ____C (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-11 11:28 - 2016-11-02 10:19 - 00154112 ____C (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-11 11:28 - 2016-11-02 10:19 - 00130560 ____C (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-11 11:28 - 2016-11-02 10:19 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-11 11:28 - 2016-11-02 10:18 - 01690112 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-11 11:28 - 2016-11-02 10:18 - 00991232 ____C (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-11 11:28 - 2016-11-02 10:18 - 00836608 ____C (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-11 11:28 - 2016-11-02 10:18 - 00779776 ____C (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-11-11 11:28 - 2016-11-02 10:17 - 04746752 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-11 11:28 - 2016-11-02 10:17 - 01282048 ____C (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-11 11:28 - 2016-11-02 10:17 - 00982528 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-11 11:28 - 2016-11-02 10:17 - 00909824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-11 11:28 - 2016-11-02 10:17 - 00828416 ____C (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-11 11:28 - 2016-11-02 10:17 - 00389632 ____C (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-11 11:28 - 2016-11-02 10:16 - 03400192 ____C (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-11 11:28 - 2016-11-02 10:16 - 03133440 ____C (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-11 11:28 - 2016-11-02 10:16 - 02688512 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-11 11:28 - 2016-11-02 10:16 - 02669056 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-11 11:28 - 2016-11-02 10:16 - 02512384 ____C (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-11 11:28 - 2016-11-02 10:16 - 01779712 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-11 11:28 - 2016-11-02 10:16 - 01637888 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-11 11:28 - 2016-11-02 10:16 - 01359360 ____C (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-11 11:28 - 2016-11-02 10:16 - 00881664 ____C (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-11 11:28 - 2016-11-02 10:16 - 00770560 ____C (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-11 11:28 - 2016-11-02 10:16 - 00629248 ____C (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-11 11:28 - 2016-11-02 10:16 - 00579072 ____C (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-11 11:28 - 2016-11-02 10:16 - 00308736 ____C (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-11 11:28 - 2016-11-02 10:15 - 04708864 ____C (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-11 11:28 - 2016-11-02 10:15 - 02611200 ____C (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-11 11:28 - 2016-11-02 10:15 - 01513472 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-11 11:28 - 2016-11-02 10:15 - 01348608 ____C (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-11 11:28 - 2016-11-02 10:15 - 00483328 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-11 11:28 - 2016-11-02 10:14 - 01726976 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-11 11:28 - 2016-11-02 10:13 - 03496960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-11 11:28 - 2016-11-02 10:13 - 03299840 ____C (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-11 11:28 - 2016-11-02 08:20 - 00446896 ____C C:\WINDOWS\system32\ApnDatabase.xml
2016-11-11 11:27 - 2016-11-02 11:20 - 00378720 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-11 11:27 - 2016-11-02 11:15 - 01051112 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-11 11:27 - 2016-11-02 11:15 - 00894096 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-11 11:27 - 2016-11-02 11:14 - 07816544 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-11 11:27 - 2016-11-02 11:13 - 01354320 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-11 11:27 - 2016-11-02 11:13 - 01173496 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-11 11:27 - 2016-11-02 11:05 - 20969928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-11 11:27 - 2016-11-02 11:04 - 02678056 ____C (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-11 11:27 - 2016-11-02 11:04 - 00596832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-11 11:27 - 2016-11-02 11:02 - 00848736 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-11 11:27 - 2016-11-02 11:02 - 00148832 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-11 11:27 - 2016-11-02 11:01 - 00092512 ____C (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-11 11:27 - 2016-11-02 11:00 - 04130432 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-11 11:27 - 2016-11-02 11:00 - 01061968 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-11 11:27 - 2016-11-02 10:56 - 01609920 ____C (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-11 11:27 - 2016-11-02 10:56 - 01572768 ____C (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-11 11:27 - 2016-11-02 10:56 - 01418312 ____C (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-11 11:27 - 2016-11-02 10:56 - 00628552 ____C (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-11 11:27 - 2016-11-02 10:56 - 00322912 ____C (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-11 11:27 - 2016-11-02 10:55 - 00048992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-11 11:27 - 2016-11-02 10:48 - 00081408 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-11 11:27 - 2016-11-02 10:48 - 00032768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-11 11:27 - 2016-11-02 10:47 - 00285184 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-11 11:27 - 2016-11-02 10:47 - 00156672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-11 11:27 - 2016-11-02 10:46 - 00140288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-11 11:27 - 2016-11-02 10:45 - 00492032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-11 11:27 - 2016-11-02 10:45 - 00253952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-11 11:27 - 2016-11-02 10:45 - 00182784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-11 11:27 - 2016-11-02 10:44 - 00231936 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-11 11:27 - 2016-11-02 10:43 - 00731136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-11 11:27 - 2016-11-02 10:43 - 00198144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-11 11:27 - 2016-11-02 10:43 - 00126464 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-11 11:27 - 2016-11-02 10:42 - 00866816 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-11 11:27 - 2016-11-02 10:42 - 00549376 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-11 11:27 - 2016-11-02 10:42 - 00202752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-11 11:27 - 2016-11-02 10:41 - 00635904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-11 11:27 - 2016-11-02 10:40 - 00548352 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-11 11:27 - 2016-11-02 10:36 - 00063488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-11 11:27 - 2016-11-02 10:35 - 00336896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-11 11:27 - 2016-11-02 10:34 - 00327168 ____C (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-11 11:27 - 2016-11-02 10:33 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-11 11:27 - 2016-11-02 10:32 - 00045056 ____C (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-11 11:27 - 2016-11-02 10:31 - 00198656 ____C (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-11 11:27 - 2016-11-02 10:31 - 00170496 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-11 11:27 - 2016-11-02 10:31 - 00069632 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-11 11:27 - 2016-11-02 10:30 - 00635904 ____C (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-11 11:27 - 2016-11-02 10:30 - 00134144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-11 11:27 - 2016-11-02 10:29 - 00418304 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-11 11:27 - 2016-11-02 10:29 - 00276992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-11 11:27 - 2016-11-02 10:29 - 00211968 ____C (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-11 11:27 - 2016-11-02 10:29 - 00139264 ____C (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-11 11:27 - 2016-11-02 10:28 - 00748544 ____C (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-11 11:27 - 2016-11-02 10:28 - 00321024 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-11 11:27 - 2016-11-02 10:28 - 00260608 ____C (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-11 11:27 - 2016-11-02 10:28 - 00088576 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-11 11:27 - 2016-11-02 10:26 - 01880576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-11 11:27 - 2016-11-02 10:26 - 01595392 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-11 11:27 - 2016-11-02 10:26 - 00798208 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-11 11:27 - 2016-11-02 10:26 - 00273920 ____C (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-11 11:27 - 2016-11-02 10:25 - 02256384 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-11 11:27 - 2016-11-02 10:25 - 00772608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-11 11:27 - 2016-11-02 10:25 - 00541696 ____C (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-11 11:27 - 2016-11-02 10:24 - 03778560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-11 11:27 - 2016-11-02 10:23 - 02356736 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-11 11:27 - 2016-11-02 10:23 - 00199680 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-11 11:27 - 2016-11-02 10:20 - 00167936 ____C (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-11 11:27 - 2016-11-02 10:18 - 00243712 ____C (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-11 11:27 - 2016-11-02 10:16 - 04148736 ____C (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-11 11:27 - 2016-11-02 10:16 - 01490944 ____C (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-11 11:27 - 2016-11-02 10:16 - 00265728 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-11 11:27 - 2016-11-02 10:15 - 03616768 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-11 11:27 - 2016-11-02 10:15 - 00842240 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-11 11:27 - 2016-11-02 10:13 - 00322048 ____C (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-11 11:27 - 2016-11-02 09:11 - 00788624 ____C C:\WINDOWS\SysWOW64\locale.nls
2016-11-11 11:27 - 2016-11-02 09:11 - 00788624 ____C C:\WINDOWS\system32\locale.nls
2016-11-11 11:27 - 2016-08-02 04:30 - 00822784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-10 11:47 - 2016-11-12 10:37 - 00000000 ___DC C:\FRST
2016-11-09 18:19 - 2016-11-09 18:19 - 05383592 _____ (Gougelet Pierre-e ) C:\Users\Fraser Ross\Downloads\XnView-win.exe
2016-11-09 15:07 - 2016-11-09 15:07 - 00000000 ____D C:\WINDOWS\Panther
2016-11-08 17:34 - 2016-10-15 04:48 - 00498952 ____C (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-11-08 17:34 - 2016-10-15 04:37 - 00063328 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-11-08 17:34 - 2016-10-15 04:33 - 00455040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-11-08 17:34 - 2016-10-15 04:26 - 01990648 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-11-08 17:34 - 2016-10-15 04:26 - 01472536 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-11-08 17:34 - 2016-10-15 04:26 - 00811416 ____C (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-11-08 17:34 - 2016-10-15 04:26 - 00691080 ____C (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-11-08 17:34 - 2016-10-15 04:22 - 01461200 ____C (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-11-08 17:34 - 2016-10-15 04:18 - 00749920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-11-08 17:34 - 2016-10-15 04:15 - 01557808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-11-08 17:34 - 2016-10-15 04:01 - 01631232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-11-08 17:34 - 2016-10-15 03:57 - 00186880 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-11-08 17:34 - 2016-10-15 03:56 - 00095232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-11-08 17:34 - 2016-10-15 03:56 - 00081408 ____C (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-11-08 17:34 - 2016-10-15 03:55 - 00236544 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-11-08 17:34 - 2016-10-15 03:54 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-11-08 17:34 - 2016-10-15 03:53 - 00147456 ____C (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-11-08 17:34 - 2016-10-15 03:52 - 06285312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-11-08 17:34 - 2016-10-15 03:50 - 17188352 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-11-08 17:34 - 2016-10-15 03:50 - 00509440 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-11-08 17:34 - 2016-10-15 03:49 - 00187904 ____C (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-11-08 17:34 - 2016-10-15 03:48 - 01323008 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-11-08 17:34 - 2016-10-15 03:47 - 01113600 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-11-08 17:34 - 2016-10-15 03:47 - 00558080 ____C (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-11-08 17:34 - 2016-10-15 03:46 - 00471552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-11-08 17:34 - 2016-10-15 03:45 - 00406016 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-11-08 17:34 - 2016-10-15 03:44 - 00747008 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-11-08 17:34 - 2016-10-15 03:44 - 00470016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-11-08 17:34 - 2016-10-15 03:43 - 00574976 ____C (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-11-08 17:34 - 2016-10-15 03:42 - 00539136 ____C (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-11-08 17:34 - 2016-10-15 03:42 - 00459776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-11-08 17:34 - 2016-10-15 03:41 - 00067584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-11-08 17:34 - 2016-10-15 03:38 - 01993216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-11-08 17:34 - 2016-10-15 03:38 - 00913920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-11-08 17:34 - 2016-10-15 03:37 - 01643008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-11-08 17:34 - 2016-10-15 03:36 - 02290176 ____C (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-11-08 17:34 - 2016-10-15 03:35 - 00701952 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-11-08 17:34 - 2016-10-15 03:31 - 00227328 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-11-08 17:34 - 2016-10-05 10:33 - 00128864 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-11-08 17:34 - 2016-10-05 10:31 - 02213248 ____C (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-11-08 17:34 - 2016-10-05 10:13 - 01859264 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-11-08 17:34 - 2016-10-05 10:09 - 01071728 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-11-08 17:34 - 2016-10-05 10:09 - 00064352 ____C (Avago Technologies) C:\WINDOWS\system32\Drivers\MegaSas2i.sys
2016-11-08 17:34 - 2016-10-05 10:03 - 01705976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-11-08 17:34 - 2016-10-05 09:51 - 01430720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-11-08 17:34 - 2016-10-05 09:34 - 00144896 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-11-08 17:34 - 2016-10-05 09:32 - 00379904 ____C (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-11-08 17:34 - 2016-10-05 09:25 - 01589248 ____C (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-11-08 17:34 - 2016-10-05 09:23 - 01908224 ____C (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-11-08 17:34 - 2016-10-05 09:23 - 00284672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-11-08 17:34 - 2016-10-05 09:23 - 00125952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-11-08 17:34 - 2016-10-05 09:18 - 01656832 ____C (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-11-08 17:34 - 2016-10-05 09:18 - 00983040 ____C (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-11-08 17:34 - 2016-10-05 09:18 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-11-08 17:34 - 2016-10-05 09:17 - 04136960 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-11-08 17:34 - 2016-10-05 09:16 - 00765440 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2016-11-08 17:34 - 2016-10-05 09:15 - 00774656 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-11-08 17:34 - 2016-10-05 09:14 - 01456640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-11-08 17:34 - 2016-10-05 09:13 - 01328128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-11-08 17:34 - 2016-10-05 09:13 - 00055808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-11-08 17:34 - 2016-10-05 09:12 - 00998912 ____C (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2016-11-08 17:34 - 2016-10-05 09:12 - 00924672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-11-08 17:34 - 2016-10-05 09:09 - 00691712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-11-08 17:34 - 2016-09-15 17:29 - 00823136 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2016-11-08 17:34 - 2016-09-15 17:29 - 00704352 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2016-11-08 17:34 - 2016-09-15 17:29 - 00603488 ____C (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-11-08 17:34 - 2016-09-15 17:29 - 00218008 ____C (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-11-08 17:34 - 2016-09-15 17:29 - 00169056 ____C (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2016-11-08 17:34 - 2016-09-15 17:29 - 00127328 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppVStrm.sys
2016-11-08 17:34 - 2016-09-15 17:29 - 00074080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-11-08 17:34 - 2016-09-15 17:29 - 00023392 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-11-08 17:34 - 2016-09-15 17:27 - 00434528 ____C (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-11-08 17:34 - 2016-09-15 17:27 - 00128352 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-11-08 17:34 - 2016-09-15 17:25 - 02681200 ____C C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-08 17:34 - 2016-09-15 17:25 - 00280472 ____C (Microsoft Corporation) C:\WINDOWS\system32\bdeunlock.exe
2016-11-08 17:34 - 2016-09-15 17:25 - 00262960 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-11-08 17:34 - 2016-09-15 17:24 - 00764936 ____C (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-11-08 17:34 - 2016-09-15 17:22 - 05722320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-11-08 17:34 - 2016-09-15 17:22 - 00975744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2016-11-08 17:34 - 2016-09-15 17:22 - 00860512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-11-08 17:34 - 2016-09-15 17:21 - 01000288 ____C (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-11-08 17:34 - 2016-09-15 17:16 - 07219672 ____C (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-11-08 17:34 - 2016-09-15 17:16 - 01292640 ____C (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-11-08 17:34 - 2016-09-15 17:15 - 00223584 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-11-08 17:34 - 2016-09-15 17:14 - 00435040 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-11-08 17:34 - 2016-09-15 17:11 - 01300600 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-11-08 17:34 - 2016-09-15 17:11 - 00862064 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-11-08 17:34 - 2016-09-15 17:11 - 00725664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2016-11-08 17:34 - 2016-09-15 17:07 - 00128864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2016-11-08 17:34 - 2016-09-15 16:58 - 00248832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlancfg.dll
2016-11-08 17:34 - 2016-09-15 16:57 - 00374784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2016-11-08 17:34 - 2016-09-15 16:57 - 00237056 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2016-11-08 17:34 - 2016-09-15 16:56 - 00298496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-11-08 17:34 - 2016-09-15 16:56 - 00262656 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2016-11-08 17:34 - 2016-09-15 16:56 - 00257536 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DataExchange.dll
2016-11-08 17:34 - 2016-09-15 16:55 - 00455168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll
2016-11-08 17:34 - 2016-09-15 16:55 - 00332288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-11-08 17:34 - 2016-09-15 16:55 - 00325120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-11-08 17:34 - 2016-09-15 16:55 - 00213504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2016-11-08 17:34 - 2016-09-15 16:55 - 00152064 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2016-11-08 17:34 - 2016-09-15 16:55 - 00114176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-11-08 17:34 - 2016-09-15 16:54 - 00747520 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2016-11-08 17:34 - 2016-09-15 16:54 - 00498688 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2016-11-08 17:34 - 2016-09-15 16:54 - 00431104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2016-11-08 17:34 - 2016-09-15 16:53 - 00340480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-11-08 17:34 - 2016-09-15 16:52 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-11-08 17:34 - 2016-09-15 16:51 - 00288256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2016-11-08 17:34 - 2016-09-15 16:49 - 00901120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-11-08 17:34 - 2016-09-15 16:49 - 00653312 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-11-08 17:34 - 2016-09-15 16:47 - 00366080 ____C (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-11-08 17:34 - 2016-09-15 16:43 - 03520512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2016-11-08 17:34 - 2016-09-15 16:42 - 00719872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll
2016-11-08 17:34 - 2016-09-15 16:42 - 00545792 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-11-08 17:34 - 2016-09-15 16:42 - 00049664 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll
2016-11-08 17:34 - 2016-09-15 16:41 - 00051200 ____C (Microsoft Corporation) C:\WINDOWS\system32\NfcRadioMedia.dll
2016-11-08 17:34 - 2016-09-15 16:40 - 02026496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-11-08 17:34 - 2016-09-15 16:40 - 00395264 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-11-08 17:34 - 2016-09-15 16:40 - 00140800 ____C (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2016-11-08 17:34 - 2016-09-15 16:40 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-11-08 17:34 - 2016-09-15 16:39 - 02740224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-11-08 17:34 - 2016-09-15 16:39 - 00827904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-11-08 17:34 - 2016-09-15 16:39 - 00408576 ____C (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-11-08 17:34 - 2016-09-15 16:39 - 00368640 ____C (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2016-11-08 17:34 - 2016-09-15 16:39 - 00295936 ____C (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2016-11-08 17:34 - 2016-09-15 16:38 - 00691200 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-11-08 17:34 - 2016-09-15 16:38 - 00671232 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetworkCollectionAgent.dll
2016-11-08 17:34 - 2016-09-15 16:38 - 00654336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2016-11-08 17:34 - 2016-09-15 16:38 - 00427008 ____C (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2016-11-08 17:34 - 2016-09-15 16:38 - 00349696 ____C (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2016-11-08 17:34 - 2016-09-15 16:38 - 00343552 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2016-11-08 17:34 - 2016-09-15 16:38 - 00171520 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2016-11-08 17:34 - 2016-09-15 16:37 - 01507840 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2016-11-08 17:34 - 2016-09-15 16:37 - 00680448 ____C (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2016-11-08 17:34 - 2016-09-15 16:37 - 00296448 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlancfg.dll
2016-11-08 17:34 - 2016-09-15 16:37 - 00171520 ____C (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2016-11-08 17:34 - 2016-09-15 16:36 - 00719360 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-11-08 17:34 - 2016-09-15 16:36 - 00686592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2016-11-08 17:34 - 2016-09-15 16:36 - 00640000 ____C (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-11-08 17:34 - 2016-09-15 16:36 - 00456192 ____C (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-11-08 17:34 - 2016-09-15 16:36 - 00448512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2016-11-08 17:34 - 2016-09-15 16:36 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-11-08 17:34 - 2016-09-15 16:36 - 00324608 ____C (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-11-08 17:34 - 2016-09-15 16:35 - 00496128 ____C (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2016-11-08 17:34 - 2016-09-15 16:35 - 00337408 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2016-11-08 17:34 - 2016-09-15 16:35 - 00305152 ____C (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2016-11-08 17:34 - 2016-09-15 16:34 - 00642048 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-11-08 17:34 - 2016-09-15 16:34 - 00441856 ____C (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-11-08 17:34 - 2016-09-15 16:33 - 01004032 ____C (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-11-08 17:34 - 2016-09-15 16:33 - 00963584 ____C (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2016-11-08 17:34 - 2016-09-15 16:32 - 01037312 ____C (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2016-11-08 17:34 - 2016-09-15 16:31 - 00090624 ____C (Microsoft Corporation) C:\WINDOWS\system32\pwrshplugin.dll
2016-11-08 17:34 - 2016-09-15 16:30 - 01639424 ____C (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-11-08 17:34 - 2016-09-15 16:30 - 01403392 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-11-08 17:34 - 2016-09-15 16:29 - 00156672 ____C (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe
2016-11-08 17:34 - 2016-09-15 16:27 - 01078784 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-11-08 17:34 - 2016-09-15 16:27 - 00796672 ____C (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-11-08 17:34 - 2016-09-15 16:27 - 00627200 ____C (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2016-11-08 17:34 - 2016-09-15 16:26 - 00279552 ____C (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-11-08 17:34 - 2016-09-15 16:25 - 01217024 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-11-08 17:34 - 2016-09-15 16:25 - 00411648 ____C (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-11-08 17:34 - 2016-09-15 16:24 - 04596224 ____C (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2016-11-08 17:34 - 2016-09-15 16:23 - 01361408 ____C (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-11-08 17:34 - 2016-09-15 16:23 - 01040896 ____C (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2016-11-08 17:34 - 2016-09-15 16:23 - 00650752 ____C (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-11-08 17:34 - 2016-09-15 16:23 - 00611328 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-11-08 17:34 - 2016-09-15 16:23 - 00347648 ____C (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-11-08 17:34 - 2016-09-15 16:20 - 02095616 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-11-08 17:34 - 2016-09-15 16:19 - 01424896 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2016-11-08 17:34 - 2016-09-15 16:18 - 01369088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2016-11-08 17:34 - 2016-09-10 13:21 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-11-08 17:34 - 2016-09-07 05:48 - 00379744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-11-08 17:34 - 2016-09-07 05:44 - 02049480 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-11-08 17:34 - 2016-09-07 05:33 - 00450392 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-11-08 17:34 - 2016-09-07 05:29 - 00595488 ____C (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-11-08 17:34 - 2016-09-07 05:29 - 00523712 ____C (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2016-11-08 17:34 - 2016-09-07 05:27 - 01362504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2016-11-08 17:34 - 2016-09-07 05:13 - 00640976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-11-08 17:34 - 2016-09-07 05:12 - 00321792 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-11-08 17:34 - 2016-09-07 04:58 - 00208896 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2016-11-08 17:34 - 2016-09-07 04:56 - 00223744 ____C (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-11-08 17:34 - 2016-09-07 04:55 - 00781824 ____C (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-11-08 17:34 - 2016-09-07 04:54 - 00678912 ____C (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-11-08 17:34 - 2016-09-07 04:54 - 00468992 ____C (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-11-08 17:34 - 2016-09-07 04:54 - 00461312 ____C (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-11-08 17:34 - 2016-09-07 04:50 - 01755136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-11-08 17:34 - 2016-09-07 04:46 - 00846336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2016-11-08 17:34 - 2016-09-07 04:46 - 00755200 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-11-08 17:34 - 2016-09-07 04:41 - 01891328 ____C (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-11-08 17:34 - 2016-09-07 04:40 - 01312768 ____C (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2016-11-08 17:34 - 2016-09-07 04:38 - 01555456 ____C (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-11-08 17:34 - 2016-09-07 04:37 - 02370048 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-11-08 17:34 - 2016-09-07 04:37 - 00540160 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-11-08 17:34 - 2016-09-07 04:33 - 00058368 ____C (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-11-08 17:34 - 2016-09-07 04:31 - 01293312 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-11-08 17:34 - 2016-08-27 05:12 - 00244816 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-11-08 17:34 - 2016-08-20 06:06 - 00108384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-11-08 17:34 - 2016-08-20 05:20 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-11-08 17:34 - 2016-08-20 05:17 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-11-08 17:34 - 2016-08-20 05:11 - 00410624 ____C (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-11-08 17:34 - 2016-08-20 05:08 - 00204288 ____C (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-11-08 17:34 - 2016-08-20 05:06 - 00389632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-11-08 17:34 - 2016-08-06 04:13 - 01847048 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-11-08 17:34 - 2016-08-06 04:13 - 01453992 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-11-08 17:34 - 2016-08-06 04:13 - 00044472 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-11-08 17:34 - 2016-08-06 04:08 - 00313560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-11-08 17:34 - 2016-08-06 03:48 - 00015360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2016-11-08 17:34 - 2016-08-06 03:47 - 00034304 ____C (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-11-08 17:34 - 2016-08-06 03:45 - 00066560 ____C (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-11-08 17:34 - 2016-08-06 03:45 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-11-08 17:34 - 2016-08-06 03:45 - 00029696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-11-08 17:34 - 2016-08-06 03:45 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2016-11-08 17:34 - 2016-08-06 03:44 - 00061440 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-11-08 17:34 - 2016-08-06 03:43 - 00280064 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-11-08 17:34 - 2016-08-06 03:41 - 00243712 ____C (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-11-08 17:34 - 2016-08-06 03:41 - 00231424 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2016-11-08 17:34 - 2016-08-06 03:40 - 00083968 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2016-11-08 17:34 - 2016-08-06 03:39 - 00181760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2016-11-08 17:34 - 2016-08-06 03:37 - 00253952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-11-08 17:34 - 2016-08-06 03:35 - 00471552 ____C (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-11-08 17:34 - 2016-08-02 08:44 - 00114192 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-11-08 17:34 - 2016-08-02 08:14 - 00289792 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 02186896 ____C (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 01637728 ____C (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 01235296 ____C (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 00595296 ____C (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 00584032 ____C (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 00322912 ____C (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 00232800 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 00137568 ____C (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-11-08 17:33 - 2016-10-15 04:51 - 00078688 ____C (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-11-08 17:33 - 2016-10-15 04:43 - 01356352 ____C (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-11-08 17:33 - 2016-10-15 04:41 - 05622088 ____C (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-11-08 17:33 - 2016-10-15 04:38 - 00500064 ____C (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-11-08 17:33 - 2016-10-15 04:34 - 01969912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-11-08 17:33 - 2016-10-15 04:31 - 02827864 ____C (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-11-08 17:33 - 2016-10-15 04:30 - 00509280 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-11-08 17:33 - 2016-10-15 04:30 - 00341936 ____C (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-11-08 17:33 - 2016-10-15 04:29 - 02913104 ____C (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-11-08 17:33 - 2016-10-15 04:29 - 00908640 ____C (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-11-08 17:33 - 2016-10-15 04:29 - 00079200 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-11-08 17:33 - 2016-10-15 04:26 - 01600632 ____C (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-11-08 17:33 - 2016-10-15 04:21 - 00292872 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-11-08 17:33 - 2016-10-15 04:10 - 00254656 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-11-08 17:33 - 2016-10-15 04:06 - 05685760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-11-08 17:33 - 2016-10-15 04:05 - 07216640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-11-08 17:33 - 2016-10-15 04:00 - 01631232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-11-08 17:33 - 2016-10-15 04:00 - 00048640 ____C (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-11-08 17:33 - 2016-10-15 04:00 - 00018432 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-11-08 17:33 - 2016-10-15 03:59 - 00272384 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-11-08 17:33 - 2016-10-15 03:59 - 00187904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-11-08 17:33 - 2016-10-15 03:59 - 00130560 ____C (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-11-08 17:33 - 2016-10-15 03:58 - 00258560 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-11-08 17:33 - 2016-10-15 03:57 - 00217600 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-11-08 17:33 - 2016-10-15 03:57 - 00175104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-11-08 17:33 - 2016-10-15 03:56 - 00339968 ____C (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-11-08 17:33 - 2016-10-15 03:56 - 00306688 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-11-08 17:33 - 2016-10-15 03:56 - 00065024 ____C (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-11-08 17:33 - 2016-10-15 03:55 - 00126464 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-11-08 17:33 - 2016-10-15 03:54 - 00717312 ____C (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-11-08 17:33 - 2016-10-15 03:54 - 00217088 ____C (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-11-08 17:33 - 2016-10-15 03:54 - 00102912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-11-08 17:33 - 2016-10-15 03:52 - 00163328 ____C (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-11-08 17:33 - 2016-10-15 03:51 - 13868544 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-11-08 17:33 - 2016-10-15 03:50 - 02716672 ____C (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-11-08 17:33 - 2016-10-15 03:50 - 00090112 ____C (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-11-08 17:33 - 2016-10-15 03:50 - 00074752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-11-08 17:33 - 2016-10-15 03:49 - 01913344 ____C (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-11-08 17:33 - 2016-10-15 03:49 - 00838144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-11-08 17:33 - 2016-10-15 03:49 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-11-08 17:33 - 2016-10-15 03:48 - 01554944 ____C (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-11-08 17:33 - 2016-10-15 03:48 - 01054208 ____C (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-11-08 17:33 - 2016-10-15 03:47 - 07792640 ____C (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-11-08 17:33 - 2016-10-15 03:46 - 03287552 ____C (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-11-08 17:33 - 2016-10-15 03:44 - 00090112 ____C (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-11-08 17:33 - 2016-10-15 03:43 - 02748928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-11-08 17:33 - 2016-10-15 03:43 - 00078336 ____C (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-11-08 17:33 - 2016-10-15 03:42 - 06108672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-11-08 17:33 - 2016-10-15 03:41 - 07654912 ____C (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-11-08 17:33 - 2016-10-15 03:41 - 05376000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-11-08 17:33 - 2016-10-15 03:39 - 00869888 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-11-08 17:33 - 2016-10-15 03:39 - 00357376 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-11-08 17:33 - 2016-10-15 03:38 - 00675840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-11-08 17:33 - 2016-10-15 03:37 - 01980416 ____C (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-11-08 17:33 - 2016-10-15 03:37 - 00715264 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-11-08 17:33 - 2016-10-15 03:37 - 00093184 ____C (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-11-08 17:33 - 2016-10-15 03:36 - 00792064 ____C (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-11-08 17:33 - 2016-10-15 03:36 - 00542208 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-11-08 17:33 - 2016-10-15 03:36 - 00347136 ____C (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-11-08 17:33 - 2016-10-15 03:36 - 00338944 ____C (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-11-08 17:33 - 2016-10-15 03:36 - 00081408 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-11-08 17:33 - 2016-10-15 03:35 - 03054080 ____C (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-11-08 17:33 - 2016-10-15 03:35 - 02708992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-11-08 17:33 - 2016-10-15 03:35 - 02315264 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-11-08 17:33 - 2016-10-15 03:35 - 00760832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-11-08 17:33 - 2016-10-15 03:35 - 00391168 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-11-08 17:33 - 2016-10-05 10:17 - 01322848 ____C (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-11-08 17:33 - 2016-10-05 10:12 - 02446696 ____C (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-11-08 17:33 - 2016-10-05 09:38 - 00237568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2016-11-08 17:33 - 2016-10-05 09:36 - 00073216 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-11-08 17:33 - 2016-10-05 09:35 - 00352768 ____C (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2016-11-08 17:33 - 2016-10-05 09:35 - 00122880 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-11-08 17:33 - 2016-10-05 09:33 - 00651264 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2016-11-08 17:33 - 2016-10-05 09:33 - 00268800 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-11-08 17:33 - 2016-10-05 09:32 - 00223744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2016-11-08 17:33 - 2016-10-05 09:31 - 00561664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2016-11-08 17:33 - 2016-10-05 09:31 - 00425472 ____C (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-11-08 17:33 - 2016-10-05 09:31 - 00176128 ____C (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-11-08 17:33 - 2016-10-05 09:30 - 00396800 ____C (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-11-08 17:33 - 2016-10-05 09:29 - 00368640 ____C (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-11-08 17:33 - 2016-10-05 09:28 - 03059200 ____C (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-11-08 17:33 - 2016-10-05 09:28 - 00156672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2016-11-08 17:33 - 2016-10-05 09:28 - 00123904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2016-11-08 17:33 - 2016-10-05 09:27 - 00945664 ____C (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-11-08 17:33 - 2016-10-05 09:26 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-11-08 17:33 - 2016-10-05 09:26 - 00137216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2016-11-08 17:33 - 2016-10-05 09:26 - 00088576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2016-11-08 17:33 - 2016-10-05 09:25 - 00404992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2016-11-08 17:33 - 2016-10-05 09:25 - 00117760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-11-08 17:33 - 2016-10-05 09:23 - 00431616 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-11-08 17:33 - 2016-10-05 09:23 - 00426496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2016-11-08 17:33 - 2016-10-05 09:23 - 00187904 ____C (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2016-11-08 17:33 - 2016-10-05 09:22 - 00073216 ____C (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-11-08 17:33 - 2016-10-05 09:20 - 00936960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-11-08 17:33 - 2016-10-05 09:20 - 00661504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-11-08 17:33 - 2016-10-05 09:17 - 02914304 ____C (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-11-08 17:33 - 2016-10-05 09:17 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-11-08 17:33 - 2016-10-05 09:16 - 06664192 ____C (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-11-08 17:33 - 2016-10-05 09:15 - 02800128 ____C (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-11-08 17:33 - 2016-10-05 09:15 - 00833024 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-11-08 17:33 - 2016-10-05 09:12 - 01107456 ____C (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-11-08 17:33 - 2016-10-05 09:09 - 03369984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-11-08 17:33 - 2016-10-05 09:08 - 00598528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-11-08 17:33 - 2016-10-05 09:07 - 02682880 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-11-08 17:33 - 2016-10-05 09:07 - 00589312 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2016-11-08 17:33 - 2016-10-05 09:06 - 01013248 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-11-08 17:33 - 2016-10-05 09:05 - 00751104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-11-08 17:33 - 2016-09-15 17:33 - 00083120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-11-08 17:33 - 2016-09-15 17:32 - 02048496 ____C C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-11-08 17:33 - 2016-09-15 17:30 - 00354264 ____C (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-11-08 17:33 - 2016-09-15 17:29 - 01117024 ____C (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2016-11-08 17:33 - 2016-09-15 17:29 - 00512416 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2016-11-08 17:33 - 2016-09-15 17:26 - 00090400 ____C (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-11-08 17:33 - 2016-09-15 17:18 - 00328008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-11-08 17:33 - 2016-09-15 17:16 - 00527808 ____C (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-11-08 17:33 - 2016-09-15 17:15 - 00649568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-11-08 17:33 - 2016-09-15 17:14 - 01100128 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-11-08 17:33 - 2016-09-15 17:14 - 00988512 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-11-08 17:33 - 2016-09-15 17:14 - 00947552 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-11-08 17:33 - 2016-09-15 17:13 - 00113504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2016-11-08 17:33 - 2016-09-15 17:06 - 00387872 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2016-11-08 17:33 - 2016-09-15 17:03 - 00067584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll
2016-11-08 17:33 - 2016-09-15 17:03 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2016-11-08 17:33 - 2016-09-15 17:01 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2016-11-08 17:33 - 2016-09-15 17:00 - 00518656 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-11-08 17:33 - 2016-09-15 17:00 - 00138240 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-11-08 17:33 - 2016-09-15 16:58 - 00203776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-11-08 17:33 - 2016-09-15 16:58 - 00129024 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2016-11-08 17:33 - 2016-09-15 16:58 - 00059904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2016-11-08 17:33 - 2016-09-15 16:56 - 01300480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2016-11-08 17:33 - 2016-09-15 16:56 - 00670208 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2016-11-08 17:33 - 2016-09-15 16:56 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManagerApi.dll
2016-11-08 17:33 - 2016-09-15 16:55 - 01243136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2016-11-08 17:33 - 2016-09-15 16:55 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-11-08 17:33 - 2016-09-15 16:55 - 00562176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2016-11-08 17:33 - 2016-09-15 16:55 - 00386048 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2016-11-08 17:33 - 2016-09-15 16:55 - 00185856 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2016-11-08 17:33 - 2016-09-15 16:55 - 00175616 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-11-08 17:33 - 2016-09-15 16:54 - 00391168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-11-08 17:33 - 2016-09-15 16:53 - 00466432 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-11-08 17:33 - 2016-09-15 16:53 - 00314368 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2016-11-08 17:33 - 2016-09-15 16:53 - 00284672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2016-11-08 17:33 - 2016-09-15 16:52 - 00445952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprapi.dll
2016-11-08 17:33 - 2016-09-15 16:52 - 00238080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-11-08 17:33 - 2016-09-15 16:47 - 00355328 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2016-11-08 17:33 - 2016-09-15 16:47 - 00134656 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
2016-11-08 17:33 - 2016-09-15 16:46 - 00713216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2016-11-08 17:33 - 2016-09-15 16:45 - 02642944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2016-11-08 17:33 - 2016-09-15 16:45 - 00248832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2016-11-08 17:33 - 2016-09-15 16:44 - 02153984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-11-08 17:33 - 2016-09-15 16:44 - 00209920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2016-11-08 17:33 - 2016-09-15 16:43 - 00433664 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
2016-11-08 17:33 - 2016-09-15 16:43 - 00036864 ____C (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2016-11-08 17:33 - 2016-09-15 16:43 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2016-11-08 17:33 - 2016-09-15 16:42 - 00492544 ____C (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2016-11-08 17:33 - 2016-09-15 16:42 - 00123904 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2016-11-08 17:33 - 2016-09-15 16:41 - 00259072 ____C (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2016-11-08 17:33 - 2016-09-15 16:41 - 00185344 ____C (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-11-08 17:33 - 2016-09-15 16:41 - 00156160 ____C (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2016-11-08 17:33 - 2016-09-15 16:41 - 00108032 ____C (Microsoft Corporation) C:\WINDOWS\system32\Family.Authentication.dll
2016-11-08 17:33 - 2016-09-15 16:41 - 00090624 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2016-11-08 17:33 - 2016-09-15 16:40 - 02138112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-11-08 17:33 - 2016-09-15 16:40 - 01988096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2016-11-08 17:33 - 2016-09-15 16:40 - 01656320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2016-11-08 17:33 - 2016-09-15 16:40 - 00348160 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2016-11-08 17:33 - 2016-09-15 16:39 - 01004544 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-11-08 17:33 - 2016-09-15 16:39 - 00418304 ____C C:\WINDOWS\system32\Windows.Perception.Stub.dll
2016-11-08 17:33 - 2016-09-15 16:38 - 00773120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2016-11-08 17:33 - 2016-09-15 16:38 - 00730112 ____C (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-11-08 17:33 - 2016-09-15 16:38 - 00620544 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-11-08 17:33 - 2016-09-15 16:38 - 00573952 ____C (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrGidsHandler.dll
2016-11-08 17:33 - 2016-09-15 16:38 - 00505856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2016-11-08 17:33 - 2016-09-15 16:38 - 00243712 ____C (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-11-08 17:33 - 2016-09-15 16:38 - 00208896 ____C (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-11-08 17:33 - 2016-09-15 16:38 - 00205824 ____C (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2016-11-08 17:33 - 2016-09-15 16:38 - 00125952 ____C (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-11-08 17:33 - 2016-09-15 16:37 - 00912384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2016-11-08 17:33 - 2016-09-15 16:37 - 00390144 ____C (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2016-11-08 17:33 - 2016-09-15 16:36 - 00407552 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-11-08 17:33 - 2016-09-15 16:36 - 00358912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2016-11-08 17:33 - 2016-09-15 16:36 - 00349184 ____C (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2016-11-08 17:33 - 2016-09-15 16:36 - 00310784 ____C (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2016-11-08 17:33 - 2016-09-15 16:36 - 00216576 ____C (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-11-08 17:33 - 2016-09-15 16:36 - 00125952 ____C (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-11-08 17:33 - 2016-09-15 16:35 - 01087488 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2016-11-08 17:33 - 2016-09-15 16:35 - 01013248 ____C (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-11-08 17:33 - 2016-09-15 16:35 - 00280064 ____C (Microsoft Corporation) C:\WINDOWS\system32\DataExchange.dll
2016-11-08 17:33 - 2016-09-15 16:35 - 00252416 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2016-11-08 17:33 - 2016-09-15 16:35 - 00168960 ____C (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-11-08 17:33 - 2016-09-15 16:34 - 00424960 ____C (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-11-08 17:33 - 2016-09-15 16:33 - 03753984 ____C (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2016-11-08 17:33 - 2016-09-15 16:33 - 00560128 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-11-08 17:33 - 2016-09-15 16:33 - 00512000 ____C (Microsoft Corporation) C:\WINDOWS\system32\mprapi.dll
2016-11-08 17:33 - 2016-09-15 16:30 - 00713216 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-11-08 17:33 - 2016-09-15 16:30 - 00458752 ____C (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2016-11-08 17:33 - 2016-09-15 16:30 - 00175616 ____C (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-11-08 17:33 - 2016-09-15 16:30 - 00169984 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2016-11-08 17:33 - 2016-09-15 16:30 - 00104960 ____C (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-11-08 17:33 - 2016-09-15 16:29 - 01105408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2016-11-08 17:33 - 2016-09-15 16:29 - 01082368 ____C (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-11-08 17:33 - 2016-09-15 16:29 - 00715264 ____C (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-11-08 17:33 - 2016-09-15 16:29 - 00329728 ____C (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-11-08 17:33 - 2016-09-15 16:28 - 00442368 ____C (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-11-08 17:33 - 2016-09-15 16:27 - 02860032 ____C (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-11-08 17:33 - 2016-09-15 16:27 - 00582656 ____C (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2016-11-08 17:33 - 2016-09-15 16:27 - 00250368 ____C (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2016-11-08 17:33 - 2016-09-15 16:27 - 00070656 ____C (Microsoft Corporation) C:\WINDOWS\system32\Sens.dll
2016-11-08 17:33 - 2016-09-15 16:26 - 00374784 ____C (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-11-08 17:33 - 2016-09-15 16:26 - 00361472 ____C (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2016-11-08 17:33 - 2016-09-15 16:26 - 00112128 ____C (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-11-08 17:33 - 2016-09-15 16:25 - 00947200 ____C (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2016-11-08 17:33 - 2016-09-15 16:25 - 00628736 ____C (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-11-08 17:33 - 2016-09-15 16:25 - 00130560 ____C (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2016-11-08 17:33 - 2016-09-15 16:24 - 00800768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-11-08 17:33 - 2016-09-15 16:24 - 00538624 ____C (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-11-08 17:33 - 2016-09-15 16:23 - 03405824 ____C (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2016-11-08 17:33 - 2016-09-15 16:23 - 01020928 ____C (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-11-08 17:33 - 2016-09-15 16:22 - 05611008 ____C (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-11-08 17:33 - 2016-09-15 16:22 - 01709056 ____C (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-11-08 17:33 - 2016-09-15 16:22 - 00960000 ____C (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-11-08 17:33 - 2016-09-15 16:22 - 00857600 ____C (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2016-11-08 17:33 - 2016-09-15 16:22 - 00376832 ____C (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-11-08 17:33 - 2016-09-15 16:21 - 02538496 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2016-11-08 17:33 - 2016-09-15 16:21 - 02208768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-11-08 17:33 - 2016-09-15 16:21 - 00971264 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-11-08 17:33 - 2016-09-15 16:20 - 01710080 ____C (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-11-08 17:33 - 2016-09-15 16:20 - 01275392 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-11-08 17:33 - 2016-09-15 16:20 - 01266176 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-11-08 17:33 - 2016-09-15 16:20 - 00875520 ____C (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-11-08 17:33 - 2016-09-15 16:19 - 01130496 ____C (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-11-08 17:33 - 2016-09-15 16:19 - 00903680 ____C (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2016-11-08 17:33 - 2016-09-15 16:19 - 00730112 ____C (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-11-08 17:33 - 2016-09-15 16:18 - 00455168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-11-08 17:33 - 2016-09-15 16:17 - 00180224 ____C (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-11-08 17:33 - 2016-09-15 16:16 - 01817088 ____C (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-11-08 17:33 - 2016-09-15 16:16 - 00035328 ____C (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2016-11-08 17:33 - 2016-09-07 05:53 - 02481768 ____C (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-11-08 17:33 - 2016-09-07 05:34 - 00857440 ____C (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-11-08 17:33 - 2016-09-07 05:33 - 00681304 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2016-11-08 17:33 - 2016-09-07 05:29 - 00118112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys
2016-11-08 17:33 - 2016-09-07 05:17 - 00782176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-11-08 17:33 - 2016-09-07 05:13 - 00529928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-11-08 17:33 - 2016-09-07 05:02 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\system32\PhoneServiceRes.dll
2016-11-08 17:33 - 2016-09-07 05:02 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2016-11-08 17:33 - 2016-09-07 05:00 - 00009728 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-11-08 17:33 - 2016-09-07 05:00 - 00009216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-11-08 17:33 - 2016-09-07 04:59 - 00409088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2016-11-08 17:33 - 2016-09-07 04:59 - 00110080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2016-11-08 17:33 - 2016-09-07 04:59 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-11-08 17:33 - 2016-09-07 04:58 - 00133632 ____C (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2016-11-08 17:33 - 2016-09-07 04:58 - 00058880 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-11-08 17:33 - 2016-09-07 04:56 - 00349184 ____C (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-11-08 17:33 - 2016-09-07 04:56 - 00116224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-11-08 17:33 - 2016-09-07 04:55 - 06574592 ____C (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-11-08 17:33 - 2016-09-07 04:55 - 00070656 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-11-08 17:33 - 2016-09-07 04:54 - 00057344 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2016-11-08 17:33 - 2016-09-07 04:53 - 00091648 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2016-11-08 17:33 - 2016-09-07 04:52 - 00536576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-11-08 17:33 - 2016-09-07 04:52 - 00331264 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-11-08 17:33 - 2016-09-07 04:52 - 00289280 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-11-08 17:33 - 2016-09-07 04:52 - 00243712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2016-11-08 17:33 - 2016-09-07 04:52 - 00104448 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2016-11-08 17:33 - 2016-09-07 04:50 - 00282624 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-11-08 17:33 - 2016-09-07 04:50 - 00235008 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2016-11-08 17:33 - 2016-09-07 04:49 - 00409088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-11-08 17:33 - 2016-09-07 04:47 - 00197120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2016-11-08 17:33 - 2016-09-07 04:46 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-11-08 17:33 - 2016-09-07 04:46 - 00295424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2016-11-08 17:33 - 2016-09-07 04:45 - 00248320 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-11-08 17:33 - 2016-09-07 04:41 - 05511680 ____C (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-11-08 17:33 - 2016-09-07 04:39 - 05384192 ____C (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2016-11-08 17:33 - 2016-09-07 04:39 - 03116544 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-11-08 17:33 - 2016-09-07 04:37 - 01062912 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-11-08 17:33 - 2016-09-07 04:36 - 02423296 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll
2016-11-08 17:33 - 2016-09-07 04:36 - 02360832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-11-08 17:33 - 2016-09-07 04:35 - 02107392 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-11-08 17:33 - 2016-09-07 04:35 - 00650240 ____C (Microsoft) C:\WINDOWS\system32\DbgModel.dll
2016-11-08 17:33 - 2016-09-07 04:34 - 00860672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-11-08 17:33 - 2016-09-07 04:34 - 00444416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-11-08 17:33 - 2016-08-27 04:44 - 00027136 ____C (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-11-08 17:33 - 2016-08-27 04:43 - 00022528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll
2016-11-08 17:33 - 2016-08-20 05:22 - 00028672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-11-08 17:33 - 2016-08-20 05:21 - 00227840 ____C (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2016-11-08 17:33 - 2016-08-20 05:21 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-11-08 17:33 - 2016-08-20 05:21 - 00014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-11-08 17:33 - 2016-08-20 05:20 - 00119808 ____C (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-11-08 17:33 - 2016-08-20 05:20 - 00085504 ____C (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-11-08 17:33 - 2016-08-20 05:20 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-11-08 17:33 - 2016-08-20 05:20 - 00017408 ____C (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-11-08 17:33 - 2016-08-20 05:19 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-11-08 17:33 - 2016-08-20 05:19 - 00083968 ____C (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-11-08 17:33 - 2016-08-20 05:18 - 00200704 ____C (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-11-08 17:33 - 2016-08-20 05:18 - 00066048 ____C (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-11-08 17:33 - 2016-08-20 05:17 - 00235008 ____C (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-11-08 17:33 - 2016-08-20 05:15 - 00295424 ____C (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-11-08 17:33 - 2016-08-20 05:14 - 00225280 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL
2016-11-08 17:33 - 2016-08-20 05:14 - 00086016 ____C (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-11-08 17:33 - 2016-08-20 05:14 - 00014336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL
2016-11-08 17:33 - 2016-08-20 05:14 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL
2016-11-08 17:33 - 2016-08-20 05:06 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-11-08 17:33 - 2016-08-20 05:04 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-11-08 17:33 - 2016-08-20 04:58 - 00020480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll
2016-11-08 17:33 - 2016-08-20 04:56 - 00020992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll
2016-11-08 17:33 - 2016-08-19 01:33 - 00162850 ____C C:\WINDOWS\system32\C_932.NLS
2016-11-08 17:33 - 2016-08-06 04:31 - 00041824 ____C (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-11-08 17:33 - 2016-08-06 04:29 - 00199008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-11-08 17:33 - 2016-08-06 04:18 - 00396168 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-11-08 17:33 - 2016-08-06 04:16 - 00026408 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-11-08 17:33 - 2016-08-06 03:48 - 00032768 ____C (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-11-08 17:33 - 2016-08-06 03:48 - 00015872 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-11-08 17:33 - 2016-08-06 03:48 - 00011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-11-08 17:33 - 2016-08-06 03:48 - 00010752 ____C (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-11-08 17:33 - 2016-08-06 03:48 - 00009216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-11-08 17:33 - 2016-08-06 03:48 - 00005120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-11-08 17:33 - 2016-08-06 03:48 - 00005120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-11-08 17:33 - 2016-08-06 03:47 - 00027648 ____C (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-11-08 17:33 - 2016-08-06 03:47 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-11-08 17:33 - 2016-08-06 03:47 - 00006656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-11-08 17:33 - 2016-08-06 03:46 - 09260032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-11-08 17:33 - 2016-08-06 03:46 - 09260032 ____C (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-11-08 17:33 - 2016-08-06 03:46 - 00057344 ____C (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-11-08 17:33 - 2016-08-06 03:46 - 00047104 ____C (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-11-08 17:33 - 2016-08-06 03:45 - 00226304 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2016-11-08 17:33 - 2016-08-06 03:45 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-11-08 17:33 - 2016-08-06 03:43 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-11-08 17:33 - 2016-08-06 03:41 - 00462336 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-11-08 17:33 - 2016-08-06 03:41 - 00412160 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-11-08 17:33 - 2016-08-06 03:41 - 00068096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2016-11-08 17:33 - 2016-08-06 03:40 - 00234496 ____C (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-11-08 17:33 - 2016-08-06 03:39 - 00298496 ____C (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-11-08 17:33 - 2016-08-06 03:39 - 00295424 ____C (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-11-08 17:33 - 2016-08-06 03:38 - 00320000 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-11-08 17:33 - 2016-08-06 03:34 - 00023552 ____C (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-11-08 17:33 - 2016-08-06 03:33 - 00020992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-11-08 17:33 - 2016-08-06 03:23 - 00520192 ____C (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-11-08 17:33 - 2016-08-05 08:29 - 00568832 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-11-08 17:33 - 2016-08-05 08:29 - 00019968 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2016-11-08 17:33 - 2016-08-02 04:47 - 00079536 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-11-08 17:33 - 2016-07-22 01:25 - 00389000 ____C (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-11-08 17:32 - 2016-10-15 04:51 - 00283488 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-11-08 17:32 - 2016-10-15 04:38 - 00409952 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-11-08 17:32 - 2016-10-15 04:31 - 02190688 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-11-08 17:32 - 2016-10-15 04:31 - 00658272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-11-08 17:32 - 2016-10-15 04:31 - 00402272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-11-08 17:32 - 2016-10-15 04:30 - 01851696 ____C (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-11-08 17:32 - 2016-10-15 04:30 - 00557408 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-11-08 17:32 - 2016-10-15 04:29 - 01267504 ____C (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-11-08 17:32 - 2016-10-15 04:29 - 00335712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-11-08 17:32 - 2016-10-15 04:26 - 01694712 ____C (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-11-08 17:32 - 2016-10-15 04:26 - 00160096 ____C (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-11-08 17:32 - 2016-10-15 04:25 - 00882680 ____C (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-11-08 17:32 - 2016-10-15 04:25 - 00742704 ____C (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-11-08 17:32 - 2016-10-15 04:21 - 02537824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-11-08 17:32 - 2016-10-15 04:21 - 01100128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-11-08 17:32 - 2016-10-15 04:21 - 00584032 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-11-08 17:32 - 2016-10-15 04:20 - 02276736 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-11-08 17:32 - 2016-10-15 04:19 - 00272720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-11-08 17:32 - 2016-10-15 04:18 - 02166232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-11-08 17:32 - 2016-10-15 04:18 - 01556712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-11-08 17:32 - 2016-10-15 04:18 - 00846560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-11-08 17:32 - 2016-10-15 04:15 - 01853776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-11-08 17:32 - 2016-10-15 04:15 - 01123368 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-11-08 17:32 - 2016-10-15 04:15 - 00687936 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-11-08 17:32 - 2016-10-15 04:11 - 01435896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-11-08 17:32 - 2016-10-15 04:00 - 00323584 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-11-08 17:32 - 2016-10-15 03:59 - 00018432 ____C (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-11-08 17:32 - 2016-10-15 03:57 - 00039424 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-11-08 17:32 - 2016-10-15 03:56 - 00327680 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-11-08 17:32 - 2016-10-15 03:56 - 00227328 ____C (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-11-08 17:32 - 2016-10-15 03:56 - 00219648 ____C (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-11-08 17:32 - 2016-10-15 03:56 - 00193536 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-11-08 17:32 - 2016-10-15 03:56 - 00120832 ____C (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-11-08 17:32 - 2016-10-15 03:56 - 00098816 ____C (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-11-08 17:32 - 2016-10-15 03:55 - 00329216 ____C (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-11-08 17:32 - 2016-10-15 03:55 - 00265728 ____C (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-11-08 17:32 - 2016-10-15 03:55 - 00156672 ____C (Microsoft Corporation) C:\WINDOWS\system32\hidclass.sys
2016-11-08 17:32 - 2016-10-15 03:55 - 00156672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-11-08 17:32 - 2016-10-15 03:55 - 00142336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-11-08 17:32 - 2016-10-15 03:54 - 00463872 ____C (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-11-08 17:32 - 2016-10-15 03:54 - 00410112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-11-08 17:32 - 2016-10-15 03:54 - 00241152 ____C (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-11-08 17:32 - 2016-10-15 03:54 - 00152064 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-11-08 17:32 - 2016-10-15 03:53 - 00313856 ____C (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-11-08 17:32 - 2016-10-15 03:52 - 00523776 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-11-08 17:32 - 2016-10-15 03:52 - 00410624 ____C (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-11-08 17:32 - 2016-10-15 03:52 - 00339456 ____C (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-11-08 17:32 - 2016-10-15 03:52 - 00288256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-11-08 17:32 - 2016-10-15 03:51 - 00429568 ____C (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-11-08 17:32 - 2016-10-15 03:51 - 00226304 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-11-08 17:32 - 2016-10-15 03:50 - 02333184 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-11-08 17:32 - 2016-10-15 03:50 - 00438784 ____C (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-11-08 17:32 - 2016-10-15 03:50 - 00310272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-11-08 17:32 - 2016-10-15 03:49 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-11-08 17:32 - 2016-10-15 03:49 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-11-08 17:32 - 2016-10-15 03:47 - 04612608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-11-08 17:32 - 2016-10-15 03:47 - 00720896 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-11-08 17:32 - 2016-10-15 03:46 - 00718848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-11-08 17:32 - 2016-10-15 03:45 - 01790464 ____C (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-11-08 17:32 - 2016-10-15 03:45 - 00702464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-11-08 17:32 - 2016-10-15 03:44 - 00636928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-11-08 17:32 - 2016-10-15 03:43 - 01365504 ____C (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-11-08 17:32 - 2016-10-15 03:42 - 00467968 ____C (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-11-08 17:32 - 2016-10-15 03:42 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-11-08 17:32 - 2016-10-15 03:41 - 00945664 ____C (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-11-08 17:32 - 2016-10-15 03:41 - 00161792 ____C (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-11-08 17:32 - 2016-10-15 03:39 - 04474368 ____C (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-11-08 17:32 - 2016-10-15 03:39 - 01060864 ____C (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-11-08 17:32 - 2016-10-15 03:39 - 01005568 ____C (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-11-08 17:32 - 2016-10-15 03:39 - 00817664 ____C (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-11-08 17:32 - 2016-10-15 03:39 - 00806400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-11-08 17:32 - 2016-10-15 03:39 - 00631296 ____C (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-11-08 17:32 - 2016-10-15 03:37 - 03733504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-11-08 17:32 - 2016-10-15 03:37 - 01029632 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-11-08 17:32 - 2016-10-15 03:37 - 00709120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-11-08 17:32 - 2016-10-15 03:36 - 01170944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-11-08 17:32 - 2016-10-15 03:36 - 00983040 ____C (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-11-08 17:32 - 2016-10-15 03:36 - 00673792 ____C (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-11-08 17:32 - 2016-10-15 03:35 - 02005504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-11-08 17:32 - 2016-10-15 03:35 - 00905216 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-11-08 17:32 - 2016-10-15 03:34 - 02476544 ____C (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-11-08 17:32 - 2016-10-15 03:34 - 01840640 ____C (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-11-08 17:32 - 2016-10-15 03:34 - 00936448 ____C (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-11-08 17:32 - 2016-10-15 03:32 - 00886784 ____C (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-11-08 17:32 - 2016-10-05 10:35 - 00279904 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-11-08 17:32 - 2016-10-05 10:22 - 01181536 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-11-08 17:32 - 2016-10-05 10:16 - 00187232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-11-08 17:32 - 2016-10-05 10:13 - 00146784 ____C (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2016-11-08 17:32 - 2016-10-05 10:12 - 01112928 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-11-08 17:32 - 2016-10-05 10:08 - 00241504 ____C (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-11-08 17:32 - 2016-10-05 09:50 - 00116576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2016-11-08 17:32 - 2016-10-05 09:49 - 01980768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-11-08 17:32 - 2016-10-05 09:48 - 01022304 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-11-08 17:32 - 2016-10-05 09:46 - 01360456 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-11-08 17:32 - 2016-10-05 09:46 - 00980824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-11-08 17:32 - 2016-10-05 09:38 - 00584192 ____C (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-11-08 17:32 - 2016-10-05 09:36 - 00113664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-11-08 17:32 - 2016-10-05 09:35 - 00196096 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2016-11-08 17:32 - 2016-10-05 09:35 - 00101888 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2016-11-08 17:32 - 2016-10-05 09:33 - 00157696 ____C (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2016-11-08 17:32 - 2016-10-05 09:32 - 00590336 ____C (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-11-08 17:32 - 2016-10-05 09:32 - 00146432 ____C (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-11-08 17:32 - 2016-10-05 09:31 - 00837632 ____C (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-11-08 17:32 - 2016-10-05 09:31 - 00748544 ____C (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-11-08 17:32 - 2016-10-05 09:31 - 00480768 ____C (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2016-11-08 17:32 - 2016-10-05 09:31 - 00058880 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-11-08 17:32 - 2016-10-05 09:29 - 01145856 ____C (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-11-08 17:32 - 2016-10-05 09:28 - 00775168 ____C (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-11-08 17:32 - 2016-10-05 09:28 - 00584192 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2016-11-08 17:32 - 2016-10-05 09:27 - 00094208 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-11-08 17:32 - 2016-10-05 09:27 - 00087040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-11-08 17:32 - 2016-10-05 09:26 - 00590848 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-11-08 17:32 - 2016-10-05 09:25 - 00299520 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-11-08 17:32 - 2016-10-05 09:24 - 00483840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2016-11-08 17:32 - 2016-10-05 09:24 - 00099328 ____C (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-11-08 17:32 - 2016-10-05 09:21 - 03689984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-11-08 17:32 - 2016-10-05 09:21 - 00567808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-11-08 17:32 - 2016-10-05 09:20 - 00143872 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-11-08 17:32 - 2016-10-05 09:19 - 02390016 ____C (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2016-11-08 17:32 - 2016-10-05 09:18 - 00858112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-11-08 17:32 - 2016-10-05 09:16 - 00771072 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-11-08 17:32 - 2016-10-05 09:16 - 00508416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-11-08 17:32 - 2016-10-05 09:15 - 00716800 ____C (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-11-08 17:32 - 2016-10-05 09:15 - 00141312 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2016-11-08 17:32 - 2016-10-05 09:14 - 01255936 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-11-08 17:32 - 2016-10-05 09:14 - 01013760 ____C (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-11-08 17:32 - 2016-10-05 09:11 - 00640000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-11-08 17:32 - 2016-10-05 09:10 - 06474752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-11-08 17:32 - 2016-10-05 09:09 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-11-08 17:32 - 2016-10-05 09:08 - 00873472 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-11-08 17:32 - 2016-10-05 09:07 - 02646016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-11-08 17:32 - 2016-10-05 09:07 - 00566784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-11-08 17:32 - 2016-10-05 09:06 - 00850944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-11-08 17:32 - 2016-09-15 17:40 - 00965472 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2016-11-08 17:32 - 2016-09-15 17:37 - 00496872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-11-08 17:32 - 2016-09-15 17:37 - 00402352 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-11-08 17:32 - 2016-09-15 17:30 - 00646136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-11-08 17:32 - 2016-09-15 17:29 - 00424640 ____C (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-11-08 17:32 - 2016-09-15 17:29 - 00081760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-11-08 17:32 - 2016-09-15 17:23 - 01503032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-11-08 17:32 - 2016-09-15 17:23 - 00170960 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-11-08 17:32 - 2016-09-15 17:22 - 00433832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-11-08 17:32 - 2016-09-15 17:20 - 00634944 ____C (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2016-11-08 17:32 - 2016-09-15 17:19 - 00361104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-11-08 17:32 - 2016-09-15 17:18 - 01201872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-11-08 17:32 - 2016-09-15 17:18 - 00856872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-11-08 17:32 - 2016-09-15 17:16 - 01738040 ____C (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-11-08 17:32 - 2016-09-15 17:16 - 01157000 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2016-11-08 17:32 - 2016-09-15 17:16 - 00206096 ____C (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-11-08 17:32 - 2016-09-15 17:15 - 00218976 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-11-08 17:32 - 2016-09-15 17:15 - 00130912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2016-11-08 17:32 - 2016-09-15 17:14 - 00811872 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-11-08 17:32 - 2016-09-15 17:14 - 00119648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2016-11-08 17:32 - 2016-09-15 17:06 - 00455520 ____C (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-11-08 17:32 - 2016-09-15 17:06 - 00372440 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-11-08 17:32 - 2016-09-15 17:03 - 00094720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-11-08 17:32 - 2016-09-15 17:01 - 00141824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2016-11-08 17:32 - 2016-09-15 17:00 - 00554496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2016-11-08 17:32 - 2016-09-15 16:59 - 00255488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2016-11-08 17:32 - 2016-09-15 16:59 - 00143872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovslegacy.dll
2016-11-08 17:32 - 2016-09-15 16:59 - 00136192 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2016-11-08 17:32 - 2016-09-15 16:58 - 00291840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2016-11-08 17:32 - 2016-09-15 16:58 - 00092672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-11-08 17:32 - 2016-09-15 16:57 - 00392192 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2016-11-08 17:32 - 2016-09-15 16:57 - 00315904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2016-11-08 17:32 - 2016-09-15 16:57 - 00171520 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-11-08 17:32 - 2016-09-15 16:56 - 00609280 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2016-11-08 17:32 - 2016-09-15 16:56 - 00265728 ____C C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2016-11-08 17:32 - 2016-09-15 16:56 - 00115712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2016-11-08 17:32 - 2016-09-15 16:55 - 00218624 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2016-11-08 17:32 - 2016-09-15 16:54 - 00461312 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-11-08 17:32 - 2016-09-15 16:54 - 00262144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2016-11-08 17:32 - 2016-09-15 16:53 - 00819200 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-11-08 17:32 - 2016-09-15 16:52 - 01358336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-11-08 17:32 - 2016-09-15 16:52 - 00816640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2016-11-08 17:32 - 2016-09-15 16:52 - 00525824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2016-11-08 17:32 - 2016-09-15 16:52 - 00500224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2016-11-08 17:32 - 2016-09-15 16:52 - 00297472 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2016-11-08 17:32 - 2016-09-15 16:51 - 00762368 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2016-11-08 17:32 - 2016-09-15 16:50 - 01534464 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2016-11-08 17:32 - 2016-09-15 16:50 - 00071168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\pwrshplugin.dll
2016-11-08 17:32 - 2016-09-15 16:49 - 00499200 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-11-08 17:32 - 2016-09-15 16:49 - 00468992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-11-08 17:32 - 2016-09-15 16:48 - 01320448 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-11-08 17:32 - 2016-09-15 16:47 - 01077760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-11-08 17:32 - 2016-09-15 16:46 - 00795648 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2016-11-08 17:32 - 2016-09-15 16:46 - 00558080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-11-08 17:32 - 2016-09-15 16:46 - 00343040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-11-08 17:32 - 2016-09-15 16:46 - 00049664 ____C (Microsoft Corporation) C:\WINDOWS\system32\ffbroker.dll
2016-11-08 17:32 - 2016-09-15 16:44 - 00118784 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-11-08 17:32 - 2016-09-15 16:43 - 00220672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2016-11-08 17:32 - 2016-09-15 16:43 - 00210432 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-11-08 17:32 - 2016-09-15 16:43 - 00039424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2016-11-08 17:32 - 2016-09-15 16:42 - 01220608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-11-08 17:32 - 2016-09-15 16:42 - 00051712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2016-11-08 17:32 - 2016-09-15 16:41 - 00400384 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-11-08 17:32 - 2016-09-15 16:41 - 00295424 ____C (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2016-11-08 17:32 - 2016-09-15 16:40 - 05061120 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-11-08 17:32 - 2016-09-15 16:40 - 00467968 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2016-11-08 17:32 - 2016-09-15 16:40 - 00114688 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-11-08 17:32 - 2016-09-15 16:40 - 00082432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2016-11-08 17:32 - 2016-09-15 16:39 - 01232384 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2016-11-08 17:32 - 2016-09-15 16:39 - 01170944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2016-11-08 17:32 - 2016-09-15 16:39 - 00547840 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2016-11-08 17:32 - 2016-09-15 16:39 - 00186368 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2016-11-08 17:32 - 2016-09-15 16:38 - 01291264 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2016-11-08 17:32 - 2016-09-15 16:38 - 00203776 ____C (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-11-08 17:32 - 2016-09-15 16:38 - 00132096 ____C (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll
2016-11-08 17:32 - 2016-09-15 16:37 - 00568320 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2016-11-08 17:32 - 2016-09-15 16:37 - 00266240 ____C (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-11-08 17:32 - 2016-09-15 16:37 - 00216576 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-11-08 17:32 - 2016-09-15 16:36 - 00852480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2016-11-08 17:32 - 2016-09-15 16:36 - 00648192 ____C (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-11-08 17:32 - 2016-09-15 16:36 - 00257024 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2016-11-08 17:32 - 2016-09-15 16:36 - 00166912 ____C (Microsoft Corporation) C:\WINDOWS\system32\credprovslegacy.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 01060352 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00949248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00645120 ____C (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00538112 ____C (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00472064 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00431616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00417792 ____C (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00358400 ____C (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00331776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00329728 ____C (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-11-08 17:32 - 2016-09-15 16:35 - 00128000 ____C (Microsoft Corporation) C:\WINDOWS\system32\rshx32.dll
2016-11-08 17:32 - 2016-09-15 16:34 - 00671744 ____C (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2016-11-08 17:32 - 2016-09-15 16:34 - 00560640 ____C (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-11-08 17:32 - 2016-09-15 16:34 - 00437248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2016-11-08 17:32 - 2016-09-15 16:34 - 00284160 ____C (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-11-08 17:32 - 2016-09-15 16:33 - 00966144 ____C (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2016-11-08 17:32 - 2016-09-15 16:33 - 00896512 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-11-08 17:32 - 2016-09-15 16:32 - 00634368 ____C (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-11-08 17:32 - 2016-09-15 16:32 - 00361472 ____C (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-11-08 17:32 - 2016-09-15 16:30 - 01227264 ____C (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-11-08 17:32 - 2016-09-15 16:30 - 00112640 ____C (Microsoft Corporation) C:\WINDOWS\system32\baaupdate.exe
2016-11-08 17:32 - 2016-09-15 16:28 - 00864256 ____C (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2016-11-08 17:32 - 2016-09-15 16:28 - 00798720 ____C (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2016-11-08 17:32 - 2016-09-15 16:28 - 00440320 ____C (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2016-11-08 17:32 - 2016-09-15 16:28 - 00159744 ____C (Microsoft Corporation) C:\WINDOWS\system32\fveprompt.exe
2016-11-08 17:32 - 2016-09-15 16:27 - 00883712 ____C (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-11-08 17:32 - 2016-09-15 16:27 - 00279040 ____C (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-11-08 17:32 - 2016-09-15 16:27 - 00228352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSAC3ENC.DLL
2016-11-08 17:32 - 2016-09-15 16:27 - 00211968 ____C (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2016-11-08 17:32 - 2016-09-15 16:27 - 00171008 ____C (Microsoft Corporation) C:\WINDOWS\system32\fvenotify.exe
2016-11-08 17:32 - 2016-09-15 16:26 - 00501248 ____C (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2016-11-08 17:32 - 2016-09-15 16:26 - 00033792 ____C (Microsoft Corporation) C:\WINDOWS\system32\bdeui.dll
2016-11-08 17:32 - 2016-09-15 16:25 - 00237056 ____C (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-11-08 17:32 - 2016-09-15 16:25 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\BackgroundMediaPolicy.dll
2016-11-08 17:32 - 2016-09-15 16:24 - 01080320 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2016-11-08 17:32 - 2016-09-15 16:24 - 00139776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-11-08 17:32 - 2016-09-15 16:23 - 00460800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2016-11-08 17:32 - 2016-09-15 16:21 - 00816640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-11-08 17:32 - 2016-09-15 16:20 - 02424320 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2016-11-08 17:32 - 2016-09-15 16:20 - 01535488 ____C (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2016-11-08 17:32 - 2016-09-15 16:20 - 00845824 ____C (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2016-11-08 17:32 - 2016-09-15 16:20 - 00691712 ____C (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-11-08 17:32 - 2016-09-15 16:20 - 00283648 ____C (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-11-08 17:32 - 2016-09-15 16:19 - 03202048 ____C (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-11-08 17:32 - 2016-09-15 16:19 - 00717824 ____C (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-11-08 17:32 - 2016-09-15 16:17 - 00122368 ____C (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-11-08 17:32 - 2016-09-15 16:16 - 00531456 ____C (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2016-11-08 17:32 - 2016-09-15 16:16 - 00483840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-11-08 17:32 - 2016-09-15 16:16 - 00387072 ____C (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2016-11-08 17:32 - 2016-09-15 16:16 - 00221696 ____C (Microsoft Corporation) C:\WINDOWS\system32\tspubwmi.dll
2016-11-08 17:32 - 2016-09-07 05:54 - 00133472 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-11-08 17:32 - 2016-09-07 05:41 - 00172528 ____C (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-11-08 17:32 - 2016-09-07 05:34 - 00584544 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-11-08 17:32 - 2016-09-07 05:34 - 00360040 ____C (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-11-08 17:32 - 2016-09-07 05:34 - 00178528 ____C (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2016-11-08 17:32 - 2016-09-07 05:32 - 02206496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-11-08 17:32 - 2016-09-07 05:29 - 00755656 ____C (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-11-08 17:32 - 2016-09-07 05:29 - 00382272 ____C (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-11-08 17:32 - 2016-09-07 05:24 - 00057400 ____C (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2016-11-08 17:32 - 2016-09-07 05:17 - 00509792 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-11-08 17:32 - 2016-09-07 05:07 - 00117240 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-11-08 17:32 - 2016-09-07 05:04 - 00009216 ____C (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-11-08 17:32 - 2016-09-07 05:03 - 00409088 ____C (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-11-08 17:32 - 2016-09-07 05:03 - 00110080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-11-08 17:32 - 2016-09-07 05:03 - 00095232 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-11-08 17:32 - 2016-09-07 05:03 - 00009728 ____C (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-11-08 17:32 - 2016-09-07 05:03 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccessRes.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00045568 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00044032 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00023552 ____C (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00015360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\system32\PhoneutilRes.dll
2016-11-08 17:32 - 2016-09-07 05:02 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-11-08 17:32 - 2016-09-07 05:01 - 00137728 ____C (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-11-08 17:32 - 2016-09-07 05:01 - 00068096 ____C (Microsoft Corporation) C:\WINDOWS\system32\AddressParser.dll
2016-11-08 17:32 - 2016-09-07 05:01 - 00065024 ____C (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-11-08 17:32 - 2016-09-07 05:00 - 00052224 ____C (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-11-08 17:32 - 2016-09-07 05:00 - 00049152 ____C (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00263680 ____C (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00150528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00095232 ____C (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00088064 ____C (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00071168 ____C (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00064512 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00054784 ____C (Microsoft Corporation) C:\WINDOWS\system32\ContactActivation.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00040448 ____C (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-11-08 17:32 - 2016-09-07 04:59 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00187904 ____C (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00057344 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00054784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AddressParser.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00038400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00037888 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccessRes.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneutilRes.dll
2016-11-08 17:32 - 2016-09-07 04:58 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2016-11-08 17:32 - 2016-09-07 04:57 - 00224256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-11-08 17:32 - 2016-09-07 04:57 - 00045568 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-11-08 17:32 - 2016-09-07 04:57 - 00002560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2016-11-08 17:32 - 2016-09-07 04:56 - 00327168 ____C (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2016-11-08 17:32 - 2016-09-07 04:56 - 00157696 ____C (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll
2016-11-08 17:32 - 2016-09-07 04:56 - 00140288 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-11-08 17:32 - 2016-09-07 04:56 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2016-11-08 17:32 - 2016-09-07 04:56 - 00077312 ____C (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-11-08 17:32 - 2016-09-07 04:56 - 00048128 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactActivation.dll
2016-11-08 17:32 - 2016-09-07 04:55 - 00820736 ____C (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-11-08 17:32 - 2016-09-07 04:55 - 00323584 ____C (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-11-08 17:32 - 2016-09-07 04:55 - 00243200 ____C (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2016-11-08 17:32 - 2016-09-07 04:55 - 00147456 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-11-08 17:32 - 2016-09-07 04:54 - 00805888 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-11-08 17:32 - 2016-09-07 04:54 - 00446464 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-11-08 17:32 - 2016-09-07 04:54 - 00366592 ____C (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2016-11-08 17:32 - 2016-09-07 04:54 - 00315904 ____C (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2016-11-08 17:32 - 2016-09-07 04:54 - 00055808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-11-08 17:32 - 2016-09-07 04:53 - 02083840 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-11-08 17:32 - 2016-09-07 04:53 - 00526848 ____C (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-11-08 17:32 - 2016-09-07 04:53 - 00302592 ____C (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2016-11-08 17:32 - 2016-09-07 04:53 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-11-08 17:32 - 2016-09-07 04:50 - 00426496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-11-08 17:32 - 2016-09-07 04:49 - 00260096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2016-11-08 17:32 - 2016-09-07 04:45 - 05398016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-11-08 17:32 - 2016-09-07 04:43 - 00484352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-11-08 17:32 - 2016-09-07 04:41 - 03435008 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-11-08 17:32 - 2016-09-07 04:41 - 02947072 ____C (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-11-08 17:32 - 2016-09-07 04:41 - 02510848 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-11-08 17:32 - 2016-09-07 04:41 - 00932864 ____C (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-11-08 17:32 - 2016-09-07 04:40 - 02852864 ____C (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-11-08 17:32 - 2016-09-07 04:39 - 00895488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-11-08 17:32 - 2016-09-07 04:38 - 01232384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-11-08 17:32 - 2016-09-07 04:37 - 02820096 ____C (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-11-08 17:32 - 2016-09-07 04:34 - 04557824 ____C (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-11-08 17:32 - 2016-09-07 04:31 - 00461312 ____C (Microsoft) C:\WINDOWS\SysWOW64\DbgModel.dll
2016-11-08 17:32 - 2016-08-27 04:58 - 00121368 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-11-08 17:32 - 2016-08-20 05:34 - 00136032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2016-11-08 17:32 - 2016-08-20 05:16 - 00380928 ____C (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-11-08 17:32 - 2016-08-20 05:12 - 00476672 ____C (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-11-08 17:32 - 2016-08-20 05:07 - 00288768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-11-08 17:32 - 2016-08-20 05:07 - 00203776 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-11-08 17:32 - 2016-08-20 05:04 - 00592384 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-11-08 17:32 - 2016-08-20 05:00 - 00141824 ____C (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll
2016-11-08 17:32 - 2016-08-06 04:26 - 01176664 ____C (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-11-08 17:32 - 2016-08-06 04:23 - 00168800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-11-08 17:32 - 2016-08-06 04:17 - 00790760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-11-08 17:32 - 2016-08-06 04:17 - 00619368 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-11-08 17:32 - 2016-08-06 04:16 - 00073568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-11-08 17:32 - 2016-08-06 04:16 - 00020320 ____C (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-11-08 17:32 - 2016-08-06 04:15 - 00408600 ____C (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-11-08 17:32 - 2016-08-06 04:03 - 01343928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-11-08 17:32 - 2016-08-06 04:03 - 00036168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-11-08 17:32 - 2016-08-06 03:50 - 02755584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-11-08 17:32 - 2016-08-06 03:48 - 02755584 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-11-08 17:32 - 2016-08-06 03:47 - 00038400 ____C (Microsoft Corporation) C:\WINDOWS\system32\hidusb.sys
2016-11-08 17:32 - 2016-08-06 03:47 - 00038400 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-11-08 17:32 - 2016-08-06 03:46 - 00094720 ____C (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-11-08 17:32 - 2016-08-06 03:46 - 00040960 ____C (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2016-11-08 17:32 - 2016-08-06 03:46 - 00040960 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-11-08 17:32 - 2016-08-06 03:45 - 00327680 ____C (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-11-08 17:32 - 2016-08-06 03:45 - 00049664 ____C (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-11-08 17:32 - 2016-08-06 03:44 - 00047616 ____C (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-11-08 17:32 - 2016-08-06 03:44 - 00035328 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2016-11-08 17:32 - 2016-08-06 03:43 - 00200704 ____C (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-11-08 17:32 - 2016-08-06 03:40 - 00239104 ____C (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-11-08 17:32 - 2016-08-06 03:36 - 00447488 ____C (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-11-08 17:32 - 2016-08-06 03:33 - 00396800 ____C (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-11-08 17:32 - 2016-08-06 03:31 - 00100864 ____C (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-11-08 17:32 - 2016-08-06 03:29 - 00298496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2016-11-08 17:32 - 2016-08-06 03:29 - 00123904 ____C (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-11-08 17:32 - 2016-08-06 03:28 - 00086016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-11-08 17:32 - 2016-08-06 03:21 - 00102400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-11-08 17:32 - 2016-08-06 03:19 - 00114688 ____C (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-11-08 17:32 - 2016-08-05 09:14 - 01066328 ____C (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-11-08 17:32 - 2016-08-05 09:10 - 00939872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2016-11-08 17:32 - 2016-08-05 09:05 - 00665768 ____C (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-11-08 17:32 - 2016-08-05 08:29 - 00568832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-11-08 17:32 - 2016-08-05 08:28 - 00022016 ____C (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-11-08 17:32 - 2016-08-05 08:23 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2016-11-08 17:32 - 2016-08-05 08:22 - 00138240 ____C (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-11-08 17:32 - 2016-08-05 08:18 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2016-11-08 17:32 - 2016-08-05 08:08 - 00135168 ____C (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-11-08 17:32 - 2016-08-02 08:21 - 00140288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-11-08 17:32 - 2016-08-02 08:15 - 00231424 ____C (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-11-08 17:32 - 2016-08-02 08:13 - 01081856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-11-08 17:32 - 2016-08-02 04:37 - 00121344 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-11-08 17:32 - 2016-07-22 01:18 - 00297552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-11-08 11:00 - 2016-11-08 11:00 - 00000000 ____D C:\Users\Fraser Ross\AppData\Roaming\TuneUp Software
2016-11-08 11:00 - 2016-11-08 11:00 - 00000000 ____D C:\Users\Fraser Ross\AppData\Roaming\AVG
2016-11-08 10:55 - 2016-11-08 15:50 - 00000000 ____D C:\Users\Fraser Ross\AppData\Local\AvgSetupLog
2016-11-08 10:55 - 2016-11-08 15:44 - 00000000 ____D C:\Users\Fraser Ross\AppData\Local\Avg
2016-11-08 10:54 - 2016-11-08 10:55 - 03312896 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Fraser Ross\Downloads\AVG_Protection_Free_698.exe
2016-11-08 10:40 - 2016-11-11 15:35 - 00000000 ___DC C:\AdwCleaner
2016-11-08 10:39 - 2016-11-08 10:40 - 03910208 _____ C:\Users\Fraser Ross\Downloads\adwcleaner_6.030.exe
2016-11-07 16:07 - 2016-11-10 15:16 - 00001463 ____C C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-11-07 16:07 - 2016-11-07 16:07 - 00001475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-11-07 16:07 - 2016-11-07 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-11-07 16:07 - 2015-06-16 17:32 - 00020760 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2016-11-07 15:55 - 2016-11-07 11:08 - 00457132 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20161107-155502.backup
2016-11-07 11:10 - 2016-11-07 11:12 - 00001024 ___HC C:\AMTAG.BIN
2016-11-07 11:06 - 2016-11-07 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartW8
2016-11-07 10:41 - 2016-11-07 10:41 - 00000000 ____D C:\Program Files (x86)\StartW8
2016-11-07 01:02 - 2016-11-07 01:02 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-11-07 01:01 - 2016-11-07 01:01 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-11-07 01:01 - 2016-11-07 01:01 - 00000000 ____D C:\Program Files\MSBuild
2016-11-07 01:01 - 2016-11-07 01:01 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-11-07 01:01 - 2016-11-06 17:21 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-07 01:00 - 2016-05-25 22:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-11-07 01:00 - 2016-05-25 22:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-11-07 01:00 - 2016-05-25 22:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-11-07 01:00 - 2016-05-25 19:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-11-07 01:00 - 2016-05-25 19:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-11-07 01:00 - 2016-05-25 19:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-11-06 18:11 - 2016-11-06 18:11 - 00000000 ____D C:\ProgramData\USOShared
2016-11-06 18:10 - 2016-11-06 18:10 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-11-06 18:06 - 2016-11-06 18:30 - 00000000 ____D C:\Users\Fraser Ross\AppData\Local\ConnectedDevicesPlatform
2016-11-06 18:06 - 2016-11-06 18:06 - 00000020 ___SH C:\Users\Fraser Ross\ntuser.ini
2016-11-06 17:55 - 2016-11-06 17:55 - 00000000 _SHDL C:\Users\Default\My Documents
2016-11-06 17:55 - 2016-11-06 17:55 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-11-06 17:55 - 2016-11-06 17:55 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-11-06 17:55 - 2016-11-06 17:55 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-11-06 17:55 - 2016-11-06 17:55 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-11-06 17:55 - 2016-11-06 17:55 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-11-06 17:55 - 2016-11-06 17:55 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-11-06 17:52 - 2016-11-06 17:54 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-11-06 17:52 - 2016-11-06 17:54 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-11-06 17:50 - 2016-11-12 10:24 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2016-11-06 17:50 - 2016-11-11 20:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-11-06 17:50 - 2016-11-06 17:50 - 00002880 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3240783315-1213011343-4006949943-1000
2016-11-06 17:50 - 2016-11-06 17:50 - 00002344 _____ C:\WINDOWS\System32\Tasks\{6DDCC59A-CD43-492C-AF13-CAAF0BD3C4DD}
2016-11-06 17:50 - 2016-11-06 17:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-11-06 17:50 - 2016-11-06 17:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-11-06 17:49 - 2016-11-09 14:04 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-06 17:49 - 2016-11-06 17:50 - 00003318 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3240783315-1213011343-4006949943-1000
2016-11-06 17:49 - 2016-11-06 17:50 - 00003222 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3240783315-1213011343-4006949943-1000
2016-11-06 17:49 - 2016-11-06 17:50 - 00002236 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-11-06 17:31 - 2016-11-06 17:31 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-06 17:31 - 2016-11-06 17:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-11-06 17:31 - 2016-11-06 17:31 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-11-06 17:31 - 2016-11-06 17:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-11-06 17:31 - 2016-11-06 17:31 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-11-06 17:21 - 2016-11-06 17:21 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-11-06 17:19 - 2016-11-06 17:33 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-11-06 17:16 - 2016-11-11 17:43 - 00000000 ____D C:\Users\Fraser Ross
2016-11-06 17:16 - 2016-11-06 17:16 - 00000000 _SHDL C:\Users\Fraser Ross\My Documents
2016-11-06 17:16 - 2016-11-06 17:16 - 00000000 _SHDL C:\Users\Fraser Ross\Documents\My Videos
2016-11-06 17:16 - 2016-11-06 17:16 - 00000000 _SHDL C:\Users\Fraser Ross\Documents\My Pictures
2016-11-06 17:16 - 2016-11-06 17:16 - 00000000 _SHDL C:\Users\Fraser Ross\Documents\My Music
2016-11-06 17:12 - 2016-11-06 17:12 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2016-11-06 17:12 - 2016-11-06 17:12 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-11-06 17:12 - 2016-11-06 17:12 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-11-06 17:12 - 2016-11-06 17:12 - 00000000 ____D C:\Program Files\Realtek
2016-11-06 17:11 - 2016-07-16 11:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-11-06 17:09 - 2016-11-12 09:59 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-06 17:09 - 2016-11-11 12:08 - 00357960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-06 17:09 - 2016-11-06 17:09 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-11-06 10:46 - 2016-11-12 10:24 - 00000000 ____C C:\WINDOWS\system32\version.tmp
2016-10-13 21:55 - 2016-10-13 21:55 - 02468304 _____ (Logitech, Inc.) C:\WINDOWS\system32\LdaCx2.dll

FraserR

2016-11-12, 11:48

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-12 10:38 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-12 10:38 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-12 10:34 - 2013-05-06 17:06 - 00000000 ___DC C:\Users\Fraser Ross\AppData\Local\ElevatedDiagnostics
2016-11-12 10:33 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-12 10:31 - 2015-07-30 17:14 - 01129462 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-12 10:24 - 2013-05-05 17:06 - 00143248 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2016-11-12 10:23 - 2016-07-16 06:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-11-12 10:22 - 2013-05-05 17:05 - 00000000 ___DC C:\ProgramData\WRData
2016-11-12 10:21 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-12 08:40 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-12 08:40 - 2015-07-30 18:51 - 00001298 ____C C:\Users\Fraser Ross\Desktop\Internet Explorer.lnk
2016-11-12 08:39 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-12 08:39 - 2014-07-23 13:52 - 00000000 ___DC C:\Users\Fraser Ross\AppData\Local\Adobe
2016-11-12 08:15 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-12 08:08 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-11 20:17 - 2014-05-21 14:47 - 00192216 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-11 17:31 - 2015-09-04 13:44 - 00000214 ____C C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-11-11 13:19 - 2013-05-01 19:50 - 00000000 ___DC C:\Users\Fraser Ross\AppData\Roaming\CheckPoint
2016-11-11 12:42 - 2015-08-05 11:27 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-11 12:39 - 2013-08-22 15:36 - 00000000 __HDC C:\WINDOWS\system32\GroupPolicy
2016-11-11 12:39 - 2013-05-18 12:53 - 00000000 ___DC C:\Users\Fraser Ross\AppData\LocalLow\Temp
2016-11-11 12:31 - 2014-08-14 09:40 - 00000000 ___DC C:\Program Files (x86)\Java
2016-11-11 12:30 - 2014-10-18 07:40 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-11 12:15 - 2015-07-30 17:18 - 00000000 _RHDC C:\Users\Public\AccountPictures
2016-11-11 12:04 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-11 12:04 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-11 12:04 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-11 12:04 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-11 12:04 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-11 12:04 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-11 11:48 - 2013-07-18 11:11 - 00000000 ___DC C:\WINDOWS\system32\MRT
2016-11-11 11:36 - 2013-05-03 14:14 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-10 18:39 - 2014-02-26 12:16 - 00000000 __RDC C:\Users\Fraser Ross\Sync
2016-11-10 17:01 - 2013-12-01 10:46 - 00001074 ____C C:\Users\Fraser Ross\Desktop\CheckAll.BAT - Shortcut.lnk
2016-11-09 18:20 - 2013-12-06 12:22 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
2016-11-08 18:02 - 2016-02-22 11:33 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-11-08 17:46 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-11-08 17:46 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-11-08 17:46 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-11-08 17:45 - 2016-07-16 14:29 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-11-08 17:45 - 2016-07-16 11:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ___RD C:\Program Files\Windows Defender
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\setup
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-08 17:45 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-11-08 17:45 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-11-08 17:45 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-11-08 16:42 - 2013-10-19 14:05 - 00000000 ___DC C:\ProgramData\Oracle
2016-11-08 16:37 - 2014-12-30 11:28 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-11-08 15:44 - 2013-07-15 16:09 - 00000000 ___DC C:\ProgramData\MFAData
2016-11-08 13:05 - 2016-07-16 11:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-11-08 11:02 - 2016-07-16 06:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2016-11-07 16:07 - 2015-07-30 17:37 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2016-11-07 10:32 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-11-07 01:07 - 2016-07-16 11:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-11-06 18:34 - 2013-06-01 15:15 - 00000000 ___DC C:\Users\Fraser Ross\AppData\Local\Packages
2016-11-06 18:11 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-11-06 18:11 - 2015-07-30 17:22 - 00002439 _____ C:\Users\Fraser Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-11-06 18:11 - 2015-07-30 17:22 - 00000000 __RDC C:\Users\Fraser Ross\OneDrive
2016-11-06 17:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-06 17:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Registration
2016-11-06 17:52 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-11-06 17:52 - 2015-10-30 07:24 - 00000000 ___DC C:\WINDOWS\system32\Tasks_Migrated
2016-11-06 17:50 - 2015-06-17 13:00 - 00000720 ____C C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3240783315-1213011343-4006949943-1000.job
2016-11-06 17:44 - 2013-06-01 15:02 - 00022840 ____C C:\WINDOWS\system32\emptyregdb.dat
2016-11-06 17:43 - 2016-07-16 11:47 - 00000000 __RSD C:\WINDOWS\Media
2016-11-06 17:42 - 2016-07-16 11:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-11-06 17:33 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-11-06 17:33 - 2016-07-16 08:13 - 00000000 __RDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero RAD Studio 10.1 Berlin
2016-11-06 17:33 - 2016-06-03 10:42 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-11-06 17:33 - 2016-05-14 12:30 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Measurement
2016-11-06 17:33 - 2016-04-05 08:56 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 6.0
2016-11-06 17:33 - 2016-02-23 13:27 - 00000000 ___DC C:\WINDOWS\SysWOW64\PolicyDefinitions
2016-11-06 17:33 - 2016-02-23 13:27 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
2016-11-06 17:33 - 2016-02-22 14:12 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
2016-11-06 17:33 - 2016-02-22 13:32 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Processor Identification Utility
2016-11-06 17:33 - 2016-02-22 12:32 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-11-06 17:33 - 2015-10-30 18:09 - 00000000 ___DC C:\WINDOWS\ShellNew
2016-11-06 17:33 - 2015-09-01 12:42 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-11-06 17:33 - 2015-08-12 11:01 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-11-06 17:33 - 2015-08-12 10:56 - 00000000 ___DC C:\WINDOWS\SysWOW64\1033
2016-11-06 17:33 - 2015-08-12 10:56 - 00000000 ___DC C:\WINDOWS\system32\1033
2016-11-06 17:33 - 2015-07-26 11:06 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft .NET Framework SDK v1.1
2016-11-06 17:33 - 2015-07-23 10:18 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2016-11-06 17:33 - 2015-07-22 13:57 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B-Link Wireless
2016-11-06 17:33 - 2015-07-08 12:58 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Laplink PCmover Image Assistant
2016-11-06 17:33 - 2015-06-15 12:56 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch
2016-11-06 17:33 - 2015-06-15 10:39 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrar Registry Manager
2016-11-06 17:33 - 2015-06-03 16:46 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDE Information Utility
2016-11-06 17:33 - 2015-05-12 11:27 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Borland Developer Studio 2006
2016-11-06 17:33 - 2015-04-30 12:04 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-11-06 17:33 - 2015-04-15 14:54 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2016-11-06 17:33 - 2015-04-08 14:48 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-11-06 17:33 - 2014-12-30 11:49 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-11-06 17:33 - 2014-08-19 11:34 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE Outlook PST File Viewer
2016-11-06 17:33 - 2014-07-24 14:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartitionGuru
2016-11-06 17:33 - 2014-05-21 14:47 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-06 17:33 - 2014-03-26 17:09 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ File Recovery
2016-11-06 17:33 - 2013-11-28 18:00 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-06 17:33 - 2013-11-28 16:34 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-11-06 17:33 - 2013-08-25 17:50 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-11-06 17:33 - 2013-06-25 18:02 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ Partition Manager
2016-11-06 17:33 - 2013-06-24 17:19 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCoupe
2016-11-06 17:33 - 2013-06-15 13:45 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2016-11-06 17:33 - 2013-06-05 12:43 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerQuest Drive Image 2002
2016-11-06 17:33 - 2013-06-04 18:56 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
2016-11-06 17:33 - 2013-06-04 18:12 - 00000000 ___DC C:\Users\Fraser Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Graph
2016-11-06 17:33 - 2013-05-09 11:12 - 00000000 ___DC C:\Users\Fraser Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldWave
2016-11-06 17:33 - 2013-05-09 11:02 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2016-11-06 17:33 - 2013-05-09 10:48 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compare It!
2016-11-06 17:33 - 2013-05-05 17:06 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2016-11-06 17:33 - 2013-05-02 13:31 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2016-11-06 17:31 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-06 17:31 - 2015-10-30 06:28 - 00000000 ___DC C:\Users\Default.migrated
2016-11-06 17:24 - 2016-07-16 14:14 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-11-06 17:24 - 2016-07-16 14:14 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-11-06 17:24 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-11-06 17:24 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-11-06 17:24 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-11-06 17:24 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-11-06 17:24 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-11-06 17:24 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-11-06 17:24 - 2013-05-03 19:45 - 00000000 ___DC C:\WINDOWS\SysWOW64\x64
2016-11-06 17:23 - 2016-07-16 14:14 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-11-06 17:23 - 2016-07-16 14:14 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-11-06 17:23 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-11-06 17:23 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-11-06 17:23 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-11-06 17:23 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\IME
2016-11-06 17:23 - 2015-07-22 13:56 - 00000000 ___DC C:\WINDOWS\system32\RaLanguages
2016-11-06 17:23 - 2013-08-22 15:36 - 00000000 ___DC C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-11-06 17:23 - 2013-08-22 15:36 - 00000000 ___DC C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-11-06 17:22 - 2016-07-16 14:15 - 00000000 ____D C:\WINDOWS\OCR
2016-11-06 17:22 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\System
2016-11-06 17:22 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\schemas
2016-11-06 17:22 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\InputMethod
2016-11-06 17:22 - 2013-06-02 13:13 - 00000000 ___DC C:\WINDOWS\system32\appmgmt
2016-11-06 17:21 - 2016-07-19 15:44 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leckie and Leckie Success CDs
2016-11-06 17:21 - 2016-07-16 11:47 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-11-06 17:21 - 2016-07-16 11:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-11-06 17:21 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\IME
2016-11-06 17:21 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Help
2016-11-06 17:21 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-11-06 17:21 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-11-06 17:21 - 2016-06-07 13:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cppcheck x64 1.74
2016-11-06 17:21 - 2016-05-14 12:06 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GLPCCamera
2016-11-06 17:21 - 2016-04-05 08:58 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-11-06 17:21 - 2016-02-22 13:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2016-11-06 17:21 - 2015-08-12 11:01 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2016-11-06 17:21 - 2014-03-11 19:09 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA
2016-11-06 17:21 - 2013-11-12 09:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2016-11-06 17:21 - 2013-09-24 16:25 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2016-11-06 17:21 - 2013-06-04 18:12 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graph
2016-11-06 17:21 - 2013-05-09 18:10 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-11-06 17:21 - 2013-05-03 19:50 - 00000000 __RDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-11-06 17:21 - 2011-04-12 08:28 - 00000000 __RDC C:\Users\Public\Recorded TV
2016-11-06 17:13 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-11-06 17:13 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-11-06 16:49 - 2013-04-27 22:19 - 00008192 _RSHC C:\BOOTSECT.BAK
2016-11-06 16:37 - 2015-06-17 13:00 - 00000624 ____C C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3240783315-1213011343-4006949943-1000.job
2016-11-06 12:49 - 2015-10-26 16:21 - 00000742 ____C C:\Users\Public\Desktop\CCleaner.lnk
2016-11-06 11:01 - 2016-05-01 15:43 - 00002457 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-06 10:51 - 2013-05-05 17:06 - 00184760 ____C (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2016-11-06 10:51 - 2013-05-05 17:06 - 00118384 ____C (Webroot) C:\WINDOWS\system32\WRusr.dll
2016-11-02 15:56 - 2013-04-27 22:19 - 00389408 __RSH C:\bootmgr
2016-10-28 23:56 - 2016-07-16 11:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 23:56 - 2016-07-16 11:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-13 21:55 - 2012-09-20 15:02 - 03942864 _____ (Logitech, Inc.) C:\WINDOWS\system32\LogiLDA.DLL

==================== Files in the root of some directories =======

2015-05-11 17:47 - 2015-05-11 17:47 - 0013030 ____C () C:\Users\Fraser Ross\AppData\Roaming\PDOXUSRS.NET
2013-06-14 12:16 - 2013-10-20 16:17 - 0241245 ____C () C:\Users\Fraser Ross\AppData\Roaming\Safer-Networking.log
2015-04-15 14:58 - 2015-04-15 14:58 - 0000000 ____C () C:\Users\Fraser Ross\AppData\Roaming\wklnhst.dat
2013-09-24 13:50 - 2013-11-03 11:10 - 0004608 ____C () C:\Users\Fraser Ross\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-12 10:45 - 2015-05-12 10:45 - 0000099 ____C () C:\Users\Fraser Ross\AppData\Local\fusioncache.dat
2013-05-04 14:44 - 2015-08-03 14:37 - 0007598 ____C () C:\Users\Fraser Ross\AppData\Local\resmon.resmoncfg
2016-11-06 17:12 - 2016-11-06 17:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-06 17:09

==================== End of FRST.txt ============================

FraserR

2016-11-12, 11:48

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Fraser Ross (12-11-2016 10:39:28)
Running from C:\Users\Fraser Ross\Desktop
Windows 10 Pro Version 1607 (X64) (2016-11-06 17:59:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3240783315-1213011343-4006949943-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3240783315-1213011343-4006949943-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-3240783315-1213011343-4006949943-503 - Limited - Disabled)
Fraser Ross (S-1-5-21-3240783315-1213011343-4006949943-1000 - Administrator - Enabled) => C:\Users\Fraser Ross
Guest (S-1-5-21-3240783315-1213011343-4006949943-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3240783315-1213011343-4006949943-1009 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Spybot - Search and Destroy (Enabled - Up to date) {1A0DDE8C-B4BA-EFDD-22A8-0F557C7985F0}
AV: ZoneAlarm Free Firewall Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: ZoneAlarm Free Firewall Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Acronis True Image 2014 (HKLM-x32\...\{F11B92AF-B753-455B-BD04-898A84863B0B}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Active@ File Recovery 12 (HKLM\...\{177608F6-F029-4301-B176-15BA7C605B73}_is1) (Version: 12 - LSoft Technologies Inc)
Active@ Partition Manager 5 (HKLM\...\{FE2483C5-A90C-401D-967F-023A9C3CAAAF}_is1) (Version: 5 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AOMEI Partition Assistant Standard Edition 6.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
Application Verifier x64 External Package (Version: 10.1.10586.212 - Microsoft) Hidden
AX88772C_772B_772A_772 Windows 8.x Drivers [v3.16.10.0] (HKLM-x32\...\InstallShield_{64D4DE98-8A33-4ED6-BF91-B52F6358B166}) (Version: 3.0.3.0 - ASIX Electronics Corporation)
AX88772C_772B_772A_772 Windows 8.x Drivers [v3.16.10.0] (x32 Version: 3.0.3.0 - ASIX Electronics Corporation) Hidden
BDE Information Utility (HKLM-x32\...\BDE Information Utility) (Version: - InterBase Installation Info (and BDE Information Utility))
BDE_ENT (x32 Version: 5.1.1 - Borland Software Corp.) Hidden
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
B-Link Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.26.0 - B-Link)
Borland Turbo C++ (HKLM-x32\...\{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}) (Version: 10.0.3 - Borland Software Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Compare It! (HKLM-x32\...\Compare It!_is1) (Version: 4.2 - Grig Software)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cppcheck x64 1.74 (HKLM\...\{C8F47281-B55C-4F6D-BBB2-F11C76482ABD}) (Version: 1.74 - The Cppcheck team)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Drive Image (x32 Version: 6.00.000 - PowerQuest) Hidden
Eassos PartitionGuru 4.7.2 (HKLM\...\{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1) (Version: - Eassos Co., Ltd.)
Elevated Installer (x32 Version: 4.0.19.0 - Garmin Ltd or its subsidiaries) Hidden
Entity Framework 6.1.3 Tools for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FREE Outlook PST File Viewer version 2.0 (HKLM-x32\...\{FC708B30-BA65-4091-B93C-A50A367B6448}_is1) (Version: 2.0 - www.freeviewer.org)
Garmin Express (HKLM-x32\...\{3ee9d193-ab0b-47f1-a31c-cce4678679ce}) (Version: 4.0.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.19.0 - Garmin Ltd or its subsidiaries) Hidden
GL USB2.0 UVC Camera Device (HKLM-x32\...\{9897BBD8-013A-49F3-928E-866A59B6E00C}) (Version: 14.03.11.0 - GenesysLogic)
GoldWave v5.68 (HKLM-x32\...\GoldWave v5.68) (Version: 5.68 - GoldWave Inc.)
GoToMeeting 7.26.0.5808 (HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\GoToMeeting) (Version: 7.26.0.5808 - CitrixOnline)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version: - Ivan Johansen)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: - HDS)
HWiNFO64 Version 5.02 (HKLM\...\HWiNFO64_is1) (Version: 5.02 - Martin Malík - REALiX)
Intel(R) Chipset Device Software (x32 Version: 10.0.26 - Intel(R) Corporation) Hidden
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Integrator Toolkit 5 (HKLM-x32\...\{E7597FFE-2C87-4939-89E6-38EF01C247DF}) (Version: 1.0.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel(R) Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) SMBus (HKLM\...\SMBus) (Version: - )
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intellisense Lang Pack Mobile Extension SDK 10.0.10586.0 (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
IsoBuster 3.7 (HKLM-x32\...\IsoBuster_is1) (Version: 3.7 - Smart Projects)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 10.1.10586.212 - Microsoft) Hidden
Laplink PCmover Image Assistant (HKLM-x32\...\{880C0A42-B220-4136-AC91-A19A6C9B17B9}) (Version: 8.20.635 - Laplink Software, Inc.)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Measurement version 2.0 (HKLM-x32\...\{D694A790-B0B4-43A3-9482-2E7AC0B95C7C}_is1) (Version: 2.0 - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework SDK (English) 1.1 (HKLM-x32\...\{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}) (Version: 1.1.4322 - Microsoft)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2015 for Windows Desktop - ENU (HKLM-x32\...\{cf9e81f7-4c03-403e-92b1-93d18aa8c3a4}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Windows 10 SDK Installer (HKLM-x32\...\Microsoft Windows 10 SDK Installer) (Version: 18.0 - Embarcadero Technologies Inc.)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-GB) (HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Mozilla Firefox 48.0.2 (x86 en-GB)) (Version: 48.0.2 - Mozilla)
Mozilla Thunderbird 45.3.0 (x86 en-GB) (HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Mozilla Thunderbird 45.3.0 (x86 en-GB)) (Version: 45.3.0 - Mozilla)
MSI Development Tools (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1053.0 - Passmark Software)
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
RAD Studio 10.1 Berlin version 18.0 (HKLM-x32\...\{F4A93EC9-7AD8-4874-853D-02C09A51B141}_is1) (Version: 18.0 - Embarcadero Technologies, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Registrar Registry Manager 8.00 (HKLM\...\RegistrarHome_is1) (Version: - Resplendence Software Projects Sp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
SDK Debuggers (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SimCoupe (HKLM-x32\...\SimCoupe) (Version: - )
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.)
Standard Grade English Success Guide (HKLM-x32\...\{C726D498-724F-4F86-907D-278083340CC8}) (Version: 3.0.0.0 - 3MRT)
StartW8 1.2.111.0 (HKLM-x32\...\{2FA895E0-C8CF-4216-90AB-C2E21A62BCB1}) (Version: 1.2.111.0 - SODATSW spol. s r. o.)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - )
UltraSearch V2.0.3 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.0.3 - JAM Software)
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.13.62 - Webroot)
WinAppDeploy (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows SDK AddOn (HKLM-x32\...\{75C39BA6-1D02-4BEA-844F-0EA6C4B7FA1B}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation)
WinRT Intellisense Desktop - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WPT Redistributables (x32 Version: 10.1.10586.212 - Microsoft) Hidden
WPTx64 (x32 Version: 10.1.10586.212 - Microsoft) Hidden
XnView 2.39 (HKLM-x32\...\XnView_is1) (Version: 2.39 - Gougelet Pierre-e)
ZoneAlarm Antivirus (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 14.1.057.000 - Check Point)
ZoneAlarm Security (x32 Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Fraser Ross\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Fraser Ross\AppData\Local\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1C4768E9-953E-470B-81D4-06316CE2FF31} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1FED9775-13FA-4DDC-8703-AAF8D49E67D7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2BDDB070-F020-49A5-9220-82D3129DFFD9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2CC84D94-3EE5-44A4-8647-B22D7F547F18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {346BF243-F675-478A-BDBD-3CFB38198A3A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {48595EC4-1D31-4A88-99B3-AB45CDD63EDD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {515A6BBD-898D-4C19-A593-4B849587BDD4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53959AED-D485-4CBB-ACC2-FEF27F5EE8A4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6CD94585-513A-469C-9329-02802BFDB211} - System32\Tasks\G2MUpdateTask-S-1-5-21-3240783315-1213011343-4006949943-1000 => C:\Users\Fraser Ross\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe [2016-11-06] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6EE898C9-D8A9-466F-9241-ED7E6FCAC876} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {727DBBF7-E3A0-4AE7-A257-B9A0A1536799} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {76150396-6FDD-45B9-9FAA-279A9BB9D189} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7617D5C2-B966-44C9-8E3A-1C529B076AA1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {7B2D1CDD-9D4D-461C-8D89-240FE5D6A32E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {930F199B-1229-4FFB-B1C0-167A3C9F638B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {93D7E656-3CD3-4C3B-97A5-F4640A21D915} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {A75A5409-1266-4CCC-93CE-1514722F7CCF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BD8BCE79-B145-453A-98AB-33DE7536E50E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BFC18358-6B16-4810-899F-DF2DA5932BC8} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C472FF2B-C064-46B1-B8F0-ED17BBBC28B8} - System32\Tasks\CCleanerSkipUAC => I:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {D09BFFB9-0840-46A4-AA20-8B126ABC634C} - System32\Tasks\{6DDCC59A-CD43-492C-AF13-CAAF0BD3C4DD} => pcalua.exe -a "F:\Program Files (x86)\Borland\BDS\4.0\Bin\bds.exe" -d "C:\Users\Fraser Ross\Desktop" -c -pCBuilder
Task: {DFA8DD62-74B1-4532-B046-965AEF719A75} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {E1F2A746-33F2-4467-9BC7-5782C90C121A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {ECD18769-71C6-4A06-819E-C2C99305EDC7} - System32\Tasks\G2MUploadTask-S-1-5-21-3240783315-1213011343-4006949943-1000 => C:\Users\Fraser Ross\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe [2016-11-06] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {EF86434C-58BB-47B1-8E28-9E9F3C07AB7B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3240783315-1213011343-4006949943-1000.job => C:\Users\Fraser Ross\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3240783315-1213011343-4006949943-1000.job => C:\Users\Fraser Ross\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Fraser Ross\Desktop\CheckAll.BAT - Shortcut.lnk -> D:\CheckAll.BAT ()

ShortcutWithArgument: C:\Users\Fraser Ross\Desktop\Intel(R) Integrator Toolkit 5.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.intel.com/go/itk

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-11-08 17:34 - 2016-09-15 17:25 - 02681200 ____C () C:\WINDOWS\system32\CoreUIComponents.dll
2014-03-11 19:09 - 2011-03-15 14:18 - 00055920 _____ () C:\Program Files (x86)\VIA\RAID\vialogsv.exe
2016-11-08 17:34 - 2016-09-15 17:25 - 02681200 ____C () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-06 18:11 - 2016-11-06 18:11 - 00959168 ____C () C:\Users\Fraser Ross\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2013-10-01 11:00 - 2013-10-01 11:00 - 02811008 _____ () I:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2016-11-08 17:34 - 2016-09-07 04:56 - 00134656 ____C () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-11 11:28 - 2016-11-02 10:30 - 00474112 ____C () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-11 11:28 - 2016-11-02 10:21 - 09760768 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-11 11:28 - 2016-11-02 10:15 - 01401856 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-11 11:27 - 2016-11-02 10:14 - 00757248 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-11 11:28 - 2016-11-02 10:16 - 02424320 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-11 11:28 - 2016-11-02 10:17 - 04853760 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-20 17:14 - 2015-11-20 17:14 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-11 19:09 - 2011-03-15 14:18 - 02378352 _____ () C:\Program Files (x86)\VIA\RAID\raid_tool.exe
2015-11-03 06:42 - 2015-11-03 06:42 - 00794920 _____ () I:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll
2016-11-07 16:07 - 2014-05-13 12:04 - 00109400 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-11-07 16:07 - 2014-05-13 12:04 - 00416600 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-11-07 16:07 - 2014-05-13 12:04 - 00167768 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-11-07 16:07 - 2012-08-23 10:38 - 00574840 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-11 19:09 - 2011-02-14 10:42 - 00200704 _____ () C:\Program Files (x86)\VIA\RAID\drvInterface.dll
2014-03-11 19:09 - 2011-02-14 10:53 - 00581632 ____R () C:\Program Files (x86)\VIA\RAID\language.dll
2015-09-04 12:59 - 2013-05-13 14:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () I:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7916 more sites.

IE trusted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\amazon.co.uk -> hxxps://www.amazon.co.uk
IE trusted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\flightradar24.com -> hxxp://www.flightradar24.com
IE trusted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\grc.com -> hxxps://www.grc.com
IE trusted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\mathhelpforum.com -> hxxp://mathhelpforum.com
IE trusted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\spybot.info -> hxxps://forums.spybot.info
IE trusted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\sqa.org.uk -> hxxp://www.sqa.org.uk
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\123simsen.com -> www.123simsen.com

There are 7917 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 05:26 - 2016-11-07 15:55 - 00457232 ___RC C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15664 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ipTray.exe"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{DDE39860-F093-48C0-92AE-F20AE4E9293C}F:\program files (x86)\embarcadero\studio\18.0\bin\bds.exe] => (Allow) F:\program files (x86)\embarcadero\studio\18.0\bin\bds.exe
FirewallRules: [TCP Query User{94D7EFA7-7C30-41C0-A646-B034E18CCDE5}F:\program files (x86)\embarcadero\studio\18.0\bin\bds.exe] => (Allow) F:\program files (x86)\embarcadero\studio\18.0\bin\bds.exe
FirewallRules: [{69BB2A43-6432-4197-84BA-0A6D53CC67DF}] => (Allow) I:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{71CE1664-5775-451E-BDEA-3165794CD998}] => (Allow) I:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F48EC2A6-8641-4D65-A3E3-A7A94E9E38E6}] => (Allow) I:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{60A08461-5E5D-49F6-899F-EAD93C58EAFC}] => (Allow) I:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{3A86F1FA-02AA-4954-ABDC-8DDD72BF183A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{03C4DB14-47F2-4AA8-B96A-36F2BE0BCB4B}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{621C3756-B648-4EAC-B040-F1C3D66B0419}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{3CEA4340-F82C-4FA2-B5A0-208369499C82}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{1FAE52D3-36E4-4407-8F26-3BD4DDE04367}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{EA787F38-A4F2-4A92-BEDE-1C9F8BC6553A}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{C420BEAD-F384-4E95-9976-654B744379C0}] => (Allow) C:\Users\Fraser Ross\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E7665847-4365-41FB-83D8-BF2BE8F04754}] => (Allow) C:\Users\Fraser Ross\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{48433FEE-4B5F-48F7-842A-88546111B894}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{6E89B0E9-370B-4874-BF47-EA4184861981}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{6B77AE7A-446E-4455-8E21-9F3D59ED4FB7}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{4472BECD-C723-4EC9-95AD-753C9284F96D}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{55EC2839-BFF4-43AA-8E21-D7CE37FDDABE}I:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) I:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{592C50DC-EF56-4866-A47D-B0A6E8B2B3AF}I:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) I:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [{F010CB94-478A-41C0-86E8-DE523D3C7DBD}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{9B722DDC-F588-4389-8930-25C4A0F98814}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{A8025628-85E1-486C-B4C8-4E2A4156EC7B}F:\program files (x86)\embarcadero\studio\16.0\bin\bds.exe] => (Allow) F:\program files (x86)\embarcadero\studio\16.0\bin\bds.exe
FirewallRules: [UDP Query User{1197FF32-6D62-42A7-B594-03FC86103457}F:\program files (x86)\embarcadero\studio\16.0\bin\bds.exe] => (Allow) F:\program files (x86)\embarcadero\studio\16.0\bin\bds.exe
FirewallRules: [{DCAECFA8-378C-4D3F-A3B6-B7F810C0956E}] => (Allow) I:\Program Files (x86)\Laplink\PCmover\pcmover.exe
FirewallRules: [{E5545D88-90F9-415F-A6B6-0E0540A5C18F}] => (Allow) C:\Program Files (x86)\B-Link\Common\RaUI.exe
FirewallRules: [{095D6308-9CDF-4AF0-BDDF-F2087E2861C4}] => (Allow) C:\Program Files (x86)\B-Link\Common\RaUI.exe
FirewallRules: [{121694BF-C97A-4903-9AE9-582983BD51EB}] => (Allow) C:\Program Files (x86)\B-Link\Common\ApUI.exe
FirewallRules: [{546BA8E0-B040-4D0F-9AC3-28345CCA57C4}] => (Allow) C:\Program Files (x86)\B-Link\Common\ApUI.exe
FirewallRules: [{0221E934-7552-4A09-BF77-CA179CF70C42}] => (Allow) I:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{02133C94-EF5E-403B-BAB4-1548E9DFEE0A}] => (Allow) I:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EB22DF4B-2815-4A53-888E-0DBB3092AEE6}] => (Allow) C:\Program Files (x86)\B-Link\Common\RaMediaServer.exe
FirewallRules: [{93D7A67C-BFFC-4337-9FA4-80D1EA76C875}] => (Allow) C:\Program Files (x86)\B-Link\Common\RaMediaServer.exe
FirewallRules: [{F201ED2B-46DB-4B8A-B40E-50898AEC4B2B}] => (Allow) F:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\WDExpress.exe
FirewallRules: [{EFCA261C-2C31-4FB6-84BA-C3273561C64D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{AE64BBD5-3E5D-4910-BB61-27136B21B39F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2016 10:40:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2016 10:40:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2016 10:40:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2016 10:40:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2016 10:27:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2016 10:27:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2016 10:27:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2016 10:27:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2016 10:26:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FROSSDESKTOP)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/12/2016 10:16:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FROSSDESKTOP)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (11/12/2016 10:25:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the StartW8Service service.

Error: (11/12/2016 10:25:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetTcpPortSharing service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/12/2016 10:25:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetTcpPortSharing service to connect.

Error: (11/12/2016 10:25:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/12/2016 10:25:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/12/2016 10:25:07 AM) (Source: RemoteAccess) (EventID: 20063) (User: )
Description: Remote Access Connection Manager failed to start because the Protocol engine [IKEv2] failed to initialize. The request is not supported.

Error: (11/12/2016 10:25:07 AM) (Source: RemoteAccess) (EventID: 20063) (User: )
Description: Remote Access Connection Manager failed to start because the Protocol engine [rasgreeng.dll] failed to initialize. The specified module could not be found.

Error: (11/12/2016 10:23:09 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the StartW8Service service.

Error: (11/12/2016 10:14:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/12/2016 10:06:14 AM) (Source: DCOM) (EventID: 10001) (User: FROSSDESKTOP)
Description: Unable to start a DCOM Server: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca as Unavailable/Unavailable. The error:
"15616"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

CodeIntegrity:
===================================
Date: 2016-11-12 10:38:29.583
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-12 10:37:33.260
Description: Code Integrity determined that a process (\Device\HarddiskVolume11\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-12 10:29:45.802
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-12 10:04:20.831
Description: Code Integrity determined that a process (\Device\HarddiskVolume11\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-12 09:49:59.559
Description: Code Integrity determined that a process (\Device\HarddiskVolume11\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-12 09:38:41.979
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-12 09:35:47.568
Description: Code Integrity determined that a process (\Device\HarddiskVolume11\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-12 09:05:47.028
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-12 09:01:47.805
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-12 09:00:19.231
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume11\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G840 @ 2.80GHz
Percentage of memory in use: 30%
Total physical RAM: 8085 MB
Available physical RAM: 5645.01 MB
Total Virtual: 16277 MB
Available Virtual: 13843.2 MB

==================== Drives ================================

Drive c: (WINDOWS8PRO) (Fixed) (Total:74.53 GB) (Free:29.65 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (PERSONAL) (Fixed) (Total:19.08 GB) (Free:13.97 GB) NTFS
Drive e: (MS-DOS) (Fixed) (Total:0.27 GB) (Free:0.17 GB) FAT32
Drive f: (PROGRAMMING) (Fixed) (Total:56.91 GB) (Free:50.87 GB) NTFS
Drive g: (STORE) (Fixed) (Total:10.47 GB) (Free:5.69 GB) NTFS
Drive h: (SOFTWARE) (Fixed) (Total:58.6 GB) (Free:32.67 GB) NTFS
Drive i: (PROGRAM FILES) (Fixed) (Total:26.26 GB) (Free:21.06 GB) NTFS
Drive j: (BACKUP) (Fixed) (Total:53.36 GB) (Free:26.95 GB) NTFS
Drive w: (VIDEOS) (Fixed) (Total:40.78 GB) (Free:0.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 445FB159)
Partition 1: (Not Active) - (Size=40.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=83.2 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 45FC08D3)
Partition 1: (Not Active) - (Size=26.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=206.6 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 0D061142)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

FraserR

2016-11-12, 14:52

The problem seems to be with TCP/IP. I have ran "netsh int ip reset" and it does not fully work.

Juliet

2016-11-12, 15:10

I would like to see if we can turn System restore back on, it's something we need to try first.
if thats the problem with not being able to create a restore point.

Please look at this link and attempt to turn on System Restore
http://www.thewindowsclub.com/system-restore-disabled-turn-on-system-restore-windows

~~~~~~~~~~~`

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SearchScopes: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000 -> DefaultScope {F2872BFE-A208-4FD9-B4AC-B57C0068ABC9} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-08] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-08] (Oracle Corporation)
ShortcutWithArgument: C:\Users\Fraser Ross\Desktop\Intel(R) Integrator Toolkit 5.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.intel.com/go/itk
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

FraserR

2016-11-12, 16:01

I have enables system restore.

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Fraser Ross (12-11-2016 14:48:48) Run:2
Running from C:\Users\Fraser Ross\Desktop
Loaded Profiles: Fraser Ross (Available Profiles: Fraser Ross)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SearchScopes: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000 -> DefaultScope {F2872BFE-A208-4FD9-B4AC-B57C0068ABC9} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-08] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-08] (Oracle Corporation)
ShortcutWithArgument: C:\Users\Fraser Ross\Desktop\Intel(R) Integrator Toolkit 5.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.intel.com/go/itk
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
C:\Users\Fraser Ross\Desktop\Intel(R) Integrator Toolkit 5.lnk => Shortcut argument removed successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8699177 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 25817 B
Edge => 0 B
Chrome => 0 B
Firefox => 5016567 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 12581716 B
NetworkService => 0 B
Fraser Ross => 32974617 B

RecycleBin => 0 B
EmptyTemp: => 56.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 14:51:32 ====

There was a blue screen crash after running this but it had finished and it rebooted.

Juliet

2016-11-12, 17:40

no idea why it would had a blue screen but, it appears all went as expected from the scripting.

Now, 2 tools I would like you to run, they are to check for policies maybe not seen and if anything rogue remains.

RogueKiller Scan

Please download RogueKiller (x32) (http://download.adlice.com/api?action=download&app=roguekiller&type=x86) / RogueKiller (x64) (http://download.adlice.com/api?action=download&app=roguekiller&type=x64) and save the file to your Desktop.
Close any running programmes.
Double-click RogueKillerx64.exe to run the programme.
Follow the prompts. If a browser window opens, close the window.
In the HOME tab, click Start Scan.
Upon completion, a browser window may open. Close this window.
Please do not have RogueKiller remove any detected items.
Click the HISTORY tab, followed by Scan Reports.
Double-click the scan log, and click Open TXT.
Copy the contents of the log and paste in your next reply.
Close RogueKiller.

~~~~

Please download Emsisoft Emergency Kit (http://dl.emsisoft.com/EmsisoftEmergencyKit.exe) and save it to your desktop.
Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.

Leave all settings as they are and click the Extract button at the bottom.
A folder named EEK will be created in the root of the drive (usually c:\).

After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
Please click Yes so that it downloads the latest database updates.
When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
Click on Scan to be taken to the scan options.
If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
Click on the Malware Scan button to start the scan.
When the scan is completed click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
Please save the log in Notepad on your desktop, and copy it to your next reply.
When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

FraserR

2016-11-12, 18:21

RogueKiller V12.8.0.0 (x64) [Nov 7 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Fraser Ross [Administrator]
Started from : C:\Users\Fraser Ross\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 11/12/2016 16:51:10 (Duration : 00:26:27)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 4 ¤¤¤
[PUM.Proxy][Firefox:Config] k0ntdoc1.default : user_pref("network.proxy.http", "localhost"); -> Found
[PUM.Proxy][Firefox:Config] k0ntdoc1.default : user_pref("network.proxy.http_port", 21320); -> Found
[PUM.HomePage][Firefox:Config] k0ntdoc1.default : user_pref("browser.startup.homepage", "https://en.wikipedia.org/wiki/Main_Page"); -> Found
[PUM.SearchEngine][Firefox:Config] k0ntdoc1.default : user_pref("browser.search.defaultenginename", "Search By ZoneAlarm"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HDT72252 5DLAT80 SCSI Disk Device +++++
--- User ---
[MBR] 4b9a7b993a245eb5e5eaeb9e77b8d7dc
[BSP] 3d2dd15a2486d782d44b8b87a3503d2d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 41761 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 85530060 | Size: 85180 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Hitachi HDT725025VLAT80 SCSI Disk Device +++++
--- User ---
[MBR] b368d479dc887a727b4ce2efa6cb7817
[BSP] 49e20588c89277073b91c1dc10491cf7 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 26889 MB [Windows Vista/7/8 Bootstrap | Unknown Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 55070820 | Size: 211582 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive2: SAMSUNG HD082GJ +++++
--- User ---
[MBR] 7cd7163cab844aa2c140428f3f6048ef
[BSP] e1c0400b3ddeeae7df3f49d8136bd071 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 76316 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

FraserR

2016-11-12, 18:47

Emsisoft Emergency Kit - Version 11.9
Last update: 12/11/2016 17:31:32
User account: FROSSDESKTOP\Fraser Ross
Computer name: FROSSDESKTOP
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 12/11/2016 17:33:51
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-3240783315-1213011343-4006949943-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3240783315-1213011343-4006949943-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-3240783315-1213011343-4006949943-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-3240783315-1213011343-4006949943-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)

Scanned 79384
Found 14

Scan end: 12/11/2016 17:44:47
Scan time: 0:10:56

This has looked interesting. BTW your instructions for this need a bit of updating.

FraserR

2016-11-12, 20:47

I have fixed with those two tools but it has not fixed the problem. I still think there is a problem with TCP/IP.

Juliet

2016-11-12, 21:03

This has looked interesting. BTW your instructions for this need a bit of updating

hmmm, I'll check into that. They may have updated recently that throws instructions into an awkward dilemma.

OK, 2 things I suggest.

Let's reset IE and Firefox back to defaults

Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)

Proceed with the reset once done.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)

~~

Next

I would like for you to run the Eset scan again only this time, disable your security software first (No internet surfing, must be safe) so the changes can be done with out any interference.
And this time when running Eset, we will allow it to remove what it finds.

Please download Emsisoft Emergency Kit (http://dl.emsisoft.com/EmsisoftEmergencyKit.exe) and save it to your desktop.

If it has been deleted or closed out.
Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.

Leave all settings as they are and click the Extract button at the bottom.
A folder named EEK will be created in the root of the drive (usually c:\).

After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
Please click Yes so that it downloads the latest database updates.
When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
Click on Scan to be taken to the scan options.
If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
Click on the Malware Scan button to start the scan.
When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
Please save the log in Notepad on your desktop, and copy it to your next reply.
When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

And how is your computer now?

Juliet

2016-11-12, 21:14

I have fixed with those two tools but it has not fixed the problem. I still think there is a problem with TCP/IP.

First, disable security firewall

Type cmd in start search and press Ctrl-Shift-Enter. If you wish, just out of curiosity, you may type ipconfig and hit Enter, to view the status of the computer’s Internet Protocol or IP address.

Type ipconfig /release ( note space between g - / to let go of the current IP address.

Next, type ipconfig /renew ( note space between g - / to obtain a new IP address.

If you get an error message when you Run the “Ipconfig /Renew” command see https://support.microsoft.com/en-us/kb/810606

FraserR

2016-11-13, 10:37

I have reset the browsers and ran EEK. It found nothing this time. I have ran the ipconfig commands. I still can't access certain sites.

FraserR

2016-11-13, 13:32

I have found that changing permissions with certain registry values helps to reset TCP/IP. The keys are HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\26 I have three folders with value 26. The first two I have changed the permission to full control for everyone. The third one has many groups or user names. There are many keys with that one. I'll leave it as it is and reboot now.

FraserR

2016-11-13, 13:50

After using ipconfig /renew I get this message: An error occurred while renewing interface Ethernet : The name specified in the network control block (NCB) is in use on a remote adapter. The NCB is the data.

Juliet

2016-11-13, 14:10

Your learning the internals of an operating system, better then me. As a matter of fact, this is where I have to end.

Let me direct you to another help forum (I'm a member of too) with technicians who deal with these type issues.

Please register, copy and paste this link into the new topic, and give a quick description of the internet problem.

https://forums.whatthetech.com/index.php?showforum=123

FraserR

2016-11-13, 14:25

I will have to access that site through a proxy. Thanks for your help. I will start again tomorrow.

Juliet

2016-11-14, 11:12

Thank you for your patience.

FraserR

2016-11-14, 14:10

12739

I installed a wifi dongle and I briefly had sites working until this message from zone alarm came up.

Juliet

2016-11-14, 23:47

Might want to present that to your topic you opened at WTT.

My opinion is your firewall is causing problems,

FraserR

2016-11-15, 19:48

Juliet

2016-11-15, 21:53

I have uninstalled Zone Alarm 141. It did not seem to be compatible when I tried to reinstall it. I now have 150. I have disabled the LAN adapter then enabled it again and I am getting the difficult sites. I still can't update Spybot but I will uninstall it tomorrow and reinstall it.
You uninstalled it and replaced it with a different version and now you can access the sites previously blocked?

Did the worse of this happen after you upgraded the machine to Windows 10?

Juliet

2016-11-16, 12:35

try the below

If he has elevated Spybot's permissions to run as Administrator and still cannot download Spybot+AV updates he should open a support ticket so they can work with him.

The feedback from users experiencing this issue may help them move towards a solution:. https://www.safer-networking.org/support/ticket/technical/

FraserR

2016-11-16, 16:51

Juliet

2016-11-16, 16:58

I suspect the problem started when I tried to install the anniversary update. It did not install correctly and I ended up downloading a DVD image to install it recently. Zone Alarm is quite bad for updating and you can find there is a newer version you weren't aware of. I still have the Spybot updating problem.

If you only knew how many poor people have had problems with these windows 10 updates...it's been a near nightmare. They had no idea what was coming. (ducking from microsoft police now)

I've sent a private message to an administrator to see what can be done from here.

Juliet

2016-11-24, 12:52

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.