help persistant malware, trojans, registry keys [Archive]

View Full Version : help persistant malware, trojans, registry keys

nakkan13

2018-07-08, 20:35

Hello,

Thank you for the help I am lost and sad.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by hometown (administrator) on DESKTOP-VTV5VMP (08-07-2018 10:26:18)
Running from C:\Users\hometown\Desktop
Loaded Profiles: hometown (Available Profiles: hometown)
Platform: Windows 10 Pro Version 1803 17134.137 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\64gh4811.inf_amd64_f02d96a3e7a6ed57\IntelCpHDCPSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\64gh4811.inf_amd64_f02d96a3e7a6ed57\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\SurfaceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Windows\System32\SurfaceDTX.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.136_none_eb1580521d543895\TiWorker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [SurfaceDTX.exe] => C:\Windows\System32\SurfaceDTX.exe [804744 2017-11-01] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4144944 2013-02-14] (ESET)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7111250b-1515-4e75-928c-6e3c5d4171a3}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
StartMenuInternet: IEXPLORE.EXE -

FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Extension: (ESET Endpoint Security Extension) - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2018-07-07] [Legacy] [not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-07] (Google Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\hometown\AppData\Local\Google\Chrome\User Data\Default [2018-07-08]
CHR Extension: (Slides) - C:\Users\hometown\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-07]
CHR Extension: (Docs) - C:\Users\hometown\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-07]
CHR Extension: (Google Drive) - C:\Users\hometown\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-07]
CHR Extension: (DuckDuckGo) - C:\Users\hometown\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2018-07-07]
CHR Extension: (YouTube) - C:\Users\hometown\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-07]
CHR Extension: (Sheets) - C:\Users\hometown\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-07]
CHR Extension: (Google Docs Offline) - C:\Users\hometown\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hometown\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-07]
CHR Extension: (Gmail) - C:\Users\hometown\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-07]
CHR Extension: (Chrome Media Router) - C:\Users\hometown\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [40888 2013-02-14] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1020304 2013-02-14] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [190208 2013-02-14] (ESET)
S2 IntelAudioService; C:\Windows\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [161880 2017-10-03] (Intel)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S2 SurfaceDtxService; C:\Windows\system32\SurfaceDtxService.exe [91016 2017-11-01] (Microsoft Corporation)
S2 SurfaceUsbHubFwUpdateService; C:\Windows\System32\SurfaceUsbHubFwUpdateService.exe [942360 2016-12-06] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-07-06] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-07-06] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [217000 2013-02-04] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [183016 2013-04-09] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [153200 2013-02-04] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [141304 2013-02-04] (ESET)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmso.inf_amd64_b89aa41766002e30\nvlddmkm.sys [16925296 2017-10-31] (NVIDIA Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
S3 SurfaceBaseIntegration; C:\Windows\System32\drivers\SurfaceBaseIntegration.sys [68144 2016-04-11] (Microsoft Corporation)
R0 SurfaceUsbHubFwUpdate; C:\Windows\System32\drivers\SurfaceUsbHubFwUpdate.sys [71448 2016-12-06] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46592 2018-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [340008 2018-07-06] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [59944 2018-07-06] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-08 10:26 - 2018-07-08 10:26 - 000011415 _____ C:\Users\hometown\Desktop\FRST.txt
2018-07-08 10:14 - 2018-07-08 10:26 - 000000000 ____D C:\FRST
2018-07-08 10:13 - 2018-07-08 10:13 - 002412544 _____ (Farbar) C:\Users\hometown\Desktop\FRST64.exe
2018-07-08 10:11 - 2018-07-08 10:11 - 000003788 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2018-07-08 10:11 - 2018-07-08 10:11 - 000002236 _____ C:\Users\hometown\Desktop\Tweaking.com - Windows Repair.lnk
2018-07-08 10:11 - 2018-07-08 10:11 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-VTV5VMP-Windows-10-Pro-(64-bit).dat
2018-07-08 10:11 - 2018-07-08 10:11 - 000000000 ____D C:\RegBackup
2018-07-08 10:11 - 2018-07-08 10:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-07-08 10:10 - 2018-07-08 10:11 - 000194350 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2018-07-08 10:10 - 2018-07-08 10:10 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-07-08 10:09 - 2018-07-08 10:10 - 037864128 _____ (Tweaking.com) C:\Users\hometown\Downloads\tweaking.com_windows_repair_aio_setup (1).exe
2018-07-08 09:58 - 2018-07-08 09:58 - 005198336 _____ (AVAST Software) C:\Users\hometown\Downloads\aswMBR.exe
2018-07-08 09:27 - 2018-07-06 23:33 - 000454646 ____R C:\Windows\system32\Drivers\etc\hosts.20180708-092727.backup
2018-07-08 06:16 - 2018-07-08 06:16 - 001790024 _____ (Malwarebytes) C:\Users\hometown\Downloads\JRT.exe
2018-07-08 06:13 - 2018-07-08 06:15 - 342053048 _____ C:\Users\hometown\Downloads\EmsisoftEmergencyKit.exe
2018-07-07 20:54 - 2018-07-07 20:55 - 037864128 _____ (Tweaking.com) C:\Users\hometown\Downloads\tweaking.com_windows_repair_aio_setup.exe
2018-07-07 20:39 - 2018-06-15 10:49 - 021388856 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-07-07 20:39 - 2018-06-14 22:12 - 007519992 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-07-07 20:39 - 2018-06-14 22:03 - 006572000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-07-07 20:39 - 2018-06-14 21:53 - 025847808 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-07-07 20:39 - 2018-06-14 21:47 - 022714368 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-07-07 20:38 - 2018-06-15 10:55 - 002266016 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2018-07-07 20:38 - 2018-06-15 10:55 - 000542888 _____ C:\Windows\system32\FaceProcessorCore.dll
2018-07-07 20:38 - 2018-06-15 10:54 - 000541600 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-07-07 20:38 - 2018-06-15 10:53 - 000348256 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2018-07-07 20:38 - 2018-06-15 10:53 - 000094104 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2018-07-07 20:38 - 2018-06-15 10:50 - 001376576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-07-07 20:38 - 2018-06-15 10:48 - 002395056 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2018-07-07 20:38 - 2018-06-15 10:48 - 000338352 _____ (Microsoft Corporation) C:\Windows\system32\AudioSrvPolicyManager.dll
2018-07-07 20:38 - 2018-06-15 10:35 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2018-07-07 20:38 - 2018-06-15 10:34 - 008623616 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-07-07 20:38 - 2018-06-15 10:34 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\DsmUserTask.exe
2018-07-07 20:38 - 2018-06-15 10:34 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\perfnet.dll
2018-07-07 20:38 - 2018-06-15 10:33 - 012710400 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-07-07 20:38 - 2018-06-15 10:33 - 000182784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys
2018-07-07 20:38 - 2018-06-15 10:33 - 000156160 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManagerAPI.dll
2018-07-07 20:38 - 2018-06-15 10:33 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-07 20:38 - 2018-06-15 10:32 - 004708864 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2018-07-07 20:38 - 2018-06-15 10:32 - 000755712 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.PrinterCustomActions.dll
2018-07-07 20:38 - 2018-06-15 10:32 - 000406528 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CscUnpinTool.exe
2018-07-07 20:38 - 2018-06-15 10:32 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\AcLayers.dll
2018-07-07 20:38 - 2018-06-15 10:32 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2018-07-07 20:38 - 2018-06-15 10:31 - 002193920 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppAgent.dll
2018-07-07 20:38 - 2018-06-15 10:31 - 001787392 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2018-07-07 20:38 - 2018-06-15 10:31 - 001605632 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2018-07-07 20:38 - 2018-06-15 10:31 - 000907776 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
2018-07-07 20:38 - 2018-06-15 10:31 - 000220672 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-07-07 20:38 - 2018-06-15 10:30 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2018-07-07 20:38 - 2018-06-15 10:30 - 001308672 _____ C:\Windows\system32\FaceProcessor.dll
2018-07-07 20:38 - 2018-06-15 10:30 - 001254400 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2018-07-07 20:38 - 2018-06-15 10:30 - 001186816 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CommonBridge.dll
2018-07-07 20:38 - 2018-06-15 10:30 - 001127936 _____ (Microsoft Corporation) C:\Windows\system32\ApplySettingsTemplateCatalog.exe
2018-07-07 20:38 - 2018-06-15 10:30 - 001054720 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2018-07-07 20:38 - 2018-06-15 10:30 - 001004032 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2018-07-07 20:38 - 2018-06-15 10:30 - 000878592 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2018-07-07 20:38 - 2018-06-15 10:30 - 000615424 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2018-07-07 20:38 - 2018-06-15 10:30 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
2018-07-07 20:38 - 2018-06-15 10:30 - 000391680 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-07-07 20:38 - 2018-06-15 10:30 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
2018-07-07 20:38 - 2018-06-15 10:29 - 002084352 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-07-07 20:38 - 2018-06-15 10:29 - 002051072 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2018-07-07 20:38 - 2018-06-15 10:29 - 000932352 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2018-07-07 20:38 - 2018-06-15 10:29 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-07-07 20:38 - 2018-06-15 10:29 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2018-07-07 20:38 - 2018-06-15 10:29 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2018-07-07 20:38 - 2018-06-15 10:29 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSoftwareInstallationClient.dll
2018-07-07 20:38 - 2018-06-15 10:28 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2018-07-07 20:38 - 2018-06-15 10:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2018-07-07 20:38 - 2018-06-15 10:28 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2018-07-07 20:38 - 2018-06-15 10:03 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\UevAppMonitor.exe
2018-07-07 20:38 - 2018-06-15 10:00 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppCore.dll
2018-07-07 20:38 - 2018-06-15 08:57 - 001538976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2018-07-07 20:38 - 2018-06-15 08:25 - 020383720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-07-07 20:38 - 2018-06-15 08:22 - 001026896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-07-07 20:38 - 2018-06-15 08:16 - 002206528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2018-07-07 20:38 - 2018-06-15 08:07 - 011901952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-07-07 20:38 - 2018-06-15 08:06 - 007987712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-07-07 20:38 - 2018-06-15 08:06 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfnet.dll
2018-07-07 20:38 - 2018-06-15 08:04 - 000851968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2018-07-07 20:38 - 2018-06-15 08:04 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcLayers.dll
2018-07-07 20:38 - 2018-06-15 08:04 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-07-07 20:38 - 2018-06-15 08:03 - 001308160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2018-07-07 20:38 - 2018-06-15 08:03 - 000831488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe
2018-07-07 20:38 - 2018-06-15 08:03 - 000667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-07-07 20:38 - 2018-06-15 08:03 - 000485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2018-07-07 20:38 - 2018-06-15 08:02 - 001452544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2018-07-07 20:38 - 2018-06-15 08:02 - 000775168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2018-07-07 20:38 - 2018-06-15 08:02 - 000704000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2018-07-07 20:38 - 2018-06-15 08:01 - 002015744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-07-07 20:38 - 2018-06-15 08:01 - 000228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2018-07-07 20:38 - 2018-06-15 08:01 - 000080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2018-07-07 20:38 - 2018-06-15 06:23 - 001008640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MixedRealityCapture.dll
2018-07-07 20:38 - 2018-06-15 06:23 - 000788992 _____ (Microsoft Corporation) C:\Windows\system32\DHolographicDisplay.dll
2018-07-07 20:38 - 2018-06-15 05:09 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-07 20:38 - 2018-06-15 00:11 - 000611232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2018-07-07 20:38 - 2018-06-15 00:10 - 000048544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storufs.sys
2018-07-07 20:38 - 2018-06-15 00:03 - 000083360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-07-07 20:38 - 2018-06-14 22:24 - 000482472 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_enclave.dll
2018-07-07 20:38 - 2018-06-14 22:21 - 001213368 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2018-07-07 20:38 - 2018-06-14 22:21 - 000761440 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2018-07-07 20:38 - 2018-06-14 22:19 - 001034632 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2018-07-07 20:38 - 2018-06-14 22:19 - 000116632 _____ (Microsoft Corporation) C:\Windows\system32\DTUHandler.exe
2018-07-07 20:38 - 2018-06-14 22:19 - 000093600 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthProxyStub.dll
2018-07-07 20:38 - 2018-06-14 22:18 - 000272296 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2018-07-07 20:38 - 2018-06-14 22:18 - 000269248 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2018-07-07 20:38 - 2018-06-14 22:18 - 000228768 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthAgent.dll
2018-07-07 20:38 - 2018-06-14 22:16 - 000562080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2018-07-07 20:38 - 2018-06-14 22:16 - 000433560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-07-07 20:38 - 2018-06-14 22:15 - 002718624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-07-07 20:38 - 2018-06-14 22:15 - 002563960 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2018-07-07 20:38 - 2018-06-14 22:15 - 000753152 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2018-07-07 20:38 - 2018-06-14 22:13 - 000510904 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2018-07-07 20:38 - 2018-06-14 22:13 - 000324000 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-07-07 20:38 - 2018-06-14 22:12 - 001012640 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-07-07 20:38 - 2018-06-14 22:12 - 000661152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2018-07-07 20:38 - 2018-06-14 22:12 - 000491304 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-07-07 20:38 - 2018-06-14 22:12 - 000260896 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-07-07 20:38 - 2018-06-14 22:12 - 000118872 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2018-07-07 20:38 - 2018-06-14 22:11 - 006817872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2018-07-07 20:38 - 2018-06-14 22:11 - 001174424 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-07-07 20:38 - 2018-06-14 22:11 - 001018616 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-07-07 20:38 - 2018-06-14 22:11 - 000134560 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-07-07 20:38 - 2018-06-14 22:10 - 001934400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2018-07-07 20:38 - 2018-06-14 22:10 - 001097640 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2018-07-07 20:38 - 2018-06-14 22:10 - 000717208 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_StorageSense.dll
2018-07-07 20:38 - 2018-06-14 22:10 - 000567176 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2018-07-07 20:38 - 2018-06-14 22:10 - 000326024 _____ (Microsoft Corporation) C:\Windows\system32\ExecModelClient.dll
2018-07-07 20:38 - 2018-06-14 22:10 - 000170904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-07-07 20:38 - 2018-06-14 22:09 - 009147800 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-07-07 20:38 - 2018-06-14 22:09 - 007436120 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-07-07 20:38 - 2018-06-14 22:09 - 002830240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-07-07 20:38 - 2018-06-14 22:09 - 002546592 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2018-07-07 20:38 - 2018-06-14 22:09 - 002422688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-07-07 20:38 - 2018-06-14 22:09 - 001945784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-07-07 20:38 - 2018-06-14 22:09 - 001798552 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2018-07-07 20:38 - 2018-06-14 22:09 - 001742272 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2018-07-07 20:38 - 2018-06-14 22:09 - 001659296 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2018-07-07 20:38 - 2018-06-14 22:09 - 001209800 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2018-07-07 20:38 - 2018-06-14 22:09 - 001112600 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2018-07-07 20:38 - 2018-06-14 22:09 - 000885848 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-07-07 20:38 - 2018-06-14 22:09 - 000709848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-07-07 20:38 - 2018-06-14 22:09 - 000594128 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2018-07-07 20:38 - 2018-06-14 22:09 - 000247984 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2018-07-07 20:38 - 2018-06-14 22:08 - 004403304 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2018-07-07 20:38 - 2018-06-14 22:08 - 002753040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-07-07 20:38 - 2018-06-14 22:08 - 002570712 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-07-07 20:38 - 2018-06-14 22:08 - 002371392 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2018-07-07 20:38 - 2018-06-14 22:08 - 002062488 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2018-07-07 20:38 - 2018-06-14 22:08 - 001946752 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2018-07-07 20:38 - 2018-06-14 22:08 - 001921944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2018-07-07 20:38 - 2018-06-14 22:08 - 001784584 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2018-07-07 20:38 - 2018-06-14 22:08 - 001457128 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-07-07 20:38 - 2018-06-14 22:08 - 001288840 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2018-07-07 20:38 - 2018-06-14 22:08 - 001258280 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-07-07 20:38 - 2018-06-14 22:08 - 001150408 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2018-07-07 20:38 - 2018-06-14 22:08 - 001148800 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2018-07-07 20:38 - 2018-06-14 22:08 - 001140568 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-07-07 20:38 - 2018-06-14 22:08 - 000983008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-07-07 20:38 - 2018-06-14 22:08 - 000945568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refsv1.sys
2018-07-07 20:38 - 2018-06-14 22:08 - 000898760 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-07-07 20:38 - 2018-06-14 22:08 - 000642088 _____ (Microsoft Corporation) C:\Windows\system32\msvcp_win.dll
2018-07-07 20:38 - 2018-06-14 22:08 - 000604576 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2018-07-07 20:38 - 2018-06-14 22:08 - 000500552 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2018-07-07 20:38 - 2018-06-14 22:08 - 000413816 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2018-07-07 20:38 - 2018-06-14 22:08 - 000072768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WindowsTrustedRT.sys
2018-07-07 20:38 - 2018-06-14 22:07 - 001611584 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2018-07-07 20:38 - 2018-06-14 22:07 - 001145696 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2018-07-07 20:38 - 2018-06-14 22:05 - 000550608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-07-07 20:38 - 2018-06-14 22:05 - 000444240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2018-07-07 20:38 - 2018-06-14 22:04 - 002331576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2018-07-07 20:38 - 2018-06-14 22:04 - 001462824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2018-07-07 20:38 - 2018-06-14 22:04 - 001397192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2018-07-07 20:38 - 2018-06-14 22:04 - 001251736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-07-07 20:38 - 2018-06-14 22:04 - 000719552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-07-07 20:38 - 2018-06-14 22:04 - 000281080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExecModelClient.dll
2018-07-07 20:38 - 2018-06-14 22:04 - 000105376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 006528600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 006043600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 004788504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 002535032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 002242208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 002163184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 001981384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 001805752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 001710240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 001620872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 001559368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 001380192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 001175056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 001144120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 001129640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 001020160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 001011968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 000988128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 000770152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 000567144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 000472136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 000356960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2018-07-07 20:38 - 2018-06-14 22:03 - 000232488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2018-07-07 20:38 - 2018-06-14 22:03 - 000129192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-07-07 20:38 - 2018-06-14 21:56 - 022003712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-07-07 20:38 - 2018-06-14 21:50 - 019403264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-07-07 20:38 - 2018-06-14 21:49 - 002962944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-07-07 20:38 - 2018-06-14 21:48 - 002900992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-07-07 20:38 - 2018-06-14 21:48 - 000311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.Diagnostics.dll
2018-07-07 20:38 - 2018-06-14 21:47 - 001360384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2018-07-07 20:38 - 2018-06-14 21:47 - 000622080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsreg.dll
2018-07-07 20:38 - 2018-06-14 21:47 - 000515072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2018-07-07 20:38 - 2018-06-14 21:47 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2018-07-07 20:38 - 2018-06-14 21:46 - 005780992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-07-07 20:38 - 2018-06-14 21:46 - 004706816 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2018-07-07 20:38 - 2018-06-14 21:46 - 004371456 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2018-07-07 20:38 - 2018-06-14 21:46 - 004333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2018-07-07 20:38 - 2018-06-14 21:46 - 001356800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2018-07-07 20:38 - 2018-06-14 21:46 - 001295872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2018-07-07 20:38 - 2018-06-14 21:46 - 000593408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2018-07-07 20:38 - 2018-06-14 21:46 - 000584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.Input.dll
2018-07-07 20:38 - 2018-06-14 21:46 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-07-07 20:38 - 2018-06-14 21:46 - 000224768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovhost.dll
2018-07-07 20:38 - 2018-06-14 21:46 - 000079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-07 20:38 - 2018-06-14 21:45 - 002548736 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe
2018-07-07 20:38 - 2018-06-14 21:45 - 000992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Vpn.dll
2018-07-07 20:38 - 2018-06-14 21:45 - 000871424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2018-07-07 20:38 - 2018-06-14 21:45 - 000835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-07-07 20:38 - 2018-06-14 21:45 - 000740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2018-07-07 20:38 - 2018-06-14 21:45 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2018-07-07 20:38 - 2018-06-14 21:45 - 000615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-07-07 20:38 - 2018-06-14 21:45 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-07-07 20:38 - 2018-06-14 21:45 - 000380416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-07-07 20:38 - 2018-06-14 21:45 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\autopilot.dll
2018-07-07 20:38 - 2018-06-14 21:45 - 000019968 _____ (Microsoft Corporation) C:\Windows\system32\DTUHandlerPS.dll
2018-07-07 20:38 - 2018-06-14 21:44 - 001632256 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2018-07-07 20:38 - 2018-06-14 21:44 - 001342976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2018-07-07 20:38 - 2018-06-14 21:44 - 000873472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2018-07-07 20:38 - 2018-06-14 21:44 - 000295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xboxgip.sys
2018-07-07 20:38 - 2018-06-14 21:44 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-07-07 20:38 - 2018-06-14 21:44 - 000185344 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2018-07-07 20:38 - 2018-06-14 21:44 - 000135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smartscreenps.dll
2018-07-07 20:38 - 2018-06-14 21:44 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\updatecsp.dll
2018-07-07 20:38 - 2018-06-14 21:44 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\wcimage.dll
2018-07-07 20:38 - 2018-06-14 21:44 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cellulardatacapabilityhandler.dll
2018-07-07 20:38 - 2018-06-14 21:43 - 001626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-07-07 20:38 - 2018-06-14 21:43 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll
2018-07-07 20:38 - 2018-06-14 21:43 - 001110528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2018-07-07 20:38 - 2018-06-14 21:43 - 000675840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2018-07-07 20:38 - 2018-06-14 21:43 - 000426496 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2018-07-07 20:38 - 2018-06-14 21:43 - 000312832 _____ (Microsoft Corporation) C:\Windows\system32\DiagnosticLogCSP.dll
2018-07-07 20:38 - 2018-06-14 21:43 - 000224768 _____ (Microsoft Corporation) C:\Windows\system32\RdpRelayTransport.dll
2018-07-07 20:38 - 2018-06-14 21:43 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2018-07-07 20:38 - 2018-06-14 21:43 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2018-07-07 20:38 - 2018-06-14 21:43 - 000191488 _____ (Microsoft Corporation) C:\Windows\system32\VideoHandlers.dll
2018-07-07 20:38 - 2018-06-14 21:43 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2018-07-07 20:38 - 2018-06-14 21:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2018-07-07 20:38 - 2018-06-14 21:42 - 003392512 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-07-07 20:38 - 2018-06-14 21:42 - 002367488 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2018-07-07 20:38 - 2018-06-14 21:42 - 001307648 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2018-07-07 20:38 - 2018-06-14 21:42 - 000978432 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2018-07-07 20:38 - 2018-06-14 21:42 - 000558592 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2018-07-07 20:38 - 2018-06-14 21:42 - 000431104 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2018-07-07 20:38 - 2018-06-14 21:42 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2018-07-07 20:38 - 2018-06-14 21:42 - 000386048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Diagnostics.dll
2018-07-07 20:38 - 2018-06-14 21:42 - 000319488 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2018-07-07 20:38 - 2018-06-14 21:42 - 000273920 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2018-07-07 20:38 - 2018-06-14 21:42 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-07-07 20:38 - 2018-06-14 21:42 - 000216064 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2018-07-07 20:38 - 2018-06-14 21:42 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-07-07 20:38 - 2018-06-14 21:42 - 000102400 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-07 20:38 - 2018-06-14 21:41 - 004561920 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2018-07-07 20:38 - 2018-06-14 21:41 - 003320320 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-07-07 20:38 - 2018-06-14 21:41 - 001768448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2018-07-07 20:38 - 2018-06-14 21:41 - 001724928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2018-07-07 20:38 - 2018-06-14 21:41 - 000953856 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2018-07-07 20:38 - 2018-06-14 21:41 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2018-07-07 20:38 - 2018-06-14 21:41 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2018-07-07 20:38 - 2018-06-14 21:41 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-07-07 20:38 - 2018-06-14 21:41 - 000814592 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-07-07 20:38 - 2018-06-14 21:41 - 000811520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.Input.dll
2018-07-07 20:38 - 2018-06-14 21:41 - 000625152 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2018-07-07 20:38 - 2018-06-14 21:41 - 000270336 _____ (Microsoft Corporation) C:\Windows\system32\credprovhost.dll
2018-07-07 20:38 - 2018-06-14 21:41 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManager.dll
2018-07-07 20:38 - 2018-06-14 21:41 - 000265728 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2018-07-07 20:38 - 2018-06-14 21:41 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2018-07-07 20:38 - 2018-06-14 21:40 - 007581696 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-07-07 20:38 - 2018-06-14 21:40 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll
2018-07-07 20:38 - 2018-06-14 21:40 - 001550848 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-07-07 20:38 - 2018-06-14 21:40 - 001487360 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2018-07-07 20:38 - 2018-06-14 21:40 - 000827392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2018-07-07 20:38 - 2018-06-14 21:40 - 000735744 _____ (Microsoft Corporation) C:\Windows\system32\dsreg.dll
2018-07-07 20:38 - 2018-06-14 21:40 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\smartscreenps.dll
2018-07-07 20:38 - 2018-06-14 21:39 - 002903040 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-07-07 20:38 - 2018-06-14 21:39 - 002583552 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2018-07-07 20:38 - 2018-06-14 21:39 - 002172416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-07-07 20:38 - 2018-06-14 21:39 - 001535488 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-07-07 20:38 - 2018-06-14 21:39 - 001303040 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2018-07-07 20:38 - 2018-06-14 21:39 - 000916992 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-07-07 20:38 - 2018-06-14 21:39 - 000847360 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2018-07-07 20:38 - 2018-06-14 21:39 - 000684544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2018-07-07 20:38 - 2018-06-14 21:38 - 002236928 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-07-07 20:38 - 2018-06-14 21:38 - 001854976 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2018-07-07 20:38 - 2018-06-14 21:38 - 001804288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-07-07 20:38 - 2018-06-14 21:38 - 001581568 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.PointOfService.dll
2018-07-07 20:38 - 2018-06-14 21:38 - 001305088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2018-07-07 20:38 - 2018-06-14 21:38 - 001070080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2018-07-07 20:38 - 2018-06-14 21:38 - 001036288 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2018-07-07 20:38 - 2018-06-14 21:38 - 000949248 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2018-07-07 20:38 - 2018-06-14 21:38 - 000910848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2018-07-07 20:38 - 2018-06-14 21:38 - 000596480 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-07-07 20:38 - 2018-06-14 21:38 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2018-07-07 20:38 - 2018-06-14 21:37 - 001374208 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2018-07-07 20:38 - 2018-06-14 21:37 - 001069056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2018-07-07 20:38 - 2018-06-14 21:37 - 000883712 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-07-07 20:38 - 2018-06-14 21:36 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys
2018-07-07 20:38 - 2018-06-14 20:23 - 000001310 _____ C:\Windows\system32\tcbres.wim
2018-07-07 20:38 - 2018-05-31 22:18 - 000058524 _____ C:\Windows\system32\srms.dat
2018-07-07 20:38 - 2018-05-20 04:53 - 000792984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2018-07-07 20:38 - 2018-05-20 04:52 - 000413080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-07-07 20:12 - 2018-07-07 20:12 - 000000000 ____D C:\Windows\Firmware
2018-07-07 18:25 - 2018-07-07 18:29 - 000000400 __RSH C:\ProgramData\ntuser.pol
2018-07-07 18:25 - 2018-07-07 18:25 - 001018424 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\hometown\Downloads\rufus-3.1.exe
2018-07-07 18:17 - 2018-07-07 18:20 - 703033344 _____ C:\Users\hometown\Downloads\rescue-system.iso
2018-07-07 16:08 - 2018-07-07 16:18 - 000000000 ____D C:\AdwCleaner
2018-07-07 16:08 - 2018-07-07 16:08 - 007395536 _____ (Malwarebytes) C:\Users\hometown\Downloads\AdwCleaner.exe
2018-07-07 11:45 - 2018-07-07 11:45 - 000000000 _____ C:\Users\hometown\Desktop\New Text Document.txt
2018-07-07 09:21 - 2018-07-07 09:21 - 000000000 ____D C:\Users\hometown\AppData\Local\PeerDistRepub
2018-07-07 03:44 - 2018-07-07 03:44 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-07 03:44 - 2018-07-07 03:44 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-07 03:43 - 2018-07-07 03:52 - 000000000 ____D C:\Users\hometown\AppData\Local\Google
2018-07-07 03:43 - 2018-07-07 03:44 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-07 03:43 - 2018-07-07 03:43 - 000003418 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-07 03:43 - 2018-07-07 03:43 - 000003294 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-07 02:28 - 2018-07-07 02:28 - 000000000 ____D C:\ProgramData\Packages
2018-07-07 02:12 - 2018-07-07 02:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-07-07 02:12 - 2018-07-07 02:12 - 000000000 ____D C:\ProgramData\ESET
2018-07-07 02:12 - 2018-07-07 02:12 - 000000000 ____D C:\Program Files\ESET
2018-07-07 02:11 - 2018-07-07 02:11 - 000000000 ____D C:\Windows\system32\Intel
2018-07-07 02:11 - 2018-07-07 02:11 - 000000000 ____D C:\Windows\system32\cAVS
2018-07-07 02:11 - 2018-07-07 02:11 - 000000000 ____D C:\Users\hometown\Desktop\estat av
2018-07-07 00:35 - 2018-07-07 00:35 - 000000000 ____D C:\Users\hometown\AppData\Local\ElevatedDiagnostics
2018-07-06 23:55 - 2018-07-06 23:55 - 000000000 ____D C:\Users\hometown\AppData\Local\ESET
2018-07-06 23:54 - 2018-07-06 23:54 - 000000000 ____D C:\Users\hometown\AppData\Local\NVIDIA Corporation
2018-07-06 23:33 - 2018-04-11 16:36 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20180706-233322.backup
2018-07-06 23:20 - 2018-07-06 23:21 - 000000000 ____D C:\Users\hometown\AppData\Local\CrashDumps
2018-07-06 23:20 - 2018-07-06 23:20 - 000000000 ____D C:\Users\hometown\AppData\Local\DBG
2018-07-06 23:13 - 2018-06-08 12:02 - 004527680 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2018-07-06 23:13 - 2018-06-08 11:43 - 002922496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2018-07-06 23:13 - 2018-06-08 03:31 - 007900984 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-07-06 23:13 - 2018-06-08 02:30 - 001017080 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2018-07-06 23:13 - 2018-06-08 02:12 - 000861616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2018-07-06 23:13 - 2018-06-08 01:59 - 004867072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-07-06 23:13 - 2018-05-20 09:59 - 023862784 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2018-07-06 23:13 - 2018-05-20 04:34 - 016592384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2018-07-06 23:13 - 2018-05-20 04:30 - 008188928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-07-06 23:13 - 2018-05-20 04:26 - 003392512 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-07-06 23:13 - 2018-05-20 04:23 - 013873152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2018-07-06 23:13 - 2018-05-20 04:16 - 006661120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-07-06 23:13 - 2018-04-28 04:17 - 019525120 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2018-07-06 23:12 - 2018-06-08 12:07 - 000506184 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2018-07-06 23:12 - 2018-06-08 12:07 - 000183712 _____ (Microsoft Corporation) C:\Windows\system32\mavinject.exe
2018-07-06 23:12 - 2018-06-08 12:07 - 000040864 _____ (Microsoft Corporation) C:\Windows\system32\AppVClientPS.dll
2018-07-06 23:12 - 2018-06-08 12:07 - 000019872 _____ (Microsoft Corporation) C:\Windows\system32\AppVTerminator.dll
2018-07-06 23:12 - 2018-06-08 12:02 - 001634808 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2018-07-06 23:12 - 2018-06-08 12:02 - 000661160 _____ (Microsoft Corporation) C:\Windows\system32\GenValObj.exe
2018-07-06 23:12 - 2018-06-08 12:01 - 001046944 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2018-07-06 23:12 - 2018-06-08 11:47 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2018-07-06 23:12 - 2018-06-08 11:46 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2018-07-06 23:12 - 2018-06-08 11:45 - 004392448 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2018-07-06 23:12 - 2018-06-08 11:45 - 001560576 _____ (Microsoft Corporation) C:\Windows\system32\msdt.exe
2018-07-06 23:12 - 2018-06-08 11:45 - 000808960 _____ C:\Windows\system32\MBR2GPT.EXE
2018-07-06 23:12 - 2018-06-08 11:44 - 001121792 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2018-07-06 23:12 - 2018-06-08 11:44 - 000625152 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
2018-07-06 23:12 - 2018-06-08 11:44 - 000340992 _____ (Microsoft Corporation) C:\Windows\system32\AcGenral.dll
2018-07-06 23:12 - 2018-06-08 11:44 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\wlidcredprov.dll
2018-07-06 23:12 - 2018-06-08 11:43 - 003640832 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2018-07-06 23:12 - 2018-06-08 11:43 - 001719808 _____ (Microsoft Corporation) C:\Windows\system32\dui70.dll
2018-07-06 23:12 - 2018-06-08 11:43 - 001659904 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2018-07-06 23:12 - 2018-06-08 11:43 - 001543680 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2018-07-06 23:12 - 2018-06-08 11:42 - 003999232 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2018-07-06 23:12 - 2018-06-08 11:42 - 003653120 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-07-06 23:12 - 2018-06-08 11:42 - 000800256 _____ (Microsoft Corporation) C:\Windows\system32\pwcreator.exe
2018-07-06 23:12 - 2018-06-08 11:42 - 000503296 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2018-07-06 23:12 - 2018-06-08 11:41 - 002019840 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll
2018-07-06 23:12 - 2018-06-08 11:41 - 001180672 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2018-07-06 23:12 - 2018-06-08 11:41 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2018-07-06 23:12 - 2018-06-08 11:41 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2018-07-06 23:12 - 2018-06-08 11:40 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\DXP.dll
2018-07-06 23:12 - 2018-06-08 10:07 - 000148896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mavinject.exe
2018-07-06 23:12 - 2018-06-08 10:04 - 001454024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2018-07-06 23:12 - 2018-06-08 09:58 - 000917408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2018-07-06 23:12 - 2018-06-08 09:50 - 001508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdt.exe
2018-07-06 23:12 - 2018-06-08 09:47 - 003492864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2018-07-06 23:12 - 2018-06-08 09:47 - 002895872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-07-06 23:12 - 2018-06-08 09:47 - 001462784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dui70.dll
2018-07-06 23:12 - 2018-06-08 09:47 - 001032704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2018-07-06 23:12 - 2018-06-08 09:47 - 000231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcredprov.dll
2018-07-06 23:12 - 2018-06-08 09:46 - 003444224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2018-07-06 23:12 - 2018-06-08 09:46 - 000908288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2018-07-06 23:12 - 2018-06-08 09:45 - 002401280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2018-07-06 23:12 - 2018-06-08 09:06 - 000976384 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2018-07-06 23:12 - 2018-06-08 09:05 - 000944640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.dll
2018-07-06 23:12 - 2018-06-08 07:00 - 000658432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2018-07-06 23:12 - 2018-06-08 03:38 - 005821544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-07-06 23:12 - 2018-06-08 03:37 - 002417840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2018-07-06 23:12 - 2018-06-08 03:35 - 001613200 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2018-07-06 23:12 - 2018-06-08 03:35 - 000613144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2018-07-06 23:12 - 2018-06-08 03:34 - 001299056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2018-07-06 23:12 - 2018-06-08 03:34 - 000748512 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2018-07-06 23:12 - 2018-06-08 03:31 - 003180176 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2018-07-06 23:12 - 2018-06-08 03:31 - 000029600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\uefi.sys
2018-07-06 23:12 - 2018-06-08 03:30 - 000705440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-07-06 23:12 - 2018-06-08 02:31 - 000226720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Ucx01000.sys
2018-07-06 23:12 - 2018-06-08 02:30 - 003296896 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2018-07-06 23:12 - 2018-06-08 02:30 - 001363632 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2018-07-06 23:12 - 2018-06-08 02:30 - 001063328 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2018-07-06 23:12 - 2018-06-08 02:30 - 000723360 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2018-07-06 23:12 - 2018-06-08 02:30 - 000722808 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-07-06 23:12 - 2018-06-08 02:30 - 000565152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2018-07-06 23:12 - 2018-06-08 02:30 - 000527264 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2018-07-06 23:12 - 2018-06-08 02:30 - 000194456 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
2018-07-06 23:12 - 2018-06-08 02:30 - 000137568 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-07-06 23:12 - 2018-06-08 02:29 - 004970360 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2018-07-06 23:12 - 2018-06-08 02:29 - 003283408 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll
2018-07-06 23:12 - 2018-06-08 02:29 - 002590400 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2018-07-06 23:12 - 2018-06-08 02:29 - 002462272 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-07-06 23:12 - 2018-06-08 02:29 - 001792808 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2018-07-06 23:12 - 2018-06-08 02:29 - 001364184 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2018-07-06 23:12 - 2018-06-08 02:29 - 001190152 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-07-06 23:12 - 2018-06-08 02:29 - 001026976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-07-06 23:12 - 2018-06-08 02:29 - 000678840 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2018-07-06 23:12 - 2018-06-08 02:29 - 000659096 _____ (Microsoft Corporation) C:\Windows\system32\StateRepository.Core.dll
2018-07-06 23:12 - 2018-06-08 02:29 - 000416144 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2018-07-06 23:12 - 2018-06-08 02:29 - 000375712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-07-06 23:12 - 2018-06-08 02:29 - 000313592 _____ (Microsoft Corporation) C:\Windows\system32\mfsensorgroup.dll
2018-07-06 23:12 - 2018-06-08 02:29 - 000266656 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2018-07-06 23:12 - 2018-06-08 02:29 - 000164768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2018-07-06 23:12 - 2018-06-08 02:29 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\vertdll.dll
2018-07-06 23:12 - 2018-06-08 02:29 - 000084288 _____ (Microsoft Corporation) C:\Windows\system32\LanguageOverlayUtil.dll
2018-07-06 23:12 - 2018-06-08 02:29 - 000057960 _____ (Microsoft Corporation) C:\Windows\system32\kernel.appcore.dll
2018-07-06 23:12 - 2018-06-08 02:12 - 000786176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-07-06 23:12 - 2018-06-08 02:10 - 002479272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2018-07-06 23:12 - 2018-06-08 02:10 - 002307336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2018-07-06 23:12 - 2018-06-08 02:10 - 001988072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-07-06 23:12 - 2018-06-08 02:10 - 000880152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2018-07-06 23:12 - 2018-06-08 02:10 - 000457152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2018-07-06 23:12 - 2018-06-08 02:10 - 000097176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-07-06 23:12 - 2018-06-08 02:09 - 004469832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2018-07-06 23:12 - 2018-06-08 02:09 - 002486992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll
2018-07-06 23:12 - 2018-06-08 02:09 - 001584128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2018-07-06 23:12 - 2018-06-08 02:09 - 001077504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2018-07-06 23:12 - 2018-06-08 02:09 - 000607648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2018-07-06 23:12 - 2018-06-08 02:09 - 000568720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryPS.dll
2018-07-06 23:12 - 2018-06-08 02:09 - 000553248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2018-07-06 23:12 - 2018-06-08 02:09 - 000064648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LanguageOverlayUtil.dll
2018-07-06 23:12 - 2018-06-08 02:09 - 000050208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel.appcore.dll
2018-07-06 23:12 - 2018-06-08 02:03 - 000906752 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-07-06 23:12 - 2018-06-08 02:03 - 000038400 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryCore.dll
2018-07-06 23:12 - 2018-06-08 02:03 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys
2018-07-06 23:12 - 2018-06-08 02:02 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll
2018-07-06 23:12 - 2018-06-08 02:02 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\edpnotify.exe
2018-07-06 23:12 - 2018-06-08 02:02 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerCookies.exe
2018-07-06 23:12 - 2018-06-08 02:01 - 000342528 _____ (Microsoft Corporation) C:\Windows\system32\browserexport.exe
2018-07-06 23:12 - 2018-06-08 02:01 - 000295424 _____ (Microsoft Corporation) C:\Windows\system32\FSClient.dll
2018-07-06 23:12 - 2018-06-08 02:01 - 000294912 _____ (Microsoft Corporation) C:\Windows\system32\TDLMigration.dll
2018-07-06 23:12 - 2018-06-08 02:01 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerCsp.dll
2018-07-06 23:12 - 2018-06-08 02:01 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\tbauth.dll
2018-07-06 23:12 - 2018-06-08 02:01 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-07-06 23:12 - 2018-06-08 02:00 - 001285120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Maps.dll
2018-07-06 23:12 - 2018-06-08 02:00 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\credprovs.dll
2018-07-06 23:12 - 2018-06-08 02:00 - 000275456 _____ (Microsoft Corporation) C:\Windows\system32\SIHClient.exe
2018-07-06 23:12 - 2018-06-08 02:00 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2018-07-06 23:12 - 2018-06-08 02:00 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManagerClient.dll
2018-07-06 23:12 - 2018-06-08 02:00 - 000075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-07-06 23:12 - 2018-06-08 01:59 - 006032384 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2018-07-06 23:12 - 2018-06-08 01:59 - 001318400 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
2018-07-06 23:12 - 2018-06-08 01:59 - 000983040 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2018-07-06 23:12 - 2018-06-08 01:59 - 000673792 _____ (Microsoft Corporation) C:\Windows\system32\FrameServer.dll
2018-07-06 23:12 - 2018-06-08 01:59 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2018-07-06 23:12 - 2018-06-08 01:59 - 000456704 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2018-07-06 23:12 - 2018-06-08 01:59 - 000177152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryUpgrade.dll
2018-07-06 23:12 - 2018-06-08 01:59 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2018-07-06 23:12 - 2018-06-08 01:58 - 003712512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-07-06 23:12 - 2018-06-08 01:58 - 001676800 _____ (Microsoft Corporation) C:\Windows\system32\CoreShell.dll
2018-07-06 23:12 - 2018-06-08 01:58 - 000781824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2018-07-06 23:12 - 2018-06-08 01:58 - 000239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FSClient.dll
2018-07-06 23:12 - 2018-06-08 01:58 - 000029184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerCookies.exe
2018-07-06 23:12 - 2018-06-08 01:57 - 003348992 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2018-07-06 23:12 - 2018-06-08 01:57 - 000483328 _____ (Microsoft Corporation) C:\Windows\system32\RTMediaFrame.dll
2018-07-06 23:12 - 2018-06-08 01:57 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-07-06 23:12 - 2018-06-08 01:57 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2018-07-06 23:12 - 2018-06-08 01:57 - 000150016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-07-06 23:12 - 2018-06-08 01:57 - 000038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbauth.dll
2018-07-06 23:12 - 2018-06-08 01:56 - 005307392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2018-07-06 23:12 - 2018-06-08 01:56 - 003293696 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2018-07-06 23:12 - 2018-06-08 01:56 - 002364928 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2018-07-06 23:12 - 2018-06-08 01:56 - 001395200 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2018-07-06 23:12 - 2018-06-08 01:56 - 000916480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2018-07-06 23:12 - 2018-06-08 01:56 - 000908800 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2018-07-06 23:12 - 2018-06-08 01:56 - 000871424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-07-06 23:12 - 2018-06-08 01:56 - 000869376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-07-06 23:12 - 2018-06-08 01:56 - 000858112 _____ (Microsoft Corporation) C:\Windows\system32\FlightSettings.dll
2018-07-06 23:12 - 2018-06-08 01:56 - 000715776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2018-07-06 23:12 - 2018-06-08 01:56 - 000466432 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2018-07-06 23:12 - 2018-06-08 01:56 - 000389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-07-06 23:12 - 2018-06-08 01:56 - 000264704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovs.dll
2018-07-06 23:12 - 2018-06-08 01:55 - 003441152 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-07-06 23:12 - 2018-06-08 01:55 - 002248192 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2018-07-06 23:12 - 2018-06-08 01:55 - 002061824 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2018-07-06 23:12 - 2018-06-08 01:55 - 001242112 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2018-07-06 23:12 - 2018-06-08 01:55 - 001192448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-07-06 23:12 - 2018-06-08 01:55 - 001171968 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2018-07-06 23:12 - 2018-06-08 01:55 - 001160192 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-07-06 23:12 - 2018-06-08 01:55 - 000932352 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2018-07-06 23:12 - 2018-06-08 01:55 - 000849408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.MediaPlayer.dll
2018-07-06 23:12 - 2018-06-08 01:55 - 000778752 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-07-06 23:12 - 2018-06-08 01:55 - 000776192 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-07-06 23:12 - 2018-06-08 01:55 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2018-07-06 23:12 - 2018-06-08 01:55 - 000652800 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2018-07-06 23:12 - 2018-06-08 01:55 - 000630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-07-06 23:12 - 2018-06-08 01:55 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2018-07-06 23:12 - 2018-06-08 01:54 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-07-06 23:12 - 2018-06-08 01:54 - 002789376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2018-07-06 23:12 - 2018-06-08 01:54 - 001586176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-07-06 23:12 - 2018-06-08 01:54 - 001348096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2018-07-06 23:12 - 2018-06-08 01:54 - 001128448 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2018-07-06 23:12 - 2018-06-08 01:54 - 000999936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2018-07-06 23:12 - 2018-06-08 01:54 - 000950272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2018-07-06 23:12 - 2018-06-08 01:54 - 000857088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2018-07-06 23:12 - 2018-06-08 01:54 - 000842240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2018-07-06 23:12 - 2018-06-08 01:54 - 000729088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FlightSettings.dll
2018-07-06 23:12 - 2018-06-08 01:54 - 000646656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-07-06 23:12 - 2018-06-08 01:54 - 000593408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2018-07-06 23:12 - 2018-06-08 01:54 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RTMediaFrame.dll
2018-07-06 23:12 - 2018-06-08 01:54 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAC3ENC.DLL
2018-07-06 23:12 - 2018-06-08 01:53 - 001675264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2018-07-06 23:12 - 2018-06-08 01:53 - 001466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-07-06 23:12 - 2018-06-08 01:53 - 000677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-07-06 23:12 - 2018-06-08 01:53 - 000669696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-07-06 23:12 - 2018-06-08 01:53 - 000648192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-07-06 23:12 - 2018-06-08 01:53 - 000528384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
2018-07-06 23:12 - 2018-06-06 11:57 - 003733320 _____ C:\Windows\system32\Windows.Mirage.dll
2018-07-06 23:12 - 2018-06-05 21:20 - 002841312 _____ C:\Windows\SysWOW64\Windows.Mirage.dll
2018-07-06 23:12 - 2018-06-01 16:24 - 000713376 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2018-07-06 23:12 - 2018-06-01 15:54 - 001825792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2018-07-06 23:12 - 2018-05-24 20:24 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-07-06 23:12 - 2018-05-20 12:45 - 000308408 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-07-06 23:12 - 2018-05-20 12:42 - 001649760 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2018-07-06 23:12 - 2018-05-20 12:42 - 000759192 _____ (Microsoft Corporation) C:\Windows\system32\LicensingWinRT.dll
2018-07-06 23:12 - 2018-05-20 12:26 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\rasplap.dll
2018-07-06 23:12 - 2018-05-20 12:23 - 004070400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-07-06 23:12 - 2018-05-20 12:23 - 000947712 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2018-07-06 23:12 - 2018-05-20 12:23 - 000899072 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2018-07-06 23:12 - 2018-05-20 12:22 - 001665024 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-07-06 23:12 - 2018-05-20 12:22 - 001292288 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2018-07-06 23:12 - 2018-05-20 12:22 - 000941056 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2018-07-06 23:12 - 2018-05-20 12:22 - 000804352 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2018-07-06 23:12 - 2018-05-20 11:20 - 000022936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hvsicontainerservice.dll
2018-07-06 23:12 - 2018-05-20 11:15 - 000653208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicensingWinRT.dll
2018-07-06 23:12 - 2018-05-20 11:14 - 001490144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2018-07-06 23:12 - 2018-05-20 11:02 - 000461312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasplap.dll
2018-07-06 23:12 - 2018-05-20 11:00 - 000864768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2018-07-06 23:12 - 2018-05-20 10:59 - 000863232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
2018-07-06 23:12 - 2018-05-20 10:59 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2018-07-06 23:12 - 2018-05-20 09:45 - 001271296 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
2018-07-06 23:12 - 2018-05-20 09:35 - 000677376 _____ (Microsoft Corporation) C:\Windows\system32\HeadTrackerStorage.dll
2018-07-06 23:12 - 2018-05-20 09:34 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\HoloShellRuntime.dll
2018-07-06 23:12 - 2018-05-20 07:54 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HoloShellRuntime.dll
2018-07-06 23:12 - 2018-05-20 05:33 - 000105368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2018-07-06 23:12 - 2018-05-20 04:53 - 002178136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2018-07-06 23:12 - 2018-05-20 04:53 - 001017088 _____ (Microsoft Corporation) C:\Windows\system32\DolbyDecMFT.dll
2018-07-06 23:12 - 2018-05-20 04:53 - 001012408 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2018-07-06 23:12 - 2018-05-20 04:53 - 000131232 _____ (Microsoft Corporation) C:\Windows\system32\rmclient.dll
2018-07-06 23:12 - 2018-05-20 04:53 - 000088472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2018-07-06 23:12 - 2018-05-20 04:52 - 000735560 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2018-07-06 23:12 - 2018-05-20 04:52 - 000347704 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-07-06 23:12 - 2018-05-20 04:52 - 000130456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocket.sys
2018-07-06 23:12 - 2018-05-20 04:52 - 000089984 _____ (Microsoft Corporation) C:\Windows\system32\CompPkgSup.dll
2018-07-06 23:12 - 2018-05-20 04:34 - 000861096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DolbyDecMFT.dll
2018-07-06 23:12 - 2018-05-20 04:33 - 001665920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2018-07-06 23:12 - 2018-05-20 04:33 - 000101288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
2018-07-06 23:12 - 2018-05-20 04:32 - 001034096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2018-07-06 23:12 - 2018-05-20 04:32 - 000560488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2018-07-06 23:12 - 2018-05-20 04:32 - 000286200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-07-06 23:12 - 2018-05-20 04:32 - 000077040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CompPkgSup.dll
2018-07-06 23:12 - 2018-05-20 04:31 - 001456640 _____ (Microsoft Corporation) C:\Windows\system32\WpcDesktopMonSvc.dll
2018-07-06 23:12 - 2018-05-20 04:28 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2018-07-06 23:12 - 2018-05-20 04:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\AppHostRegistrationVerifier.exe
2018-07-06 23:12 - 2018-05-20 04:28 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-07-06 23:12 - 2018-05-20 04:27 - 000344576 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
2018-07-06 23:12 - 2018-05-20 04:27 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\ApiSetHost.AppExecutionAlias.dll
2018-07-06 23:12 - 2018-05-20 04:26 - 000356352 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
2018-07-06 23:12 - 2018-05-20 04:26 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe
2018-07-06 23:12 - 2018-05-20 04:26 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-07-06 23:12 - 2018-05-20 04:26 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\TelephonyInteractiveUser.dll
2018-07-06 23:12 - 2018-05-20 04:26 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\MSHEIF.dll
2018-07-06 23:12 - 2018-05-20 04:25 - 000835584 _____ (Microsoft Corporation) C:\Windows\system32\PhoneService.dll
2018-07-06 23:12 - 2018-05-20 04:25 - 000384000 _____ (Microsoft Corporation) C:\Windows\system32\Phoneutil.dll
2018-07-06 23:12 - 2018-05-20 04:24 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-07-06 23:12 - 2018-05-20 04:24 - 000234496 _____ (Microsoft Corporation) C:\Windows\system32\DolbyMATEnc.dll
2018-07-06 23:12 - 2018-05-20 04:23 - 005951488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2018-07-06 23:12 - 2018-05-20 04:23 - 000933376 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2018-07-06 23:12 - 2018-05-20 04:21 - 001371136 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2018-07-06 23:12 - 2018-05-20 04:21 - 001210880 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2018-07-06 23:12 - 2018-05-20 04:21 - 000960512 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2018-07-06 23:12 - 2018-05-20 04:21 - 000783360 _____ (Microsoft Corporation) C:\Windows\system32\DolbyHrtfEnc.dll
2018-07-06 23:12 - 2018-05-20 04:17 - 002699776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-07-06 23:12 - 2018-05-20 04:16 - 000094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2018-07-06 23:12 - 2018-05-20 04:16 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-07-06 23:12 - 2018-05-20 04:16 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-07-06 23:12 - 2018-05-20 04:15 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2018-07-06 23:12 - 2018-05-20 04:15 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSHEIF.dll
2018-07-06 23:12 - 2018-05-20 04:14 - 000167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtutil.exe
2018-07-06 23:12 - 2018-05-20 04:13 - 004929024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-07-06 23:12 - 2018-05-20 04:13 - 000317440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Phoneutil.dll
2018-07-06 23:12 - 2018-05-20 04:12 - 000860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2018-07-06 23:12 - 2018-05-20 04:11 - 001036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2018-07-06 23:12 - 2018-05-20 04:11 - 001005568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2018-07-06 23:12 - 2018-05-20 01:26 - 000018716 _____ C:\Windows\system32\srms-apr.dat
2018-07-06 23:12 - 2018-05-18 10:08 - 000018716 _____ C:\Windows\SysWOW64\srms-apr.dat
2018-07-06 23:12 - 2018-04-28 07:25 - 000652184 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2018-07-06 23:12 - 2018-04-28 07:24 - 000749976 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2018-07-06 23:12 - 2018-04-28 07:23 - 000826776 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2018-07-06 23:12 - 2018-04-28 07:23 - 000399768 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2018-07-06 23:12 - 2018-04-28 07:03 - 013570560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-07-06 23:12 - 2018-04-28 07:03 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-07-06 23:12 - 2018-04-28 07:03 - 000150528 _____ (Microsoft Corporation) C:\Windows\system32\SharedPCCSP.dll
2018-07-06 23:12 - 2018-04-28 07:01 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\MixedReality.Broker.dll
2018-07-06 23:12 - 2018-04-28 07:00 - 000695296 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-07-06 23:12 - 2018-04-28 06:58 - 001855488 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-07-06 23:12 - 2018-04-28 06:18 - 000150016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-07-06 23:12 - 2018-04-28 06:17 - 012500992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-07-06 23:12 - 2018-04-28 06:14 - 000581120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-07-06 23:12 - 2018-04-28 06:13 - 001585664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-07-06 23:12 - 2018-04-28 06:12 - 001380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-07-06 23:12 - 2018-04-28 03:58 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Analog.dll
2018-07-06 23:12 - 2018-04-27 21:31 - 000473496 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2018-07-06 23:12 - 2018-04-27 21:29 - 001565592 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2018-07-06 23:12 - 2018-04-27 21:29 - 000788216 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-07-06 23:12 - 2018-04-27 21:29 - 000776880 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2018-07-06 23:12 - 2018-04-27 21:29 - 000494488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2018-07-06 23:12 - 2018-04-27 21:29 - 000382872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2018-07-06 23:12 - 2018-04-27 21:14 - 000434584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2018-07-06 23:12 - 2018-04-27 21:13 - 001426328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2018-07-06 23:12 - 2018-04-27 21:13 - 000665320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2018-07-06 23:12 - 2018-04-27 21:12 - 000606448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-07-06 23:12 - 2018-04-27 21:03 - 000585728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-07-06 23:12 - 2018-04-27 21:03 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-07-06 23:12 - 2018-04-27 21:03 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.th.dll
2018-07-06 23:12 - 2018-04-27 21:03 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win81.dll
2018-07-06 23:12 - 2018-04-27 21:02 - 000613376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-07-06 23:12 - 2018-04-27 21:02 - 000474624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-07-06 23:12 - 2018-04-27 21:02 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-07-06 23:12 - 2018-04-27 21:02 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-07-06 23:12 - 2018-04-27 21:01 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-07-06 23:12 - 2018-04-27 21:00 - 000143360 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-07-06 23:12 - 2018-04-27 20:59 - 000553984 _____ (Microsoft Corporation) C:\Windows\system32\PerceptionSimulationExtensions.dll
2018-07-06 23:12 - 2018-04-27 20:58 - 003086336 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-07-06 23:12 - 2018-04-27 20:57 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-07-06 23:12 - 2018-04-27 20:55 - 001421312 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
2018-07-06 23:12 - 2018-04-27 20:55 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-07-06 23:12 - 2018-04-27 20:54 - 000561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-07-06 23:12 - 2018-04-27 20:53 - 001235968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2018-07-06 23:12 - 2018-04-27 20:53 - 000117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-07-06 23:12 - 2018-04-27 20:51 - 000524800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-07-06 23:12 - 2018-04-27 19:43 - 001953280 _____ C:\Windows\system32\rdpnano.dll
2018-07-06 22:19 - 2018-07-06 22:19 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_SurfaceDTXDriver_02_00_00.Wdf
2018-07-06 22:19 - 2018-07-06 22:19 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SurfacePenDriver_01011.Wdf
2018-07-06 22:19 - 2018-07-06 22:19 - 000000000 ____D C:\Windows\system32\zh-sg
2018-07-06 22:19 - 2018-07-06 22:19 - 000000000 ____D C:\Windows\system32\en-sg
2018-07-06 22:19 - 2018-07-06 22:19 - 000000000 ____D C:\Windows\system32\en-au
2018-07-06 22:19 - 2018-07-06 22:19 - 000000000 ____D C:\Program Files\Intel
2018-07-06 22:19 - 2018-07-06 22:19 - 000000000 ____D C:\Program Files (x86)\Intel
2018-07-06 22:19 - 2018-07-06 22:19 - 000000000 ____D C:\Intel
2018-07-06 22:19 - 2018-07-06 22:19 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2018-07-06 22:18 - 2018-07-06 22:18 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-06 22:18 - 2018-07-06 22:18 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-06 22:18 - 2018-07-06 22:18 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-06 22:18 - 2018-07-06 22:18 - 000003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-06 22:18 - 2018-07-06 22:18 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-06 22:18 - 2018-07-06 22:18 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-07-06 22:18 - 2017-10-19 12:20 - 005960824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-07-06 22:18 - 2017-10-19 12:20 - 002587584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-07-06 22:18 - 2017-10-19 12:20 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-07-06 22:18 - 2017-10-19 12:20 - 000607352 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-07-06 22:18 - 2017-10-19 12:20 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-07-06 22:18 - 2017-10-19 12:20 - 000122816 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-07-06 22:18 - 2017-10-19 12:20 - 000082040 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-07-06 22:18 - 2017-10-12 20:11 - 007799931 _____ C:\Windows\system32\nvcoproc.bin
2018-07-06 22:18 - 2017-10-10 16:26 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-07-06 22:18 - 2017-09-13 16:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-07-06 22:18 - 2017-09-13 16:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-07-06 22:18 - 2017-09-13 16:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2018-07-06 22:18 - 2017-09-13 16:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2018-07-06 22:17 - 2018-07-08 09:14 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-06 22:17 - 2018-07-06 22:18 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-07-06 22:17 - 2018-07-06 22:18 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-07-06 22:17 - 2018-07-06 22:17 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-07-06 22:17 - 2017-10-19 12:41 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-07-06 22:17 - 2017-09-24 14:31 - 000140280 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-07-06 22:12 - 2018-07-06 22:15 - 000000000 ____D C:\Windows\system32\MRT
2018-07-06 22:12 - 2018-07-06 22:12 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-07-06 22:12 - 2018-07-06 22:12 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-07-06 22:09 - 2018-07-06 22:09 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-07-06 22:09 - 2018-07-06 22:09 - 000001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-07-06 22:09 - 2018-07-06 22:09 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-07-06 22:09 - 2018-07-06 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-07-06 22:09 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2018-07-06 22:08 - 2018-07-07 20:43 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-07-06 18:39 - 2018-07-06 18:39 - 000000000 ____D C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
2018-07-06 18:39 - 2018-07-06 18:39 - 000000000 ____D C:\Program Files (x86)\SDHelper (Spybot - Search & Destroy)
2018-07-06 18:39 - 2018-07-06 18:39 - 000000000 ____D C:\Program Files (x86)\Misc. Support Library (Spybot - Search & Destroy)
2018-07-06 18:39 - 2018-07-06 18:39 - 000000000 ____D C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
2018-07-06 18:38 - 2018-07-06 18:07 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-07-06 18:28 - 2018-07-06 23:32 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-07-06 18:28 - 2018-07-06 22:06 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2018-07-06 18:08 - 2018-07-08 09:28 - 000000000 ___HD C:\Users\hometown\MicrosoftEdgeBackups
2018-07-06 18:08 - 2018-07-07 11:14 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-07-06 18:07 - 2018-07-06 18:27 - 000000000 ____D C:\ProgramData\RogueKiller
2018-07-06 18:07 - 2018-07-06 18:07 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-07-06 18:07 - 2018-07-06 18:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-07-06 18:07 - 2018-07-06 18:07 - 000000000 ____D C:\Program Files\RogueKiller
2018-07-06 16:17 - 2018-07-07 20:14 - 000000000 ____D C:\Users\hometown\AppData\Local\PlaceholderTileLogoFolder
2018-07-06 13:48 - 2018-07-06 14:07 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-07-06 06:04 - 2018-07-06 05:05 - 000000000 ____D C:\Windows\Panther
2018-07-06 05:26 - 2018-07-06 05:26 - 000000000 ____D C:\Users\hometown\AppData\Local\Comms
2018-07-06 05:11 - 2018-07-08 09:29 - 000000000 ____D C:\Users\hometown\AppData\Local\D3DSCache
2018-07-06 05:11 - 2018-07-07 02:38 - 000000000 ___RD C:\Users\hometown\OneDrive
2018-07-06 05:11 - 2018-07-06 05:11 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-07-06 05:10 - 2018-07-08 09:30 - 000793700 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-06 05:10 - 2018-07-07 00:32 - 000000000 ____D C:\Users\hometown\AppData\Local\MicrosoftEdge
2018-07-06 05:10 - 2018-07-06 05:10 - 000001417 _____ C:\Users\hometown\Desktop\Microsoft Edge.lnk
2018-07-06 05:09 - 2018-07-07 20:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-07-06 05:09 - 2018-07-07 20:43 - 000000000 ___RD C:\Users\hometown\3D Objects
2018-07-06 05:09 - 2018-07-07 20:12 - 000000000 ____D C:\Users\hometown\AppData\Local\Publishers
2018-07-06 05:09 - 2018-07-07 20:12 - 000000000 ____D C:\Users\hometown\AppData\Local\Packages
2018-07-06 05:09 - 2018-07-07 14:08 - 000000000 ____D C:\Users\hometown\AppData\Local\ConnectedDevicesPlatform
2018-07-06 05:09 - 2018-07-06 19:51 - 000000000 ____D C:\Users\hometown\AppData\Local\VirtualStore
2018-07-06 05:09 - 2018-07-06 18:08 - 000000000 ____D C:\Users\hometown
2018-07-06 05:09 - 2018-07-06 05:09 - 000000020 ___SH C:\Users\hometown\ntuser.ini
2018-07-06 05:09 - 2018-07-06 05:09 - 000000000 ____D C:\Users\hometown\AppData\Roaming\Adobe
2018-07-06 05:08 - 2018-07-06 05:08 - 000000000 ____D C:\Windows\CSC
2018-07-06 05:08 - 2018-07-06 05:08 - 000000000 ____D C:\ProgramData\USOShared
2018-07-06 05:08 - 2018-04-11 16:33 - 002752000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2018-07-06 05:06 - 2018-07-06 05:06 - 000000000 _SHDL C:\Documents and Settings
2018-07-06 05:04 - 2018-07-08 05:51 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-07-06 05:04 - 2018-07-07 20:43 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-06 05:04 - 2018-07-06 23:51 - 000233856 _____ C:\Windows\system32\FNTCACHE.DAT
2018-07-06 05:04 - 2018-07-06 22:20 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-07-06 05:04 - 2018-07-06 05:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-07-06 05:04 - 2018-07-06 05:04 - 000000000 ____D C:\Windows\ServiceProfiles

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-08 09:30 - 2018-04-11 16:36 - 000000000 ____D C:\Windows\INF
2018-07-08 09:26 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\yo-NG
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\wo-SN
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\ti-ET
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\rw-RW
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\ig-NG
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\zu-ZA
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\yo-NG
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\xh-ZA
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\wo-SN
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\uz-Latn-UZ
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\tn-ZA
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\ti-ET
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\tg-Cyrl-TJ
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-RS
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-BA
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\sd-Arab-PK
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\rw-RW
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\quc-Latn-GT
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\pa-Arab-PK
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\nso-ZA
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\ku-Arab-IQ
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\ig-NG
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\ha-Latn-NG
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\chr-CHER-US
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\ca-ES-valencia
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\bs-Latn-BA
2018-07-07 20:43 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\az-Latn-AZ
2018-07-07 20:43 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2018-07-07 20:43 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\system32\appraiser
2018-07-07 20:43 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\bcastdvr
2018-07-07 20:43 - 2018-04-11 14:04 - 000524288 _____ C:\Windows\system32\config\BBI
2018-07-07 20:40 - 2018-04-11 16:30 - 000000000 ____D C:\Windows\CbsTemp
2018-07-07 20:14 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\AppReadiness
2018-07-07 20:12 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-07 18:25 - 2018-04-11 16:38 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-07-07 18:25 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-07-07 12:30 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\LiveKernelReports
2018-07-07 03:43 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\appcompat
2018-07-06 23:51 - 2018-04-12 02:37 - 000000000 ____D C:\Windows\Containers
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\ur-PK
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\ug-CN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\tt-RU
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\tk-TM
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\te-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\ta-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\sw-KE
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\sq-AL
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\si-LK
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\quz-PE
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\prs-AF
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\pa-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\or-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\nn-NO
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\ne-NP
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\mt-MT
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\mr-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\mn-MN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\ml-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\mk-MK
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\mi-NZ
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\lo-LA
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\lb-LU
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\ky-KG
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\kok-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\kn-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\km-KH
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\kk-KZ
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\ka-GE
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\is-IS
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\hy-AM
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\gu-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\gd-GB
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\ga-IE
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\fil-PH
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\fa-IR
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\cy-GB
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\bn-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\bn-BD
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\be-BY
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\as-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\am-ET
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\SysWOW64\af-ZA
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\vi-VN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\ur-PK
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\ug-CN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\tt-RU
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\tk-TM
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\te-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\sw-KE
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\sq-AL
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\quz-PE
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\prs-AF
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\pa-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\or-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\nn-NO
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\ne-NP
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\mt-MT
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\mr-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\mn-MN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\ml-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\mk-MK
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\mi-NZ
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\lo-LA
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\lb-LU
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\ky-KG
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\kok-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\kn-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\km-KH
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\kk-KZ
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\ka-GE
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\is-IS
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\id-ID
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\hy-AM
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\gu-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\gd-GB
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\ga-IE
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\fil-PH
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\fa-IR
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\cy-GB
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\bn-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\bn-BD
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\be-BY
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\as-IN
2018-07-06 23:51 - 2018-04-12 02:19 - 000000000 ____D C:\Windows\system32\af-ZA
2018-07-06 23:51 - 2018-04-11 16:38 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-07-06 23:51 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\TextInput
2018-07-06 23:51 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\SysWOW64\setup
2018-07-06 23:51 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\SysWOW64\oobe
2018-07-06 23:51 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\SysWOW64\Dism
2018-07-06 23:51 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\system32\ta-in
2018-07-06 23:51 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2018-07-06 23:51 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\system32\si-lk
2018-07-06 23:51 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\system32\setup
2018-07-06 23:51 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\system32\oobe
2018-07-06 23:51 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\system32\am-et
2018-07-06 23:51 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\ShellExperiences
2018-07-06 23:51 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\Provisioning
2018-07-06 23:51 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-07-06 23:51 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-07-06 23:51 - 2018-04-11 14:04 - 000000000 ____D C:\Windows\system32\Dism
2018-07-06 22:20 - 2018-04-11 16:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-07-06 22:19 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\system32\es-MX
2018-07-06 22:19 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\system32\en-GB
2018-07-06 22:17 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\Help
2018-07-06 19:47 - 2018-04-11 16:38 - 000000076 _____ C:\Windows\win.ini
2018-07-06 06:04 - 2018-04-11 16:38 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-07-06 05:09 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2018-07-06 05:08 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\system32\spool
2018-07-06 05:08 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-07-06 05:08 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-07-06 05:04 - 2018-04-11 16:38 - 000000000 ___RD C:\Windows\PrintDialog
2018-07-06 05:04 - 2018-04-11 14:04 - 000032768 _____ C:\Windows\system32\config\ELAM

Some files in TEMP:
====================
2018-07-06 23:21 - 2018-07-06 23:21 - 000437120 _____ (Sysinternals - www.sysinternals.com (http://www.sysinternals.com)) C:\Users\hometown\AppData\Local\Temp\BAP.exe
2018-07-06 18:07 - 2018-06-08 02:29 - 001946328 _____ (Microsoft Corporation) C:\Users\hometown\AppData\Local\Temp\dllnt_dump.dll
2018-07-06 23:20 - 2018-07-06 23:20 - 000592768 _____ (Sysinternals - www.sysinternals.com (http://www.sysinternals.com)) C:\Users\hometown\AppData\Local\Temp\EKLXTWJ.exe
2018-07-06 23:21 - 2018-07-06 23:21 - 000580480 _____ (Sysinternals - www.sysinternals.com (http://www.sysinternals.com)) C:\Users\hometown\AppData\Local\Temp\SEITI.exe
2018-07-06 23:20 - 2018-07-06 23:20 - 000494464 _____ (Sysinternals - www.sysinternals.com (http://www.sysinternals.com)) C:\Users\hometown\AppData\Local\Temp\VL.exe
2018-07-06 23:21 - 2018-07-06 23:21 - 000461696 _____ (Sysinternals - www.sysinternals.com (http://www.sysinternals.com)) C:\Users\hometown\AppData\Local\Temp\YBQJLPCWBJEEM.exe
2018-07-06 23:21 - 2018-07-06 23:21 - 000457600 _____ (Sysinternals - www.sysinternals.com (http://www.sysinternals.com)) C:\Users\hometown\AppData\Local\Temp\ZGMG.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-06 05:04

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by hometown (08-07-2018 10:26:42)
Running from C:\Users\hometown\Desktop
Windows 10 Pro Version 1803 17134.137 (X64) (2018-07-06 12:06:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2251815794-2661967540-3884843598-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2251815794-2661967540-3884843598-503 - Limited - Disabled)
Guest (S-1-5-21-2251815794-2661967540-3884843598-501 - Limited - Disabled)
hometown (S-1-5-21-2251815794-2661967540-3884843598-1001 - Administrator - Enabled) => C:\Users\hometown
WDAGUtilityAccount (S-1-5-21-2251815794-2661967540-3884843598-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 388.08 - NVIDIA Corporation) Hidden
ESET Endpoint Antivirus (HKLM\...\{3187B3B0-3620-4459-A983-4403FC481420}) (Version: 5.0.2214.4 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
NVIDIA Graphics Driver 388.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.08 - NVIDIA Corporation)
NVIDIA Update 29.1.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 29.1.0.0 - NVIDIA Corporation)
RogueKiller version 12.12.25.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.25.0 - Adlice Software)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.22 - Tweaking.com)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\hometown\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\hometown\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\hometown\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2013-02-14] (ESET)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2013-02-14] (ESET)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-19] (NVIDIA Corporation)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2013-02-14] (ESET)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {019CE806-0B74-40ED-ADD1-BE273A3DF3AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-07] (Google Inc.)
Task: {07C89F96-897E-4E07-805C-8B5F92982B8E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {1D9DF227-07F6-4130-A594-438A37B571AD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {281A2E0B-9528-47D7-8BED-F225577B499E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {57362581-68DE-4AC5-896F-704CD50FB24E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {632BE4C5-384B-4425-9E20-48897F2194F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-07] (Google Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {7C5D6F45-4540-49C5-AC37-FBD2C7298932} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {9C59F3C3-831D-4EB8-93AF-405EBA2301FE} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {A7BC178E-570C-4378-9ED0-CFB4EBE51C87} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {C71348F5-0B6B-40C2-800F-17A705E8EF74} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {EEA0CED9-3B52-4D03-9492-66CB27B9E490} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-04-11 16:34 - 2018-04-11 16:34 - 000253440 _____ () C:\Windows\System32\HeatCore.dll
2018-07-06 22:18 - 2017-10-19 12:20 - 000133568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-06 23:12 - 2018-06-08 01:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-01 10:52 - 2017-11-01 10:52 - 000804744 _____ () C:\Windows\System32\SurfaceDTX.exe
2018-07-06 22:09 - 2018-02-05 16:57 - 000436016 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)

There are 7939 more sites.

IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)

There are 7939 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 16:38 - 2018-07-08 09:27 - 000454646 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com (http://www.123moviedownload.com)

There are 15605 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2251815794-2661967540-3884843598-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{35C00080-07FF-47BB-8747-520CB904D74A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2018 08:43:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelAudioService.exe, version: 1.0.46.0, time stamp: 0x59afa72c
Faulting module name: KERNELBASE.dll, version: 10.0.17134.137, time stamp: 0x7745a173
Exception code: 0xe0434352
Fault offset: 0x000000000003a388
Faulting process id: 0xdd4
Faulting application start time: 0x01d4166dd89f001f
Faulting application path: C:\Windows\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: cd7aa138-04b7-4344-a380-7c276128dcc6
Faulting package full name:
Faulting package-relative application ID:

Error: (07/07/2018 08:43:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IntelAudioService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.DllNotFoundException
at IntelAudioService.Logger.AudioServiceLogger.SetLogMessageDelegate(LoggerDelegate)
at IntelAudioService.Logger.AudioServiceLogger..ctor()
at IntelAudioService.Logger.AudioServiceLogger.get_Instance()
at IntelAudioService.AudioService..ctor()
at IntelAudioService.Program.Main()

Error: (07/07/2018 08:14:22 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-VTV5VMP$ via https://IFX-KeyId-40b8682b8d18450a2b06849d9b5cd96f4cddf4be.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (07/07/2018 08:14:20 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-VTV5VMP$ via https://IFX-KeyId-40b8682b8d18450a2b06849d9b5cd96f4cddf4be.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(0ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (07/07/2018 08:14:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelAudioService.exe, version: 1.0.46.0, time stamp: 0x59afa72c
Faulting module name: KERNELBASE.dll, version: 10.0.17134.112, time stamp: 0xf2b2cb6c
Exception code: 0xe0434352
Fault offset: 0x000000000003a388
Faulting process id: 0xea4
Faulting application start time: 0x01d41669bbb93939
Faulting application path: C:\Windows\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 7943ae0d-afe4-40c9-8103-2353cb6a9533
Faulting package full name:
Faulting package-relative application ID:

Error: (07/07/2018 08:14:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IntelAudioService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.DllNotFoundException
at IntelAudioService.Logger.AudioServiceLogger.SetLogMessageDelegate(LoggerDelegate)
at IntelAudioService.Logger.AudioServiceLogger..ctor()
at IntelAudioService.Logger.AudioServiceLogger.get_Instance()
at IntelAudioService.AudioService..ctor()
at IntelAudioService.Program.Main()

Error: (07/07/2018 08:09:31 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-VTV5VMP$ via https://IFX-KeyId-40b8682b8d18450a2b06849d9b5cd96f4cddf4be.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(15ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (07/07/2018 08:09:28 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-VTV5VMP$ via https://IFX-KeyId-40b8682b8d18450a2b06849d9b5cd96f4cddf4be.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

System errors:
=============
Error: (07/08/2018 10:23:42 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-VTV5VMP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-VTV5VMP\hometown SID (S-1-5-21-2251815794-2661967540-3884843598-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/08/2018 09:27:43 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-VTV5VMP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-VTV5VMP\hometown SID (S-1-5-21-2251815794-2661967540-3884843598-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/08/2018 09:26:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/08/2018 09:26:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/08/2018 09:26:02 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (07/07/2018 08:50:22 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-VTV5VMP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-VTV5VMP\hometown SID (S-1-5-21-2251815794-2661967540-3884843598-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/07/2018 08:43:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/07/2018 08:43:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Windows Defender:
===================================
Date: 2018-07-06 19:58:52.993
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.271.643.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15000.2
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-07-06 17:58:47.774
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-07-06 17:58:47.773
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-07-06 17:58:47.773
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-07-06 17:58:47.678
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz
Percentage of memory in use: 21%
Total physical RAM: 16309.29 MB
Available physical RAM: 12804.39 MB
Total Virtual: 19253.29 MB
Available Virtual: 12886.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.34 GB) (Free:444.58 GB) NTFS

\\?\Volume{9e7df45b-cb0b-47d8-912e-9ef5e4e8a6dc}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.13 GB) NTFS
\\?\Volume{432b50d5-0a2c-444f-b184-77bfde5d7507}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2018-07-08 11:03:07
-----------------------------
11:03:07.636 OS Version: Windows x64 6.2.9200
11:03:07.636 Number of processors: 4 586 0x4E03
11:03:07.636 ComputerName: DESKTOP-VTV5VMP UserName: hometown
11:03:07.904 Initialize success
11:03:07.920 VM: initialized successfully
11:03:07.920 VM: Intel CPU supported
11:03:11.984 VM: not used
11:03:42.722 AVAST engine defs: 17030301
11:03:48.939 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003a
11:03:48.939 Disk 0 Vendor: SAMSUNG_MZFLV512HCJH-000MV BXV75M0Q Size: 488386MB BusType: 17
11:03:48.954 Disk 0 MBR read successfully
11:03:48.954 Disk 0 MBR scan
11:03:48.970 Disk 0 unknown MBR code
11:03:48.970 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
11:03:48.970 Disk 0 scanning C:\Windows\system32\drivers
11:03:48.986 Service scanning
11:04:12.856 Modules scanning
11:04:13.122 AVAST engine scan C:\Windows
11:04:13.122 AVAST engine scan C:\Windows\system32
11:04:13.137 AVAST engine scan C:\Windows\system32\drivers
11:04:13.137 AVAST engine scan C:\Users\hometown
11:04:13.137 AVAST engine scan C:\ProgramData
11:04:13.153 Scan finished successfully
11:05:21.612 Disk 0 MBR has been saved successfully to "C:\Users\hometown\Desktop\MBR.dat"
11:05:21.628 The log file has been saved successfully to "C:\Users\hometown\Desktop\aswMBR.txt"

I tried to run this with the virtulization and it would crash I also could not run it with trace disk io calls.

I have tried malwarebyted, esat, spybot, tweaker.com and several others in my futile attempt to fix this problem. I am sure it is on my network and has spread to two other computers.

Juliet

2018-07-08, 23:10

We need to enable System Restore
Turn On System Restore in Windows 10
https://www.thewindowsclub.com/system-restore-disabled-turn-on-system-restore-windows

*******************************************
Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
2018-07-06 23:21 - 2018-07-06 23:21 - 000437120 _____ (Sysinternals - www.sysinternals.com) C:\Users\hometown\AppData\Local\Temp\BAP.exe
2018-07-06 18:07 - 2018-06-08 02:29 - 001946328 _____ (Microsoft Corporation) C:\Users\hometown\AppData\Local\Temp\dllnt_dump.dll
2018-07-06 23:20 - 2018-07-06 23:20 - 000592768 _____ (Sysinternals - www.sysinternals.com) C:\Users\hometown\AppData\Local\Temp\EKLXTWJ.exe
2018-07-06 23:21 - 2018-07-06 23:21 - 000580480 _____ (Sysinternals - www.sysinternals.com) C:\Users\hometown\AppData\Local\Temp\SEITI.exe
2018-07-06 23:20 - 2018-07-06 23:20 - 000494464 _____ (Sysinternals - www.sysinternals.com) C:\Users\hometown\AppData\Local\Temp\VL.exe
2018-07-06 23:21 - 2018-07-06 23:21 - 000461696 _____ (Sysinternals - www.sysinternals.com) C:\Users\hometown\AppData\Local\Temp\YBQJLPCWBJEEM.exe
2018-07-06 23:21 - 2018-07-06 23:21 - 000457600 _____ (Sysinternals - www.sysinternals.com) C:\Users\hometown\AppData\Local\Temp\ZGMG.exe
CustomCLSID: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\hometown\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\hometown\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\hometown\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
Emptytemp:
End::

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Follow the instructions in the thread below to run a scan with MBAR. Don't forget to update the database before launching the scan, and once launched, leave MBAR running and do not touch your computer until it is done scanning.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Once MBAR is done scanning, removing threats and rebooting your computer, go in its MBAR folder, and copy/paste the content of the mbar-log-TODAYS-DATE.txt log in your next reply.

*******************

When you downloaded AdwCleaner, did you allow it to remove what was found?
If AdwCleaner is still on the computer. Please search for and find
C:\AdwCleaner\Logs\AdwCleaner
Can you open and copy and paste the last log so I can see what was found?

When you downloaded Roguekiller did you allow it to remove what it found?
If RogueKiller is still on your computer, Open RogueKiller
Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply

~~~~~~~~~~~~~~~~~~~~~``

Please post
Fixlog.txt
MBAR log
AdwCleaner log
RogueKiller log

nakkan13

2018-07-09, 02:07

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by hometown (08-07-2018 16:31:36) Run:1
Running from C:\Users\hometown\Desktop
Loaded Profiles: hometown (Available Profiles: hometown)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
2018-07-06 23:21 - 2018-07-06 23:21 - 000437120 _____ (Sysinternals - www.sysinternals.com) C:\Users\hometown\AppData\Local\Temp\BAP.exe
2018-07-06 18:07 - 2018-06-08 02:29 - 001946328 _____ (Microsoft Corporation) C:\Users\hometown\AppData\Local\Temp\dllnt_dump.dll
2018-07-06 23:20 - 2018-07-06 23:20 - 000592768 _____ (Sysinternals - www.sysinternals.com) C:\Users\hometown\AppData\Local\Temp\EKLXTWJ.exe
2018-07-06 23:21 - 2018-07-06 23:21 - 000580480 _____ (Sysinternals - www.sysinternals.com) C:\Users\hometown\AppData\Local\Temp\SEITI.exe
2018-07-06 23:20 - 2018-07-06 23:20 - 000494464 _____ (Sysinternals - www.sysinternals.com) C:\Users\hometown\AppData\Local\Temp\VL.exe
2018-07-06 23:21 - 2018-07-06 23:21 - 000461696 _____ (Sysinternals - www.sysinternals.com) C:\Users\hometown\AppData\Local\Temp\YBQJLPCWBJEEM.exe
2018-07-06 23:21 - 2018-07-06 23:21 - 000457600 _____ (Sysinternals - www.sysinternals.com) C:\Users\hometown\AppData\Local\Temp\ZGMG.exe
CustomCLSID: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\hometown\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\hometown\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2251815794-2661967540-3884843598-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\hometown\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Users\hometown\AppData\Local\Temp\BAP.exe => moved successfully
C:\Users\hometown\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\hometown\AppData\Local\Temp\EKLXTWJ.exe => moved successfully
C:\Users\hometown\AppData\Local\Temp\SEITI.exe => moved successfully
C:\Users\hometown\AppData\Local\Temp\VL.exe => moved successfully
C:\Users\hometown\AppData\Local\Temp\YBQJLPCWBJEEM.exe => moved successfully
C:\Users\hometown\AppData\Local\Temp\ZGMG.exe => moved successfully
"HKU\S-1-5-21-2251815794-2661967540-3884843598-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}" => removed successfully
"HKU\S-1-5-21-2251815794-2661967540-3884843598-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}" => removed successfully
"HKU\S-1-5-21-2251815794-2661967540-3884843598-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7" => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found

=========== EmptyTemp: ==========

BITS transfer queue => 6578176 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9464196 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 725820 B
Edge => 28277617 B
Chrome => 11794198 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 16224 B
LocalService => 0 B
NetworkService => 12196 B
NetworkService => 0 B
hometown => 205573559 B

RecycleBin => 0 B
EmptyTemp: => 250.3 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 16:31:53 ====

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
main: v2018.07.08.05
rootkit: v2018.07.08.05

Windows 10 x64 NTFS
Internet Explorer 11.112.17134.0
hometown :: DESKTOP-VTV5VMP [administrator]

7/8/2018 4:45:36 PM
mbar-log-2018-07-08 (16-45-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 175958
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

I thought I downloaded and followed the Malwarebytes correctly. But this only took 4 mins or so to run. Please let me know if I didn't do something properly.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.1.0
# -------------------------------
# Build: 06-26-2018
# Database: 2018-06-19.4
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-07-2018
# Duration: 00:00:00
# OS: Windows 10 Pro
# Cleaned: 1
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1280 octets] - [07/07/2018 16:09:19]
AdwCleaner[C00].txt - [1428 octets] - [07/07/2018 16:18:06]
AdwCleaner[S01].txt - [1365 octets] - [07/07/2018 16:21:50]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

this is the first attempt at RogueKiller.

RogueKiller V12.12.25.0 (x64) [Jul 2 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : hometown [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 07/06/2018 18:08:48 (Duration : 00:16:43)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZFLV512HCJH-000MV +++++
--- User ---
[MBR] 53ad2633df99101b40d836de8804a4b4
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 499 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1024000 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1228800 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1261568 | Size: 487770 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Verbatim STORE N GO USB Device +++++
--- User ---
[MBR] fa77327c897c176e44bbb7b062032c39
[BSP] 1ae67499280aed26a8c5bb598dbda7c9 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 3520 | Size: 7453 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

This is the second attempt

RogueKiller V12.12.25.0 (x64) [Jul 2 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : hometown [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 07/07/2018 11:14:05 (Duration : 00:16:59)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZFLV512HCJH-000MV +++++
--- User ---
[MBR] 53ad2633df99101b40d836de8804a4b4
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 499 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1024000 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1228800 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1261568 | Size: 487770 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

Juliet

2018-07-09, 11:20

Your original statement

persistant malware, trojans, registry keys
is this continuing?

http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

created by Aura

nakkan13

2018-07-09, 13:33

There was nothing in quarantined by the program. My computer does seem to be running better but still concerned about it repropagating it self into my system. As long as the registry code shows up I think I will have some kind of an infection.

HKEY_USERS\S-1-5-21-2251815794-2661967540-3884843598-1001\

I am attaching SpyBot logs.

Search results from Spybot - Search & Destroy

7/9/2018 4:08:08 AM
Scan took 00:18:20.
7 items found.

MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2251815794-2661967540-3884843598-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2251815794-2661967540-3884843598-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

Cache: [SBI $BCACHE00] Browser: Cache (1) (Browser: Cache, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

History: [SBI $BHISTORY] Browser: History (5) (Browser: History, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

Cookie: [SBI $BCOOKIES] Browser: Cookie (34) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

Cache: [SBI $BCACHE00] Browser: Cache (626) (Browser: Cache, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

History: [SBI $BHISTORY] Browser: History (106) (Browser: History, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

--- Spybot - Search & Destroy version: 2.7.64.131 DLL (build: 20180214) ---

2018-04-20 blindman.exe (2.7.64.152)
2018-04-20 explorer.exe (2.7.64.191)
2018-02-06 SDBootCD.exe (2.7.64.109)
2018-04-20 SDCleaner.exe (2.7.64.110)
2018-04-20 SDDelFile.exe (2.7.64.94)
2018-04-20 SDFiles.exe (2.7.64.137)
2018-04-20 SDFileScanHelper.exe (2.7.64.7)
2018-04-20 SDFSSvc.exe (2.7.64.219)
2018-04-20 SDHelp.exe (2.7.64.1)
2018-02-06 SDHookHelper.exe (2.7.64.2)
2018-02-06 SDHookInst32.exe (2.7.64.2)
2018-02-06 SDHookInst64.exe (2.7.64.2)
2018-04-20 SDImmunize.exe (2.7.64.133)
2018-04-20 SDLogReport.exe (2.7.64.107)
2018-04-20 SDOnAccess.exe (2.7.64.12)
2018-04-20 SDPESetup.exe (2.7.64.3)
2018-04-20 SDPEStart.exe (2.7.64.86)
2018-04-20 SDPhoneScan.exe (2.7.64.29)
2018-04-20 SDPRE.exe (2.7.64.22)
2018-02-06 SDPrepPos.exe (2.7.64.15)
2018-04-20 SDQuarantine.exe (2.7.64.103)
2018-02-06 SDRootAlyzer.exe (2.7.64.116)
2018-02-06 SDSBIEdit.exe (2.7.64.39)
2018-04-20 SDScan.exe (2.7.64.191)
2018-02-06 SDScript.exe (2.7.64.54)
2018-04-20 SDSettings.exe (2.7.64.139)
2018-04-20 SDShell.exe (2.7.64.2)
2018-02-06 SDShred.exe (2.7.64.108)
2018-02-06 SDSysRepair.exe (2.7.64.102)
2018-02-06 SDTools.exe (2.7.64.157)
2018-04-20 SDTray.exe (2.7.64.129)
2018-04-20 SDUpdate.exe (2.7.64.98)
2018-04-20 SDUpdSvc.exe (2.7.64.82)
2018-04-20 SDWelcome.exe (2.7.64.131)
2018-02-06 SDWSCSvc.exe (2.7.64.3)
2018-07-06 unins000.exe (51.1052.0.0)
2017-11-28 xcacls.exe
2017-11-28 borlndmm.dll (10.0.2288.42451)
2018-01-29 DelZip190.dll (1.9.0.119)
2018-01-29 DelZip192.dll (1.9.2.136)
2018-01-29 libeay32.dll (1.0.2.14)
2017-11-28 libssl32.dll (1.0.0.4)
2018-02-06 NotificationSpreader.dll (2.7.64.4)
2018-04-20 SDAdvancedCheckLibrary.dll (2.7.64.98)
2018-04-20 SDAV.dll (2.4.40.7)
2018-02-06 SDECon32.dll (2.7.64.114)
2018-03-23 SDECon64.dll (2.7.64.113)
2018-02-06 SDEvents.dll (2.7.64.2)
2018-04-20 SDFileScanLibrary.dll (2.7.64.24)
2018-02-06 SDHook32.dll (2.7.64.2)
2018-02-06 SDHook64.dll (2.7.64.2)
2018-04-20 SDImmunizeLibrary.dll (2.7.64.3)
2018-04-20 SDLicense.dll (2.7.64.3)
2018-04-20 SDLists.dll (2.7.64.8)
2018-02-06 SDResources.dll (2.7.64.7)
2018-04-20 SDScanLibrary.dll (2.7.64.131)
2018-04-20 SDTasks.dll (2.7.64.15)
2018-02-06 SDWinLogon.dll (2.7.64.0)
2018-01-29 sqlite3.dll (3.22.0.0)
2018-01-29 ssleay32.dll (1.0.2.14)
2018-02-06 Tools.dll (2.7.64.36)
2018-02-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2018-07-04 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2017-11-28 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2018-06-20 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2017-01-30 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2016-07-06 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2018-04-04 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2018-05-30 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2018-04-12 Includes\Malware-002.sbi (*)
2016-11-07 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2018-05-23 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2018-05-02 Includes\PUPS-000.sbi (*)
2018-05-02 Includes\PUPS-001.sbi (*)
2018-05-02 Includes\PUPS-002.sbi (*)
2018-05-02 Includes\PUPS-003.sbi (*)
2018-05-02 Includes\PUPS-004.sbi (*)
2018-07-04 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2017-09-27 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2018-06-20 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2017-06-28 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2017-10-25 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2017-12-01 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2018-06-21 Includes\Trojans-009.sbi (*)
2018-06-21 Includes\Trojans-010.sbi (*)
2018-07-04 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

[i] 18-07-09 04:09:57
[i] 18-07-09 04:09:57 Product MS Regedit
[+] 18-07-09 04:09:57 Moving into quarantine HKEY_USERS\S-1-5-21-2251815794-2661967540-3884843598-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
[+] 18-07-09 04:09:57 Successfully cleaned HKEY_USERS\S-1-5-21-2251815794-2661967540-3884843598-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
[i] 18-07-09 04:09:57
[i] 18-07-09 04:09:57 Product Windows Explorer
[+] 18-07-09 04:09:57 Moving into quarantine HKEY_USERS\S-1-5-21-2251815794-2661967540-3884843598-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[+] 18-07-09 04:09:57 Successfully cleaned HKEY_USERS\S-1-5-21-2251815794-2661967540-3884843598-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[i] 18-07-09 04:09:57
[i] 18-07-09 04:09:57 Product Cache
[+] 18-07-09 04:09:57 Moving into quarantine Internet Explorer (User) (hometown)Cache
[+] 18-07-09 04:09:57 Moving into quarantine Google Chrome (Default)Cache
[+] 18-07-09 04:09:58 Successfully cleaned Internet Explorer (User) (hometown)Cache
[+] 18-07-09 04:09:58 Successfully cleaned Google Chrome (Default)Cache
[i] 18-07-09 04:09:58
[i] 18-07-09 04:09:58 Product History
[+] 18-07-09 04:09:58 Moving into quarantine Internet Explorer (User) (hometown)History
[+] 18-07-09 04:09:58 Moving into quarantine Google Chrome (Default)History
[+] 18-07-09 04:09:58 Successfully cleaned Internet Explorer (User) (hometown)History
[+] 18-07-09 04:09:58 Successfully cleaned Google Chrome (Default)History
[i] 18-07-09 04:09:58
[i] 18-07-09 04:09:58 Product Cookie
[+] 18-07-09 04:09:58 Moving into quarantine Google Chrome (Default)Cookies
[+] 18-07-09 04:09:58 Successfully cleaned Google Chrome (Default)Cookies
[i] 18-07-09 04:09:58
[i] 18-07-09 04:09:58 Summary
[i] 18-07-09 04:09:58 Errors while cleaning 0
[i] 18-07-09 04:09:58 Files moved into quarantine 7
[i] 18-07-09 04:09:58 Files successfully cleaned 7

Juliet

2018-07-09, 13:58

This isn't malware but rather files showing you how you use your computer and the data it used and created. This is normal.

Browsers: Cookie :History : RecentDocuments used

browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing.

https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Delete and manage cookies

Regedit normally remembers the last registry key location, so that next time you open it, it takes you straight to the last viewed registry key

CCleaner gets rid of the last registry key location

Clean Out Temp Files
This small application you may want to keep and use once a week to keep the computer clean.

Download CCleaner from here (http://www.bleepingcomputer.com/download/ccleaner/)
Run the installer to install the application.
When it gives you the option to install Yahoo toolbar uncheck the box next to it.
(make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
Click Run Cleaner.
Close CCleaner.

nakkan13

2018-07-09, 19:30

Do I need to clean the registry as well?

So I don't need to be concerned about this
HKEY_USERS\S-1-5-21-2251815794-2661967540-3884843598-1001\

Are there any other next steps to take?

Juliet

2018-07-09, 21:37

what you are seeing is called a Security Identifier (commonly abbreviated SID) is a unique, immutable identifier of a user, user group, or other security principal

We don't recommend registry cleaners.
No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix.
If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you.
Our colleague miekiemoes has an excellent writeup here
http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

***********

I think we're ready to remove tools and quarantine folders.

DelFix

Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

**********************

nakkan13

2018-07-10, 06:12

Juliet

2018-07-10, 13:29

I will do that but this windows photo process has me concerned.

I am probably wrong but the security permissions don't make sense to me and was one of the first things I noticed after I removed the initial infection.
Please let me know your thoughts and I will then run delfix.
I also have one maybe two other computers that have some version of what ever I am infected with. Please let me know what I need to do to start work on those.

Thank you so much for your time and effort.
If your question is related to account-unknown, all is safe

https://www.tenforums.com/user-accounts-family-safety/65714-account-unknown-has-full-security-permissions-my-own-user-huh.html

You will see "Account Unknown" for an account that is not currently available. This could be from an account you deleted that had permissions, or from an account on another computer that is not connected."Account Unknown" is not an actual user account, but only a marker for an account that has either been deleted or not currently available/connected. It basically is saying that the long SID number is no longer associated with an account, thus "Account Unknown".

Removing "Account Unknown" from permissions will only affect the account it was for. If that account has been deleted, then there's nothing to worry about.
Either way, it's safe to remove any listed "Account Unknown" entries in permissions if you are sure it's for an account that will no longer need permissions for the item.

~~

For the Photo App, I'm seeing it has full permissions or is the App not working like it's designed to do?
What I've found researching are mostly errors related that the tool/app isn't working or it's throwing out errors?

In the below link are instructions on how to reset the Photos app
https://answers.microsoft.com/en-us/windows/forum/windows_10-performance/windows-10-microsoftphotosexe-stopped-responding/3233cb0b-891e-45a1-b0e6-bc09ad9973f6

The app might be corrupt.

If its the Photos app, try resetting it.
Open Start > Settings > Apps > Apps & features
Scroll down to Photos
Select it
Click Advanced options
Click Reset

Restart
Check the Store for updates

~~
If you have another computer you think might be infected we can check for that here, let me know how you want to move forward.

nakkan13

2018-07-11, 05:25

Awesome I will get back to you in the next day or two. Again thank you for your time and knowledge.

Juliet

2018-07-11, 12:16

Your welcome

nakkan13

2018-07-15, 07:33

I am going to post my fathers computer information here. Please let me know if I need to post a new thread. I don't have any great reason to think that his is infected but I noticed some things and thought it is better to be safe then sorry.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by tom work (administrator) on DESKTOP-RSNIP8M (14-07-2018 06:06:47)
Running from C:\Users\tom work\Desktop
Loaded Profiles: tom work (Available Profiles: defaultuser0 & tom work)
Platform: Windows 10 Pro Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\64gh4811.inf_amd64_f02d96a3e7a6ed57\IntelCpHDCPSvc.exe
() C:\Program Files\Samsung\Samsung Cloud Print PC Agent\SCP_Svc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\SurfaceUsbHubFwUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\SurfaceDtxService.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\64gh4811.inf_amd64_f02d96a3e7a6ed57\IntelCpHeciSvc.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
() C:\Windows\System32\SurfaceDTX.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Microsoft Corporation) C:\Windows\System32\SurfaceService.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [SurfaceDTX.exe] => C:\WINDOWS\System32\SurfaceDTX.exe [804744 2017-11-01] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4144944 2013-02-14] (ESET)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [SonicWALLNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1103744 2010-06-22] (SonicWALL Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3754168 2018-07-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-701103343-2950859752-96661517-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [9013136 2018-06-27] (Binary Fortress Software)
HKU\S-1-5-21-701103343-2950859752-96661517-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{37756cbc-2cc6-4995-9664-108f6eac8636}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8ad18e8b-0d65-45f8-b17b-da9b4b859198}: [DhcpNameServer] 192.168.100.39

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-13] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-27] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: tomkalinski100@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Extension: (ESET Endpoint Security Extension) - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2017-07-23] [Legacy] [not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\tom work\AppData\Local\Google\Chrome\User Data\Default [2018-07-14]
CHR Extension: (Slides) - C:\Users\tom work\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-21]
CHR Extension: (Docs) - C:\Users\tom work\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-21]
CHR Extension: (Google Drive) - C:\Users\tom work\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-21]
CHR Extension: (YouTube) - C:\Users\tom work\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-21]
CHR Extension: (Sheets) - C:\Users\tom work\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\tom work\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tom work\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (Gmail) - C:\Users\tom work\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-21]
CHR Extension: (Chrome Media Router) - C:\Users\tom work\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-06-30] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-23] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-23] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51392 2018-07-12] (Dropbox, Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5598624 2018-06-27] (Binary Fortress Software)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [40888 2013-02-14] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1020304 2013-02-14] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [190208 2013-02-14] (ESET)
R2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [161880 2017-10-03] (Intel)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [931640 2012-01-05] (Trusteer Ltd.)
R2 SamsungCloudPrintSvc; C:\Program Files\Samsung\Samsung Cloud Print PC Agent\SCP_Svc.exe [966056 2017-02-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [498560 2010-06-22] (SonicWALL Inc.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SurfaceDtxService; C:\WINDOWS\system32\SurfaceDtxService.exe [91016 2017-11-01] (Microsoft Corporation)
R2 SurfaceUsbHubFwUpdateService; C:\WINDOWS\System32\SurfaceUsbHubFwUpdateService.exe [951056 2017-02-09] (Microsoft Corporation)
R2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [218160 2012-04-16] (Novatel Wireless Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-11] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [217000 2013-02-04] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [183016 2013-04-09] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [153200 2013-02-04] (ESET)
R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [141304 2013-02-04] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes)
R3 iactrllogic; C:\WINDOWS\System32\drivers\iactrllogic64.sys [191880 2017-10-11] (Intel(R) Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-07-03] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112872 2018-07-14] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-07-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-07-14] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103656 2018-07-14] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmso.inf_amd64_b89aa41766002e30\nvlddmkm.sys [16925296 2017-10-31] (NVIDIA Corporation)
S1 RapportCerberus_43926; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2017-07-23] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2012-01-05] (Trusteer Ltd.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [63760 2012-01-05] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2012-01-05] (Trusteer Ltd.)
S3 SurfaceBaseIntegration; C:\WINDOWS\System32\drivers\SurfaceBaseIntegration.sys [59448 2015-09-23] (Microsoft Corporation)
R0 SurfaceUsbHubFwUpdate; C:\WINDOWS\System32\drivers\SurfaceUsbHubFwUpdate.sys [80144 2017-02-09] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-14 06:06 - 2018-07-14 06:07 - 000017635 _____ C:\Users\tom work\Desktop\FRST.txt
2018-07-14 06:06 - 2018-07-14 06:06 - 000000000 ____D C:\FRST
2018-07-14 06:05 - 2018-07-14 06:05 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-RSNIP8M-Windows-10-Pro-(64-bit).dat
2018-07-14 06:05 - 2018-07-14 06:05 - 000000000 ____D C:\RegBackup
2018-07-14 06:04 - 2018-07-14 06:04 - 000003788 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2018-07-14 06:04 - 2018-07-14 06:04 - 000002238 _____ C:\Users\tom work\Desktop\Tweaking.com - Windows Repair.lnk
2018-07-14 06:04 - 2018-07-14 06:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-07-14 06:04 - 2018-07-14 06:04 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-07-14 06:03 - 2018-07-14 06:04 - 000194348 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2018-07-14 05:46 - 2018-07-14 05:47 - 005198336 _____ (AVAST Software) C:\Users\tom work\Desktop\aswMBR.exe
2018-07-14 05:36 - 2018-07-14 05:36 - 002412544 _____ (Farbar) C:\Users\tom work\Desktop\FRST64.exe
2018-07-14 05:34 - 2018-07-14 05:34 - 038186512 _____ (Tweaking.com) C:\Users\tom work\Desktop\tweaking.com_windows_repair_aio_setup.exe
2018-07-14 01:55 - 2018-07-14 03:33 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-07-14 01:55 - 2018-07-14 02:26 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-07-14 01:55 - 2018-07-14 01:55 - 000001466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-07-14 01:55 - 2018-07-14 01:55 - 000001454 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-07-14 01:55 - 2018-07-14 01:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-07-14 01:55 - 2018-07-14 01:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-07-14 01:55 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2018-07-14 01:53 - 2018-07-14 01:53 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\tom work\Downloads\spybotsd-2.7.64.0.exe
2018-07-13 14:32 - 2018-07-13 14:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-13 14:32 - 2018-07-13 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-13 13:26 - 2018-07-13 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-07-12 20:01 - 2018-07-12 20:01 - 000051392 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-07-12 20:01 - 2018-07-12 20:01 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-07-12 20:01 - 2018-07-12 20:01 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-07-12 20:01 - 2018-07-12 20:01 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-07-11 13:41 - 2018-07-11 13:41 - 001171034 _____ C:\Users\tom work\Downloads\LDSHARP1F2@GuarantyBankCo.com_20180711_094938.pdf
2018-07-11 13:41 - 2018-07-11 13:41 - 001171034 _____ C:\Users\tom work\Downloads\LDSHARP1F2@GuarantyBankCo.com_20180711_094938 (1).pdf
2018-07-11 11:51 - 2018-07-11 11:51 - 000000000 ____D C:\ProgramData\Packages
2018-07-11 11:50 - 2018-07-11 11:50 - 033439584 _____ (Microsoft) C:\Users\tom work\Downloads\SurfaceDiagnosticToolkit_SA.exe
2018-07-11 11:45 - 2018-07-11 11:45 - 035282944 _____ C:\Users\tom work\Downloads\Surface_Dock_Updater_v2.12.136.0.msi
2018-07-11 10:45 - 2018-07-11 10:45 - 000299917 _____ C:\Users\tom work\Downloads\FedEx Label.pdf
2018-07-11 10:44 - 2018-07-11 10:44 - 003258690 _____ C:\Users\tom work\Downloads\Loan Documents.pdf
2018-07-10 12:48 - 2018-07-12 15:16 - 000000000 ____D C:\Users\tom work\Desktop\LOANS
2018-07-10 11:28 - 2018-07-06 08:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-10 11:28 - 2018-07-06 08:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-10 11:28 - 2018-07-06 08:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-10 11:28 - 2018-07-06 08:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-10 11:28 - 2018-07-06 08:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-10 11:28 - 2018-07-06 08:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-10 11:28 - 2018-07-06 08:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-10 11:28 - 2018-07-06 08:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-10 11:28 - 2018-07-06 08:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-10 11:28 - 2018-07-06 08:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-10 11:28 - 2018-07-06 08:15 - 002266520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-07-10 11:28 - 2018-07-06 08:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-10 11:28 - 2018-07-06 07:56 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-10 11:28 - 2018-07-06 07:53 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2018-07-10 11:28 - 2018-07-06 07:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-10 11:28 - 2018-07-06 07:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-10 11:28 - 2018-07-06 07:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-10 11:28 - 2018-07-06 07:52 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-10 11:28 - 2018-07-06 07:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-10 11:28 - 2018-07-06 07:51 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-10 11:28 - 2018-07-06 07:51 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-10 11:28 - 2018-07-06 07:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-10 11:28 - 2018-07-06 07:51 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-10 11:28 - 2018-07-06 07:51 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-10 11:28 - 2018-07-06 07:50 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-10 11:28 - 2018-07-06 07:49 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-10 11:28 - 2018-07-06 06:12 - 001539000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-07-10 11:28 - 2018-07-06 06:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-10 11:28 - 2018-07-06 05:54 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-10 11:28 - 2018-07-06 05:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-10 11:28 - 2018-07-06 05:53 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-10 11:28 - 2018-07-06 05:53 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2018-07-10 11:28 - 2018-07-06 05:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-10 11:28 - 2018-07-06 05:52 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-10 11:28 - 2018-07-06 05:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-10 11:28 - 2018-07-06 05:52 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-10 11:28 - 2018-07-06 05:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-10 11:28 - 2018-07-06 05:51 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-10 11:28 - 2018-07-06 05:26 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-10 11:28 - 2018-07-06 05:25 - 023863296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-10 11:28 - 2018-07-06 05:01 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-10 11:28 - 2018-07-06 01:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-10 11:28 - 2018-07-06 01:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-10 11:28 - 2018-07-06 01:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-10 11:28 - 2018-07-06 01:29 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-10 11:28 - 2018-07-06 01:29 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-10 11:28 - 2018-07-06 01:27 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-10 11:28 - 2018-07-06 01:27 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-10 11:28 - 2018-07-06 01:27 - 001012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-10 11:28 - 2018-07-06 01:27 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-10 11:28 - 2018-07-06 01:27 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-10 11:28 - 2018-07-06 01:27 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-10 11:28 - 2018-07-06 01:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-10 11:28 - 2018-07-06 01:26 - 002712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-10 11:28 - 2018-07-06 01:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-10 11:28 - 2018-07-06 01:26 - 000930720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-10 11:28 - 2018-07-06 01:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-10 11:28 - 2018-07-06 01:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-10 11:28 - 2018-07-06 01:25 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-10 11:28 - 2018-07-06 01:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-10 11:28 - 2018-07-06 01:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-10 11:28 - 2018-07-06 01:25 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-10 11:28 - 2018-07-06 01:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-10 11:28 - 2018-07-06 01:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-10 11:28 - 2018-07-06 01:25 - 001018616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-10 11:28 - 2018-07-06 01:25 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-10 11:28 - 2018-07-06 01:25 - 000483048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-10 11:28 - 2018-07-06 01:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-10 11:28 - 2018-07-06 01:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-10 11:28 - 2018-07-06 01:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-10 11:28 - 2018-07-06 01:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-10 11:28 - 2018-07-06 01:16 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-10 11:28 - 2018-07-06 01:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-10 11:28 - 2018-07-06 01:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-10 11:28 - 2018-07-06 01:14 - 001175568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-10 11:28 - 2018-07-06 01:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-10 11:28 - 2018-07-06 01:14 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-10 11:28 - 2018-07-06 01:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-10 11:28 - 2018-07-06 01:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-10 11:28 - 2018-07-06 01:10 - 025845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-10 11:28 - 2018-07-06 01:07 - 022006272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-10 11:28 - 2018-07-06 01:04 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-10 11:28 - 2018-07-06 01:03 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-10 11:28 - 2018-07-06 01:02 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-10 11:28 - 2018-07-06 01:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-10 11:28 - 2018-07-06 01:01 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-10 11:28 - 2018-07-06 01:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-10 11:28 - 2018-07-06 01:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-10 11:28 - 2018-07-06 01:00 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-10 11:28 - 2018-07-06 01:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-10 11:28 - 2018-07-06 01:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-10 11:28 - 2018-07-06 01:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-10 11:28 - 2018-07-06 01:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-10 11:28 - 2018-07-06 01:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-10 11:28 - 2018-07-06 01:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-10 11:28 - 2018-07-06 00:59 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-10 11:28 - 2018-07-06 00:59 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-10 11:28 - 2018-07-06 00:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-10 11:28 - 2018-07-06 00:59 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-10 11:28 - 2018-07-06 00:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-10 11:28 - 2018-07-06 00:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-10 11:28 - 2018-07-06 00:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-10 11:28 - 2018-07-06 00:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-10 11:28 - 2018-07-06 00:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-10 11:28 - 2018-07-06 00:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-10 11:28 - 2018-07-06 00:58 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-10 11:28 - 2018-07-06 00:58 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-10 11:28 - 2018-07-06 00:58 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-10 11:28 - 2018-07-06 00:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-10 11:28 - 2018-07-06 00:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-10 11:28 - 2018-07-06 00:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-10 11:28 - 2018-07-06 00:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-10 11:28 - 2018-07-06 00:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-10 11:28 - 2018-07-06 00:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-10 11:28 - 2018-07-06 00:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-10 11:28 - 2018-07-06 00:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-10 11:28 - 2018-07-06 00:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-10 11:28 - 2018-07-06 00:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-10 11:28 - 2018-07-06 00:57 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-10 11:28 - 2018-07-06 00:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-10 11:28 - 2018-07-06 00:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-10 11:28 - 2018-07-06 00:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-10 11:28 - 2018-07-06 00:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-10 11:28 - 2018-07-06 00:57 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-10 11:28 - 2018-07-06 00:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-10 11:28 - 2018-07-06 00:57 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-10 11:28 - 2018-07-06 00:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-10 11:28 - 2018-07-06 00:57 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-10 11:28 - 2018-07-06 00:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-07-10 11:28 - 2018-07-06 00:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-10 11:28 - 2018-07-06 00:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-10 11:28 - 2018-07-06 00:55 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-10 11:28 - 2018-07-06 00:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-10 11:28 - 2018-07-06 00:55 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-10 11:28 - 2018-07-06 00:55 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-10 11:28 - 2018-07-06 00:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-10 11:28 - 2018-07-06 00:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-10 11:28 - 2018-07-06 00:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-10 11:28 - 2018-07-06 00:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-10 11:28 - 2018-07-06 00:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-10 11:28 - 2018-07-06 00:54 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-10 11:28 - 2018-07-06 00:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-10 11:28 - 2018-07-06 00:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-10 11:28 - 2018-07-06 00:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-10 11:28 - 2018-07-06 00:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-10 11:28 - 2018-07-06 00:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-10 11:28 - 2018-07-06 00:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-10 11:28 - 2018-07-06 00:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-10 11:28 - 2018-07-06 00:54 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-10 11:28 - 2018-07-06 00:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-10 11:28 - 2018-07-06 00:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-10 11:28 - 2018-07-06 00:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-10 11:28 - 2018-07-06 00:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-10 11:28 - 2018-07-06 00:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-10 11:28 - 2018-07-06 00:53 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-10 11:28 - 2018-07-06 00:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-10 11:28 - 2018-07-06 00:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-10 11:28 - 2018-07-06 00:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-10 11:28 - 2018-07-05 23:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-10 11:28 - 2018-06-28 22:16 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-09 16:46 - 2018-07-09 16:46 - 000061664 _____ C:\Users\tom work\Desktop\SKM_C654e18070916500.pdf
2018-07-06 15:18 - 2018-07-06 15:18 - 000011721 _____ C:\Users\tom work\Desktop\property update july 2018.xlsx
2018-07-04 20:07 - 2018-07-04 20:07 - 000098127 _____ C:\Users\tom work\Desktop\bookmarks_7_4_18.html
2018-07-03 13:19 - 2018-07-03 13:19 - 000001528 _____ C:\Users\tom work\Documents\cc_20180703_131901.reg
2018-07-03 11:40 - 2018-07-03 11:40 - 000004820 _____ C:\Users\tom work\Documents\cc_20180703_114031.reg
2018-07-03 11:39 - 2018-07-03 11:39 - 000093432 _____ C:\Users\tom work\Documents\cc_20180703_113943.reg
2018-07-03 11:37 - 2018-07-14 00:52 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-07-03 11:37 - 2018-07-03 11:37 - 000002876 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-07-03 11:37 - 2018-07-03 11:37 - 000000873 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-07-03 11:37 - 2018-07-03 11:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-07-03 11:37 - 2018-07-03 11:37 - 000000000 ____D C:\Program Files\CCleaner
2018-07-03 11:36 - 2018-07-03 11:36 - 015989160 _____ (Piriform Ltd) C:\Users\tom work\Downloads\ccsetup544 (1).exe
2018-07-03 11:35 - 2018-07-03 11:35 - 015989160 _____ (Piriform Ltd) C:\Users\tom work\Downloads\ccsetup544.exe
2018-07-03 11:31 - 2018-07-14 02:26 - 000112872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-07-03 11:31 - 2018-07-14 02:26 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-07-03 11:31 - 2018-07-03 11:31 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-07-03 11:31 - 2018-07-03 11:31 - 000001922 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-03 11:31 - 2018-07-03 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-03 11:31 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-03 11:30 - 2018-07-03 11:30 - 072932496 _____ (Malwarebytes ) C:\Users\tom work\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5727 (1).exe
2018-07-03 11:30 - 2018-07-03 11:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-03 11:29 - 2018-07-03 11:29 - 072932496 _____ (Malwarebytes ) C:\Users\tom work\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5727.exe
2018-07-03 11:28 - 2018-07-03 12:08 - 000000000 ____D C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0005_cc2987a39fd52bc3
2018-07-03 11:27 - 2018-07-03 11:28 - 000000000 ____D C:\Users\tom work\AppData\Local\Deployment
2018-07-03 11:27 - 2018-07-03 11:27 - 000085272 _____ C:\Users\tom work\Downloads\Live_Consulting_Remote_Support.Client.exe
2018-07-03 11:27 - 2018-07-03 11:27 - 000000000 ____D C:\Users\tom work\AppData\Local\Apps\2.0
2018-06-30 12:43 - 2018-06-30 12:43 - 009156728 _____ (ESET, spol. s r.o.) C:\Users\tom work\Downloads\eset_sysrescue_live_creator_enu.exe
2018-06-30 12:18 - 2018-06-15 11:55 - 000542888 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-06-30 12:18 - 2018-06-15 11:53 - 000348256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-06-30 12:18 - 2018-06-15 11:53 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-30 12:18 - 2018-06-15 11:50 - 001376576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-06-30 12:18 - 2018-06-15 11:49 - 021388856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-30 12:18 - 2018-06-15 11:48 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-06-30 12:18 - 2018-06-15 11:48 - 000338352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-06-30 12:18 - 2018-06-15 11:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-06-30 12:18 - 2018-06-15 11:34 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-06-30 12:18 - 2018-06-15 11:34 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-06-30 12:18 - 2018-06-15 11:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-06-30 12:18 - 2018-06-15 11:33 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-30 12:18 - 2018-06-15 11:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-06-30 12:18 - 2018-06-15 11:33 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2018-06-30 12:18 - 2018-06-15 11:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-06-30 12:18 - 2018-06-15 11:32 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2018-06-30 12:18 - 2018-06-15 11:32 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2018-06-30 12:18 - 2018-06-15 11:32 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-06-30 12:18 - 2018-06-15 11:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-06-30 12:18 - 2018-06-15 11:31 - 002193920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2018-06-30 12:18 - 2018-06-15 11:31 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-30 12:18 - 2018-06-15 11:31 - 000907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-06-30 12:18 - 2018-06-15 11:31 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-06-30 12:18 - 2018-06-15 11:30 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-06-30 12:18 - 2018-06-15 11:30 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-06-30 12:18 - 2018-06-15 11:30 - 001186816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2018-06-30 12:18 - 2018-06-15 11:30 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2018-06-30 12:18 - 2018-06-15 11:30 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-06-30 12:18 - 2018-06-15 11:30 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-06-30 12:18 - 2018-06-15 11:30 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-06-30 12:18 - 2018-06-15 11:30 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-06-30 12:18 - 2018-06-15 11:29 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-30 12:18 - 2018-06-15 11:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-06-30 12:18 - 2018-06-15 11:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-30 12:18 - 2018-06-15 11:29 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-06-30 12:18 - 2018-06-15 11:29 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-06-30 12:18 - 2018-06-15 11:29 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-06-30 12:18 - 2018-06-15 11:28 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-06-30 12:18 - 2018-06-15 11:28 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-06-30 12:18 - 2018-06-15 11:03 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAppMonitor.exe
2018-06-30 12:18 - 2018-06-15 11:00 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppCore.dll
2018-06-30 12:18 - 2018-06-15 09:25 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-30 12:18 - 2018-06-15 09:22 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-06-30 12:18 - 2018-06-15 09:16 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-06-30 12:18 - 2018-06-15 09:07 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-30 12:18 - 2018-06-15 09:06 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-06-30 12:18 - 2018-06-15 09:06 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2018-06-30 12:18 - 2018-06-15 09:04 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2018-06-30 12:18 - 2018-06-15 09:04 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-06-30 12:18 - 2018-06-15 09:03 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2018-06-30 12:18 - 2018-06-15 09:03 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-30 12:18 - 2018-06-15 09:02 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-06-30 12:18 - 2018-06-15 09:01 - 002015744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-30 12:18 - 2018-06-15 09:01 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2018-06-30 12:18 - 2018-06-15 07:23 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-30 12:18 - 2018-06-15 01:11 - 000611232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-06-30 12:18 - 2018-06-15 01:10 - 000048544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-06-30 12:18 - 2018-06-15 01:03 - 000083360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-06-30 12:18 - 2018-06-14 23:21 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-06-30 12:18 - 2018-06-14 23:21 - 000761440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-06-30 12:18 - 2018-06-14 23:19 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-30 12:18 - 2018-06-14 23:19 - 000116632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-06-30 12:18 - 2018-06-14 23:19 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-06-30 12:18 - 2018-06-14 23:18 - 000228768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-06-30 12:18 - 2018-06-14 23:16 - 000562080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-06-30 12:18 - 2018-06-14 23:16 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-06-30 12:18 - 2018-06-14 23:15 - 002563960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-30 12:18 - 2018-06-14 23:15 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-06-30 12:18 - 2018-06-14 23:13 - 000510904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-06-30 12:18 - 2018-06-14 23:13 - 000324000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-06-30 12:18 - 2018-06-14 23:12 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-30 12:18 - 2018-06-14 23:12 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-06-30 12:18 - 2018-06-14 23:12 - 000491304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-30 12:18 - 2018-06-14 23:12 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-30 12:18 - 2018-06-14 23:12 - 000118872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-06-30 12:18 - 2018-06-14 23:11 - 006817872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-30 12:18 - 2018-06-14 23:10 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-06-30 12:18 - 2018-06-14 23:10 - 001097640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-30 12:18 - 2018-06-14 23:10 - 000717208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-06-30 12:18 - 2018-06-14 23:10 - 000326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-06-30 12:18 - 2018-06-14 23:09 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-30 12:18 - 2018-06-14 23:09 - 002830240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-30 12:18 - 2018-06-14 23:09 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-30 12:18 - 2018-06-14 23:09 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-30 12:18 - 2018-06-14 23:09 - 001742272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-06-30 12:18 - 2018-06-14 23:09 - 001659296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-06-30 12:18 - 2018-06-14 23:09 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-30 12:18 - 2018-06-14 23:09 - 001112600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-06-30 12:18 - 2018-06-14 23:09 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-06-30 12:18 - 2018-06-14 23:09 - 000247984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-06-30 12:18 - 2018-06-14 23:08 - 004403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-30 12:18 - 2018-06-14 23:08 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-30 12:18 - 2018-06-14 23:08 - 002062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-06-30 12:18 - 2018-06-14 23:08 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-30 12:18 - 2018-06-14 23:08 - 001921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-30 12:18 - 2018-06-14 23:08 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-06-30 12:18 - 2018-06-14 23:08 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-30 12:18 - 2018-06-14 23:08 - 001288840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-30 12:18 - 2018-06-14 23:08 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-30 12:18 - 2018-06-14 23:08 - 001150408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-06-30 12:18 - 2018-06-14 23:08 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-30 12:18 - 2018-06-14 23:08 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-30 12:18 - 2018-06-14 23:08 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-30 12:18 - 2018-06-14 23:08 - 000898760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-06-30 12:18 - 2018-06-14 23:08 - 000642088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-06-30 12:18 - 2018-06-14 23:08 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-06-30 12:18 - 2018-06-14 23:08 - 000500552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-06-30 12:18 - 2018-06-14 23:08 - 000413816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-06-30 12:18 - 2018-06-14 23:08 - 000072768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-06-30 12:18 - 2018-06-14 23:07 - 001611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-06-30 12:18 - 2018-06-14 23:07 - 001145696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-06-30 12:18 - 2018-06-14 23:05 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-30 12:18 - 2018-06-14 23:05 - 000444240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-06-30 12:18 - 2018-06-14 23:04 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-30 12:18 - 2018-06-14 23:04 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-30 12:18 - 2018-06-14 23:04 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-06-30 12:18 - 2018-06-14 23:04 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-06-30 12:18 - 2018-06-14 23:04 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-06-30 12:18 - 2018-06-14 23:04 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-06-30 12:18 - 2018-06-14 23:04 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 006572000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 006528600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 001144120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-06-30 12:18 - 2018-06-14 23:03 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2018-06-30 12:18 - 2018-06-14 23:03 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-06-30 12:18 - 2018-06-14 22:49 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-30 12:18 - 2018-06-14 22:48 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-30 12:18 - 2018-06-14 22:48 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-06-30 12:18 - 2018-06-14 22:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-06-30 12:18 - 2018-06-14 22:47 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2018-06-30 12:18 - 2018-06-14 22:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-06-30 12:18 - 2018-06-14 22:46 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-30 12:18 - 2018-06-14 22:46 - 004333568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-30 12:18 - 2018-06-14 22:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-06-30 12:18 - 2018-06-14 22:46 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-06-30 12:18 - 2018-06-14 22:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-06-30 12:18 - 2018-06-14 22:46 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-06-30 12:18 - 2018-06-14 22:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-06-30 12:18 - 2018-06-14 22:45 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-06-30 12:18 - 2018-06-14 22:45 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-30 12:18 - 2018-06-14 22:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2018-06-30 12:18 - 2018-06-14 22:45 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-06-30 12:18 - 2018-06-14 22:45 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-06-30 12:18 - 2018-06-14 22:45 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-06-30 12:18 - 2018-06-14 22:45 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2018-06-30 12:18 - 2018-06-14 22:45 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandlerPS.dll
2018-06-30 12:18 - 2018-06-14 22:44 - 001632256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-06-30 12:18 - 2018-06-14 22:44 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-06-30 12:18 - 2018-06-14 22:44 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-06-30 12:18 - 2018-06-14 22:44 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-06-30 12:18 - 2018-06-14 22:44 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-30 12:18 - 2018-06-14 22:44 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-06-30 12:18 - 2018-06-14 22:44 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-06-30 12:18 - 2018-06-14 22:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-06-30 12:18 - 2018-06-14 22:44 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2018-06-30 12:18 - 2018-06-14 22:43 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-06-30 12:18 - 2018-06-14 22:43 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-30 12:18 - 2018-06-14 22:43 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-06-30 12:18 - 2018-06-14 22:43 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-06-30 12:18 - 2018-06-14 22:43 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-06-30 12:18 - 2018-06-14 22:43 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-06-30 12:18 - 2018-06-14 22:43 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-30 12:18 - 2018-06-14 22:43 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-06-30 12:18 - 2018-06-14 22:43 - 000191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-06-30 12:18 - 2018-06-14 22:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-06-30 12:18 - 2018-06-14 22:43 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2018-06-30 12:18 - 2018-06-14 22:42 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-30 12:18 - 2018-06-14 22:42 - 002367488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-30 12:18 - 2018-06-14 22:42 - 000978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-06-30 12:18 - 2018-06-14 22:42 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-06-30 12:18 - 2018-06-14 22:42 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-06-30 12:18 - 2018-06-14 22:42 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-06-30 12:18 - 2018-06-14 22:42 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-06-30 12:18 - 2018-06-14 22:42 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-06-30 12:18 - 2018-06-14 22:42 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-06-30 12:18 - 2018-06-14 22:42 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-30 12:18 - 2018-06-14 22:42 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-06-30 12:18 - 2018-06-14 22:42 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-06-30 12:18 - 2018-06-14 22:42 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-06-30 12:18 - 2018-06-14 22:41 - 004561920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-30 12:18 - 2018-06-14 22:41 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-30 12:18 - 2018-06-14 22:41 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-30 12:18 - 2018-06-14 22:41 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-06-30 12:18 - 2018-06-14 22:41 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-06-30 12:18 - 2018-06-14 22:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-06-30 12:18 - 2018-06-14 22:41 - 000811520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-06-30 12:18 - 2018-06-14 22:41 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-30 12:18 - 2018-06-14 22:41 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-06-30 12:18 - 2018-06-14 22:41 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-06-30 12:18 - 2018-06-14 22:41 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-06-30 12:18 - 2018-06-14 22:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-06-30 12:18 - 2018-06-14 22:40 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-30 12:18 - 2018-06-14 22:40 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-30 12:18 - 2018-06-14 22:40 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-06-30 12:18 - 2018-06-14 22:40 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-06-30 12:18 - 2018-06-14 22:40 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-06-30 12:18 - 2018-06-14 22:39 - 002903040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-30 12:18 - 2018-06-14 22:39 - 002583552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-06-30 12:18 - 2018-06-14 22:39 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-30 12:18 - 2018-06-14 22:39 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-30 12:18 - 2018-06-14 22:39 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-06-30 12:18 - 2018-06-14 22:39 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-30 12:18 - 2018-06-14 22:39 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-30 12:18 - 2018-06-14 22:38 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-06-30 12:18 - 2018-06-14 22:38 - 001581568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-06-30 12:18 - 2018-06-14 22:38 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-06-30 12:18 - 2018-06-14 22:38 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-06-30 12:18 - 2018-06-14 22:38 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-30 12:18 - 2018-06-14 22:38 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-06-30 12:18 - 2018-06-14 22:38 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-06-30 12:18 - 2018-06-14 22:38 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-06-30 12:18 - 2018-06-14 22:37 - 001374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-30 12:18 - 2018-06-14 22:37 - 001069056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-06-30 12:18 - 2018-06-14 22:37 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-06-30 12:18 - 2018-06-14 22:36 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-06-30 12:18 - 2018-05-31 23:18 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-06-30 12:18 - 2018-05-20 05:53 - 000792984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-30 12:18 - 2018-05-20 05:52 - 000413080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-30 12:03 - 2018-06-30 12:03 - 000000000 ____D C:\Users\tom work\AppData\Local\D3DSCache
2018-06-29 11:18 - 2018-06-29 11:18 - 001839616 _____ C:\Users\tom work\Desktop\Boulder Ideas.msg
2018-06-29 11:07 - 2018-06-29 11:07 - 000029184 _____ C:\Users\tom work\Desktop\1048 11th.msg
2018-06-28 13:05 - 2018-06-28 13:05 - 000074191 _____ C:\Users\tom work\Desktop\SKM_C654e18062813020.pdf
2018-06-27 13:44 - 2018-06-27 13:45 - 052412176 _____ (Terradatum, Inc) C:\Users\tom work\Downloads\BrokerMetrics_windows_4_9_0_10.exe
2018-06-15 10:56 - 2018-06-15 10:56 - 000014813 _____ C:\Users\tom work\Downloads\invoice_4175_from_Pillar Property Works, LLC.pdf
2018-06-15 10:56 - 2018-06-15 10:56 - 000014813 _____ C:\Users\tom work\Downloads\invoice_4175_from_Pillar Property Works, LLC (7).pdf
2018-06-15 10:56 - 2018-06-15 10:56 - 000014813 _____ C:\Users\tom work\Downloads\invoice_4175_from_Pillar Property Works, LLC (6).pdf
2018-06-15 10:56 - 2018-06-15 10:56 - 000014813 _____ C:\Users\tom work\Downloads\invoice_4175_from_Pillar Property Works, LLC (5).pdf
2018-06-15 10:56 - 2018-06-15 10:56 - 000014813 _____ C:\Users\tom work\Downloads\invoice_4175_from_Pillar Property Works, LLC (4).pdf
2018-06-15 10:56 - 2018-06-15 10:56 - 000014813 _____ C:\Users\tom work\Downloads\invoice_4175_from_Pillar Property Works, LLC (3).pdf
2018-06-15 10:56 - 2018-06-15 10:56 - 000014813 _____ C:\Users\tom work\Downloads\invoice_4175_from_Pillar Property Works, LLC (2).pdf
2018-06-15 10:56 - 2018-06-15 10:56 - 000014813 _____ C:\Users\tom work\Downloads\invoice_4175_from_Pillar Property Works, LLC (1).pdf
2018-06-14 16:20 - 2018-06-14 16:20 - 000289681 _____ C:\Users\tom work\Desktop\live work in the county of Boulder.pdf
2018-06-14 10:37 - 2018-06-14 10:37 - 000415831 _____ C:\Users\tom work\Downloads\20180613-statements-x4444-.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-14 05:09 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-14 02:31 - 2018-05-11 17:41 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-14 02:31 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-14 02:27 - 2017-07-23 12:33 - 000000000 ____D C:\Users\tom work\AppData\Local\CrashDumps
2018-07-14 02:26 - 2018-05-11 17:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-14 02:26 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-14 02:26 - 2018-04-11 15:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-14 02:26 - 2018-04-11 15:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-07-14 02:26 - 2018-01-21 21:55 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-14 02:26 - 2018-01-21 21:55 - 000103656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-07-14 02:26 - 2017-07-23 19:22 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-14 02:26 - 2017-07-22 19:47 - 000040190 _____ C:\WINDOWS\system32\OV7251_FRONT.aiqd
2018-07-14 02:26 - 2017-07-22 19:47 - 000040190 _____ C:\WINDOWS\system32\OV5693_FRONT.aiqd
2018-07-14 01:29 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-14 01:21 - 2018-05-11 17:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-13 15:56 - 2017-07-22 20:35 - 000000000 ____D C:\Users\tom work\Documents\Outlook Files
2018-07-13 14:32 - 2017-07-23 21:06 - 000002508 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-07-13 14:32 - 2017-07-23 21:06 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-13 14:32 - 2017-07-23 21:06 - 000002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-13 14:32 - 2017-07-23 21:06 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-13 14:32 - 2017-07-23 21:06 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-13 14:32 - 2017-07-23 21:06 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-13 14:32 - 2017-07-23 21:06 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-13 14:31 - 2017-07-23 20:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-13 13:26 - 2017-07-23 11:13 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-07-13 12:03 - 2017-11-06 16:02 - 000000000 ____D C:\Users\tom work\AppData\Local\Packages
2018-07-13 11:58 - 2017-07-22 20:37 - 000000000 ____D C:\Users\tom work\Desktop\1855 folsom
2018-07-12 23:44 - 2018-05-11 17:37 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-07-12 23:44 - 2017-07-23 11:50 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-11 13:27 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-11 11:51 - 2018-04-11 17:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-07-11 10:23 - 2017-07-23 11:23 - 000000000 ____D C:\Users\tom work\.terradatum
2018-07-10 15:31 - 2018-05-11 17:30 - 000403840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-10 15:30 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-10 15:30 - 2018-04-11 17:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-10 15:30 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-10 15:30 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-10 15:30 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-10 12:48 - 2017-07-22 20:26 - 000000000 ____D C:\Users\tom work\Desktop\2018
2018-07-10 11:34 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-10 11:34 - 2017-07-22 19:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-10 11:32 - 2017-07-22 19:21 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-05 14:47 - 2017-12-27 11:58 - 000000000 ____D C:\Users\tom work\Desktop\2018 Toms Scanned Documents
2018-07-03 12:58 - 2017-07-23 10:25 - 000000000 ____D C:\ProgramData\Samsung
2018-07-03 12:58 - 2017-07-23 10:25 - 000000000 ____D C:\Program Files (x86)\Samsung
2018-07-03 11:38 - 2018-05-11 16:49 - 000000000 ___DC C:\WINDOWS\Panther
2018-06-30 12:49 - 2017-11-07 14:13 - 000000000 ___RD C:\Users\tom work\3D Objects
2018-06-30 12:49 - 2016-11-02 19:10 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-30 12:48 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-30 11:51 - 2018-02-21 21:06 - 000007626 _____ C:\Users\tom work\AppData\Local\resmon.resmoncfg
2018-06-30 11:30 - 2018-05-30 10:34 - 000000000 ____D C:\Users\tom work\Documents\DisplayFusion Backups
2018-06-30 11:30 - 2017-12-11 15:18 - 000001390 _____ C:\Users\Public\Desktop\DisplayFusion.lnk
2018-06-30 11:30 - 2017-12-11 15:18 - 000000000 ____D C:\Users\tom work\AppData\Local\DisplayFusion
2018-06-30 11:30 - 2017-12-11 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
2018-06-30 11:30 - 2017-12-11 15:18 - 000000000 ____D C:\Program Files (x86)\DisplayFusion
2018-06-28 19:13 - 2018-04-11 17:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-28 19:13 - 2018-04-11 17:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-28 15:03 - 2017-07-22 20:30 - 000000000 ____D C:\Users\tom work\Desktop\2018 REMAX
2018-06-27 14:18 - 2018-01-26 11:10 - 000000000 ____D C:\Users\tom work\Desktop\1-2018 COMMISSION
2018-06-27 13:45 - 2017-07-23 11:13 - 000000000 ____D C:\Program Files (x86)\BrokerMetrics
2018-06-26 15:16 - 2018-01-21 22:28 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-26 15:16 - 2018-01-21 22:28 - 000002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-25 16:05 - 2017-07-22 20:37 - 000000000 ____D C:\Users\tom work\Desktop\2018 PREMIER ANSIBLE
2018-06-23 23:51 - 2018-05-11 17:37 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-701103343-2950859752-96661517-1001
2018-06-23 23:51 - 2018-05-11 17:33 - 000002378 _____ C:\Users\tom work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-23 23:51 - 2017-07-22 18:57 - 000000000 ___RD C:\Users\tom work\OneDrive

==================== Files in the root of some directories =======

2017-07-24 13:15 - 2017-07-24 13:15 - 000038408 _____ () C:\Users\tom work\AppData\Roaming\Comma Separated Values.ADR
2018-02-21 21:06 - 2018-06-30 11:51 - 000007626 _____ () C:\Users\tom work\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-07-11 11:46 - 2018-07-11 11:46 - 000479816 _____ (Microsoft Corporation) C:\Users\tom work\AppData\Local\Temp\SurfaceBaseFwUpdate.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-11 17:30

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by tom work (14-07-2018 06:07:19)
Running from C:\Users\tom work\Desktop
Windows 10 Pro Version 1803 17134.165 (X64) (2018-05-11 23:38:04)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-701103343-2950859752-96661517-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-701103343-2950859752-96661517-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-701103343-2950859752-96661517-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-701103343-2950859752-96661517-501 - Limited - Disabled)
tom work (S-1-5-21-701103343-2950859752-96661517-1001 - Administrator - Enabled) => C:\Users\tom work
WDAGUtilityAccount (S-1-5-21-701103343-2950859752-96661517-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 388.08 - NVIDIA Corporation) Hidden
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrokerMetrics 4.8.0.28 (HKLM-x32\...\0525-1095-4455-6583) (Version: 4.8.0.28 - Terradatum, Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
DisplayFusion 9.3 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 9.3.0.0 - Binary Fortress Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 53.4.67 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
ESET Endpoint Antivirus (HKLM\...\{3187B3B0-3620-4459-A983-4403FC481420}) (Version: 5.0.2214.4 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.10228.20104 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-701103343-2950859752-96661517-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
NVIDIA Graphics Driver 388.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.08 - NVIDIA Corporation)
NVIDIA Update 29.1.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 29.1.0.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Quicken 2016 (HKLM-x32\...\{519B4ED1-AF5F-4812-B2A8-B18D783AEFE8}) (Version: 25.1.14.9 - Quicken)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1108.65 - Trusteer) Hidden
Rapport (HKLM-x32\...\Rapport_msi) (Version: 3.5.1108.65 - Trusteer)
RingCentral for Windows (HKLM-x32\...\{35D77C31-2227-4048-9213-CD208D81ACD1}) (Version: 9.4.3.29474 - RingCentral)
Samsung Cloud Print (HKLM-x32\...\Samsung Cloud Print) (Version: 2.00.156:01 - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.06.00.08(9/7/2016) - Samsung Electronics Co., Ltd.)
Samsung M262x 282x Series (HKLM-x32\...\Samsung M262x 282x Series) (Version: 1.39 (9/28/2016) - Samsung Electronics Co., Ltd.)
Samsung M283x Series (HKLM-x32\...\Samsung M283x Series) (Version: () - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SonicWALL SSL-VPN NetExtender (HKLM-x32\...\SonicWALL SSL-VPN NetExtender) (Version: 4.0.138 - SonicWALL, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.23 - Tweaking.com)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
Verizon Mobile Broadband Drivers (HKLM-x32\...\{8BF85767-903F-4E68-86F3-ECF71DF27AA9}) (Version: 3.24.018.001.14 - Novatel Wireless)
Verizon Wireless USB551L Firmware Updates (HKLM-x32\...\{9BD53EBD-C5C1-45F3-BF4C-84D8A62A8393}) (Version: 1.0.5 - Smith Micro Software, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
VZAccess Manager (HKLM-x32\...\{30F946A5-5F92-40A6-941F-CE5083646744}) (Version: 7.10.0.1 - Smith Micro Software Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2013-02-14] (ESET)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2013-02-14] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-19] (NVIDIA Corporation)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2013-02-14] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05168AEC-ABE0-4220-84F6-A43868C2F34E} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-13] (Microsoft Corporation)
Task: {12D6143D-75C8-4E2B-9556-4264BBC90163} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {19A634D6-F26D-4D86-AE90-E7AFAC4E56A6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {1C18ED08-8750-4D16-93E7-B9D5790F3D0B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {210F2E04-E623-4BD4-B769-D5891754EA50} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-13] (Microsoft Corporation)
Task: {2D77E425-90AF-4405-9A58-F122EACF6B01} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {3B789556-9AB6-4E54-AACF-77B8597B9C89} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {4D7F4395-C557-4C52-9228-34D3BD95C723} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {4E6F8A2D-C23E-4FEC-91BB-BC2190009FB1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {50881B26-5373-4825-BB33-F0DBF03A94E4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {56AB133C-D028-46F2-ACC5-927209C437FF} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {580B3864-CB94-42E7-8F0E-3EC22966CB73} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-23] (Dropbox, Inc.)
Task: {59509785-E992-4AA1-B556-A6968FC0E745} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-13] (Microsoft Corporation)
Task: {5CB2E488-6830-4317-8D5E-40BFAAED28BA} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {62805FE5-A270-4BF0-8E79-35B77D42A685} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-13] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6F5E465B-8576-434A-A1CC-EDD59FDE588F} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {80F969ED-4BB6-40C3-AEB1-6BCC19E5046D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {934BE8D5-6153-4B23-9123-7A3B9345F5D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-21] (Google Inc.)
Task: {A202576D-978C-4D8E-B357-98F377C6C619} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-21] (Google Inc.)
Task: {A2EE7EA8-074F-4A03-8337-550BE00116A3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-23] (Dropbox, Inc.)
Task: {B4519F57-9F3D-494A-804E-E9F4114694AE} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {CF7773EC-9C09-435D-8620-B7F0E3675DE3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {F7AD8C5D-FA7D-46E3-A9DA-283CB361B01F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {F93D36DB-F15B-4599-8933-DA433C044F09} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-04-11 17:34 - 2018-04-11 17:34 - 000253440 _____ () C:\WINDOWS\system32\HeatCore.dll
2017-08-22 09:53 - 2014-08-08 03:29 - 000022528 _____ () C:\WINDOWS\System32\scpd2lm.dll
2017-08-21 13:31 - 2015-06-26 09:34 - 000022528 _____ () C:\WINDOWS\System32\ssk4mlm.dll
2017-07-23 10:25 - 2015-06-26 09:27 - 000022528 _____ () C:\WINDOWS\System32\ssk5mlm.dll
2017-08-18 01:05 - 2015-03-11 20:43 - 000022528 _____ () C:\WINDOWS\System32\us013lm.dll
2017-02-24 04:25 - 2017-02-24 04:25 - 000966056 _____ () C:\Program Files\Samsung\Samsung Cloud Print PC Agent\SCP_Svc.exe
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 02:48 - 2017-12-08 02:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-03 14:35 - 2017-10-03 14:35 - 000414296 ____N () C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelSstPpDll.dll
2018-07-03 11:31 - 2018-05-30 09:22 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-07-03 11:31 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-10 11:28 - 2018-07-06 00:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-21 16:07 - 2018-05-21 16:08 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-21 16:07 - 2018-05-21 16:08 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-21 16:07 - 2018-05-21 16:08 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-21 16:07 - 2018-05-21 16:08 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-01 11:52 - 2017-11-01 11:52 - 000804744 ____N () C:\Windows\System32\SurfaceDTX.exe
2018-06-27 02:45 - 2018-06-27 02:45 - 027126784 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-06-27 02:45 - 2018-06-27 02:45 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-06-27 02:45 - 2018-06-27 02:45 - 006735872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 03:56 - 2017-09-26 03:56 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-06-27 02:45 - 2018-06-27 02:45 - 009360384 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntPlat.dll
2014-09-08 13:39 - 2014-09-08 13:39 - 000464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:38 - 2014-09-08 13:38 - 000051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2018-06-08 15:19 - 2018-06-08 15:19 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-06-08 15:19 - 2018-06-08 15:19 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 09:41 - 2017-10-05 09:41 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-05-04 10:28 - 2018-05-04 10:28 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-05-30 18:53 - 2018-05-30 18:53 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-30 18:53 - 2018-05-30 18:54 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-30 18:53 - 2018-05-30 18:54 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-03-30 09:16 - 2018-03-30 09:17 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-06-08 15:19 - 2018-06-08 15:19 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-30 18:53 - 2018-05-30 18:54 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-06-08 15:19 - 2018-06-08 15:19 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-30 18:53 - 2018-05-30 18:54 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-05-30 18:53 - 2018-05-30 18:54 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-30 18:53 - 2018-05-30 18:54 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-06-08 15:19 - 2018-06-08 15:19 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
2018-05-30 18:53 - 2018-05-30 18:54 - 000103424 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-03-30 09:16 - 2018-03-30 09:17 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-07-14 01:29 - 2018-07-14 01:29 - 000199168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-07-14 01:29 - 2018-07-14 01:29 - 002449952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-14 01:29 - 2018-07-14 01:29 - 007813632 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2018-06-26 15:16 - 2018-06-22 13:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-26 15:16 - 2018-06-22 13:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2017-07-23 12:48 - 2017-07-23 12:48 - 000520464 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
2011-11-10 16:11 - 2011-11-10 16:11 - 000557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2018-07-13 13:26 - 2018-07-12 20:01 - 001107648 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-07-13 13:26 - 2018-07-12 20:01 - 002079424 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-05-08 16:31 - 2018-07-12 20:05 - 000021704 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:02 - 000022752 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:01 - 000135656 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:02 - 001881816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:02 - 000023768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:01 - 000111576 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll
2018-05-08 16:31 - 2018-07-12 20:01 - 000103392 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 000069320 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 000080064 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:01 - 000399832 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll
2018-05-08 16:31 - 2018-07-12 20:01 - 000024544 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:01 - 000043496 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:01 - 000021472 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:01 - 000124896 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:01 - 000114664 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:05 - 000392392 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:05 - 000028896 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:01 - 000024552 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:01 - 000175584 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:01 - 000024544 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:01 - 000026080 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:05 - 000024272 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:01 - 000048616 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:01 - 000057824 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:02 - 000022728 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:02 - 000025296 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:05 - 000070360 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:05 - 000026336 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 003866304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:05 - 000089272 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 001800896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 001960640 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:01 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 000155856 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 000521920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 000051400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 000043720 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 000131264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 000220872 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 000205512 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:01 - 000060896 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:05 - 000056536 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:01 - 000024040 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:05 - 000024792 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:05 - 000023776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:05 - 000022752 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:05 - 000023768 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:02 - 000028392 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:01 - 000348128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 000102088 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:05 - 000024800 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 000026840 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:01 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-07-13 13:26 - 2018-07-12 20:03 - 000034528 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:01 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-05-08 16:31 - 2018-07-12 20:05 - 000023776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 000181432 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-05-08 16:31 - 2018-07-12 20:05 - 000031952 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 000024752 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-07-13 13:26 - 2018-07-12 20:03 - 001638576 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-05-08 16:31 - 2018-07-12 20:05 - 000090840 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:05 - 000023768 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shcore.compiled._winffi_shcore.cp35-win32.pyd
2018-05-08 16:31 - 2018-07-12 20:05 - 000027352 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 000547008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp35-win32.pyd
2018-07-13 13:26 - 2018-07-12 20:03 - 000360128 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp35-win32.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\tom work\Desktop\2018 Community Services:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\tom work\Desktop\2018 Toms Scanned Documents:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 05:47 - 2016-07-16 05:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-701103343-2950859752-96661517-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "SonicWALLNetExtender"
HKU\S-1-5-21-701103343-2950859752-96661517-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D17DFAE8-02A1-43A2-8CFE-B60B1BCBD982}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{2173A7FA-6F71-4F69-99B8-2E81C96083EE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{48561641-48C2-428F-BCF8-6B8566A2B23D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7FF5C961-2BD7-4DBF-8411-5D5743E41D8A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{669C25F9-C476-4AB1-BECD-F988E60C6B1A}C:\users\tom work\appdata\local\ringcentral\softphoneapp\softphone.exe] => (Allow) C:\users\tom work\appdata\local\ringcentral\softphoneapp\softphone.exe
FirewallRules: [TCP Query User{8C13EEA0-3C14-4DB3-A10D-4A54F95B55A9}C:\users\tom work\appdata\local\ringcentral\softphoneapp\softphone.exe] => (Allow) C:\users\tom work\appdata\local\ringcentral\softphoneapp\softphone.exe
FirewallRules: [{C9A32D60-74E6-4CFA-8FFE-7FC25509806D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{165F9011-6093-4956-99D9-94F901E3DF05}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D2869786-D28A-426F-B9A1-01567B6041DD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{020BDB1D-005A-4A6B-8E49-E365E298F10B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2774CFB-6E08-4EB0-98A4-79BA731E853F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B32F18AD-FF86-4CBF-A5F0-D4CE290323CD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{36DDAE74-CD02-43AD-9A41-409B6BCC50CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D9892D5D-1B96-4418-89A2-287B5FF99D2F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{528C9DAD-51E9-44AB-850F-03BE25DA1C6D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{A3AA6B5C-039B-4ADA-AD5B-027048119E86}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{56D0E4A5-E2BE-4B65-AE93-5C47C8AC4A1C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{3BDC852E-C244-406B-9F0C-CA3D637866F4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{7365C336-70FB-4E2E-90B3-8A0794526886}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{D95E25E3-5DAC-4D64-BA0C-486A563E1EA0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{569FDBF8-067E-47C0-BFBD-F85B4E0F186A}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{55D802F6-A7AB-4262-AD67-E0D28585CF1D}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{AD299156-016E-4432-A358-7E8C55D8A560}] => (Allow) C:\WINDOWS\system32\spool\DRIVERS\x64\3\scpd2.exe
FirewallRules: [{C4E4E2FA-F3BB-48F9-B09C-C661DA21B7D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5DD4A232-C0C1-4300-8015-206C53FFD1E8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{0C3A5385-3B3F-474C-BA62-A0F32BDEED93}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{B72CE95B-C4D4-454D-99B7-2E5C2246AF48}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

08-07-2018 19:07:01 Windows Backup
11-07-2018 11:46:06 Installed Microsoft Surface Dock Updater
14-07-2018 06:05:17 Tweaking.com - Windows Repair 2018

==================== Faulty Device Manager Devices =============

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2018 02:27:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (07/14/2018 02:26:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1496, time stamp: 0x5b0f37dd
Faulting module name: Qt5Core.dll, version: 5.6.3.0, time stamp: 0x5a61293e
Exception code: 0xc0000005
Fault offset: 0x0018e4f3
Faulting process id: 0x2674
Faulting application start time: 0x01d41b4c6363fec1
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 72d00f35-8e77-4d3f-b952-7f994c401514
Faulting package full name:
Faulting package-relative application ID:

Error: (07/13/2018 09:38:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18041.15530.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2b8c

Start Time: 01d41b23b626c008

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: 73b40aeb-44a9-42e8-b934-f4ab175ecee4

Faulting package full name: Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (07/13/2018 09:25:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18041.15530.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 30d4

Start Time: 01d41b219d9adc1c

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: 674aaa9f-9e8e-4915-9ec7-b9ee5834010f

Faulting package full name: Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (07/13/2018 09:11:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18041.15530.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 13a8

Start Time: 01d41b1f851902da

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: b85d1f1c-5f89-46ec-8dac-a48c7ac4b55e

Faulting package full name: Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (07/13/2018 08:11:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18041.15530.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 32d0

Start Time: 01d41b172310aead

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: 6abcdff7-926d-4475-87fc-3a080d6253c8

Faulting package full name: Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (07/13/2018 07:55:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18041.15530.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1338

Start Time: 01d41b150a90d3ec

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: 3e030b18-0b2a-4b21-8b09-348bc22b2319

Faulting package full name: Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (07/13/2018 07:37:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18041.15530.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1704

Start Time: 01d41b12f20d201a

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: 86c62a68-8623-4703-856f-b7f6d6fb3beb

Faulting package full name: Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

System errors:
=============
Error: (07/14/2018 05:58:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPSvc service.

Error: (07/14/2018 05:28:24 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPSvc service.

Error: (07/14/2018 05:04:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPSvc service.

Error: (07/14/2018 05:04:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/14/2018 03:10:49 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RSNIP8M)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-RSNIP8M\tom work SID (S-1-5-21-701103343-2950859752-96661517-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/14/2018 03:08:14 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RSNIP8M)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-RSNIP8M\tom work SID (S-1-5-21-701103343-2950859752-96661517-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/14/2018 02:26:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NWVZHelper service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/14/2018 02:26:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NWVZHelper service to connect.

CodeIntegrity:
===================================

Date: 2018-07-03 11:31:25.330
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-11 17:39:54.880
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\Hooks\AppHook64_7BA83EC3-7198-44F1-9E79-F2A6A99833DB.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz
Percentage of memory in use: 29%
Total physical RAM: 16309.27 MB
Available physical RAM: 11572.63 MB
Total Virtual: 18741.27 MB
Available Virtual: 14102.72 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:475.72 GB) (Free:391.45 GB) NTFS

\\?\Volume{74a42c5e-e3ef-4e1f-9579-6de182b15473}\ (Windows RE tools) (Fixed) (Total:0.84 GB) (Free:0.44 GB) NTFS
\\?\Volume{28d74142-9ff8-4581-9112-e3090874cd44}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 88D267D8)

Partition: GPT.

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2018-07-14 06:31:39
-----------------------------
06:31:39.268 OS Version: Windows x64 6.2.9200
06:31:39.268 Number of processors: 4 586 0x4E03
06:31:39.270 ComputerName: DESKTOP-RSNIP8M UserName: tom work
06:31:39.799 Initialize success
06:31:39.824 VM: initialized successfully
06:31:39.825 VM: Intel CPU supported
06:31:44.040 VM: not used
06:34:18.371 AVAST engine defs: 17030301
06:35:30.905 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003b
06:35:30.908 Disk 0 Vendor: SAMSUNG_MZFLV512HCJH-000MV BXV75M0Q Size: 488386MB BusType: 17
06:35:30.914 Disk 0 MBR read successfully
06:35:30.917 Disk 0 MBR scan
06:35:30.933 Disk 0 unknown MBR code
06:35:30.937 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
06:35:30.946 Disk 0 scanning C:\WINDOWS\system32\drivers
06:35:30.949 Service scanning
06:35:59.628 Modules scanning
06:36:00.139 AVAST engine scan C:\WINDOWS
06:36:00.146 AVAST engine scan C:\WINDOWS\system32
06:36:00.153 AVAST engine scan C:\WINDOWS\system32\drivers
06:36:00.158 AVAST engine scan C:\Users\tom work
06:36:00.164 AVAST engine scan C:\ProgramData
06:36:00.192 Scan finished successfully
06:43:37.874 Disk 0 MBR has been saved successfully to "C:\Users\tom work\Desktop\MBR.dat"
06:43:37.897 The log file has been saved successfully to "C:\Users\tom work\Desktop\aswMBR.txt"

I tried to run this with the virtulization and it would crash I also could not run it with trace disk io calls.

Several weeks ago we ran cc cleaner can't find log. I ran malwarebytes, Spybot, Emsisoft and roguekiller. I will attach those logs here.

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
main: v2018.07.14.02
rootkit: v2018.07.14.02

Windows 10 x64 NTFS
Internet Explorer 11.165.17134.0
tom work :: DESKTOP-RSNIP8M [administrator]

7/14/2018 6:57:29 AM
mbar-log-2018-07-14 (06-57-29).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 223771
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Search results from Spybot - Search & Destroy

7/14/2018 3:20:25 AM
Scan took 00:15:37.
16 items found.

DoubleClick: [SBI $ASBRCOOK] Tracking cookie (Internet Explorer (User): tom work) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

MediaPlex: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

MediaPlex: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

DoubleClick: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

DoubleClick: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

Cookie: [SBI $BCOOKIES] Browser: Cookie (9) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

Cache: [SBI $BCACHE00] Browser: Cache (2) (Browser: Cache, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

History: [SBI $BHISTORY] Browser: History (138) (Browser: History, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

Cookie: [SBI $BCOOKIES] Browser: Cookie (879) (Browser: Cookie, nothing done)

Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54

--- Spybot - Search & Destroy version: 2.7.64.131 DLL (build: 20180214) ---

2018-04-20 blindman.exe (2.7.64.152)
2018-04-20 explorer.exe (2.7.64.191)
2018-02-06 SDBootCD.exe (2.7.64.109)
2018-04-20 SDCleaner.exe (2.7.64.110)
2018-04-20 SDDelFile.exe (2.7.64.94)
2018-04-20 SDFiles.exe (2.7.64.137)
2018-04-20 SDFileScanHelper.exe (2.7.64.7)
2018-04-20 SDFSSvc.exe (2.7.64.219)
2018-04-20 SDHelp.exe (2.7.64.1)
2018-02-06 SDHookHelper.exe (2.7.64.2)
2018-02-06 SDHookInst32.exe (2.7.64.2)
2018-02-06 SDHookInst64.exe (2.7.64.2)
2018-04-20 SDImmunize.exe (2.7.64.133)
2018-04-20 SDLogReport.exe (2.7.64.107)
2018-04-20 SDOnAccess.exe (2.7.64.12)
2018-04-20 SDPESetup.exe (2.7.64.3)
2018-04-20 SDPEStart.exe (2.7.64.86)
2018-04-20 SDPhoneScan.exe (2.7.64.29)
2018-04-20 SDPRE.exe (2.7.64.22)
2018-02-06 SDPrepPos.exe (2.7.64.15)
2018-04-20 SDQuarantine.exe (2.7.64.103)
2018-02-06 SDRootAlyzer.exe (2.7.64.116)
2018-02-06 SDSBIEdit.exe (2.7.64.39)
2018-04-20 SDScan.exe (2.7.64.191)
2018-02-06 SDScript.exe (2.7.64.54)
2018-04-20 SDSettings.exe (2.7.64.139)
2018-04-20 SDShell.exe (2.7.64.2)
2018-02-06 SDShred.exe (2.7.64.108)
2018-02-06 SDSysRepair.exe (2.7.64.102)
2018-02-06 SDTools.exe (2.7.64.157)
2018-04-20 SDTray.exe (2.7.64.129)
2018-04-20 SDUpdate.exe (2.7.64.98)
2018-04-20 SDUpdSvc.exe (2.7.64.82)
2018-04-20 SDWelcome.exe (2.7.64.131)
2018-02-06 SDWSCSvc.exe (2.7.64.3)
2018-07-14 unins000.exe (51.1052.0.0)
2017-11-28 xcacls.exe
2017-11-28 borlndmm.dll (10.0.2288.42451)
2018-01-29 DelZip190.dll (1.9.0.119)
2018-01-29 DelZip192.dll (1.9.2.136)
2018-01-29 libeay32.dll (1.0.2.14)
2017-11-28 libssl32.dll (1.0.0.4)
2018-02-06 NotificationSpreader.dll (2.7.64.4)
2018-04-20 SDAdvancedCheckLibrary.dll (2.7.64.98)
2018-04-20 SDAV.dll (2.4.40.7)
2018-02-06 SDECon32.dll (2.7.64.114)
2018-03-23 SDECon64.dll (2.7.64.113)
2018-02-06 SDEvents.dll (2.7.64.2)
2018-04-20 SDFileScanLibrary.dll (2.7.64.24)
2018-02-06 SDHook32.dll (2.7.64.2)
2018-02-06 SDHook64.dll (2.7.64.2)
2018-04-20 SDImmunizeLibrary.dll (2.7.64.3)
2018-04-20 SDLicense.dll (2.7.64.3)
2018-04-20 SDLists.dll (2.7.64.8)
2018-02-06 SDResources.dll (2.7.64.7)
2018-04-20 SDScanLibrary.dll (2.7.64.131)
2018-04-20 SDTasks.dll (2.7.64.15)
2018-02-06 SDWinLogon.dll (2.7.64.0)
2018-01-29 sqlite3.dll (3.22.0.0)
2018-01-29 ssleay32.dll (1.0.2.14)
2018-02-06 Tools.dll (2.7.64.36)
2018-02-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2018-07-04 Includes\Adware-C.sbi
2014-01-13 Includes\Adware.sbi
2014-01-13 Includes\AdwareC.sbi (*)
2017-11-28 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2018-06-20 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2017-01-30 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi
2016-07-06 Includes\Fraud-003.sbi
2012-11-14 Includes\HeavyDuty.sbi
2014-11-14 Includes\Hijackers-000.sbi
2014-11-14 Includes\Hijackers-001.sbi (*)
2018-04-04 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2018-05-30 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2018-04-12 Includes\Malware-002.sbi (*)
2016-11-07 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2018-05-23 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi
2014-01-13 Includes\MalwareC.sbi (*)
2018-05-02 Includes\PUPS-000.sbi (*)
2018-05-02 Includes\PUPS-001.sbi (*)
2018-05-02 Includes\PUPS-002.sbi
2018-05-02 Includes\PUPS-003.sbi (*)
2018-05-02 Includes\PUPS-004.sbi
2018-07-11 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi
2014-01-08 Includes\Security-000.sbi (*)
2017-09-27 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi
2018-06-20 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti
2017-06-28 Includes\Trojans-000.sbi
2014-01-15 Includes\Trojans-001.sbi
2017-10-25 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi
2015-03-31 Includes\Trojans-006.sbi (*)
2017-12-01 Includes\Trojans-007.sbi
2014-07-09 Includes\Trojans-008.sbi (*)
2018-06-21 Includes\Trojans-009.sbi (*)
2018-06-21 Includes\Trojans-010.sbi (*)
2018-07-11 Includes\Trojans-C.sbi
2014-01-15 Includes\Trojans-OG-000.sbi
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi
2014-01-15 Includes\Trojans-VM-010.sbi
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

// info: Rootkit removal help file
// copyright: (c) 2008-2018 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\5A649F0329F56A0449F1EC0538467644:Win32App_1:$DATA"
File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400:Win32App_1:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\1125-1147 Francis St - Estoppels - Fully Executed:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\1203 Warrior Inspection Photos:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\1889 Yarmouth:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\3252 Sentinel:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\3701 Arapahoe #420:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\tom build pics:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Toms Scanned Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Toms Scanned Documents\Ansible:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Toms Scanned Documents\bank depositing into wrong acct:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Toms Scanned Documents\Cedar:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Toms Scanned Documents\Credit Card:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Toms Scanned Documents\DENNING new loan fairfield:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Toms Scanned Documents\fairfield:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Toms Scanned Documents\folsom:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Toms Scanned Documents\Grenoble:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Toms Scanned Documents\New folder:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Toms Scanned Documents\New folder (2):com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Toms Scanned Documents\REMAX:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Toms Scanned Documents\Tarroco:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Toms Scanned Documents\Tom Kalinski:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\1390 Fairfield:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\3035 47th:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Baker - Laing:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Bonnie Bromwell:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Sweet Ruckus LLC:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\245 Century Circle Condos.jpg:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Brokerage Disclosure to Buyer (signed).pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Brokerage Disclosure to Buyer.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Catherine Davis - Current Lease.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Catherine Davis-245 W Century Cir Brochure.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Catherine Davis-9-9-2016.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Davis Financial and Ins Corp:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Davis Financial and Ins Corp:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Office Condo Inspection Proposal.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Davis Financial and Ins Corp\245 Century Cir 201-204 - SPD (signed).pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Davis Financial and Ins Corp\245 Century Cir 201-204 - Title Objection (signed).pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Davis Financial and Ins Corp\LOI Davis Financial and Insurance Corp 2-21-18.docx:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Davis Financial and Ins Corp\LOI Davis Financial and Insurance Corp.docx:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir - Amend-Extend Closing (signed).pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201 - Public Records.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - ABA.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - Contract Contacts.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - Contract.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - Counter.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - Dates and Deadlines.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - EM Receipt.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - Inspection Report.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - SPD (Fully Signed).pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - SPD (seller signed).pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - Title Commitment Revised 2.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - Title Commitment Revised 3.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - Title Commitment Revised 4.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - Title Commitment Revised.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - Title Commitment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - Title Objection (unsigned).pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - UC E FORM.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 201-204 - Wire Fraud Alert.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 202 - Public Records.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 203 - Public Records.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\245 Century Cir 204 - Public Records.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\Buyer Broker Agrmt unsigned.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\Davis - Buyer Broker Agreement.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Catherine Davis\Contract Docs\LOI Davis Financial and Insurance signed.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Bonnie Bromwell\7119 W Sussex Ct:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Bonnie Bromwell\Pics:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Baker - Laing\1255 Gillaspie:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Baker - Laing\1614 Centaur Cir:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Baker - Laing\4533 Wellington:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Baker - Laing\506 Aztec:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Baker - Laing\ADU Discussion:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Baker - Laing\4533 Wellington\cONTRACT dOCS:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Baker - Laing\4533 Wellington\Emails:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Baker - Laing\1255 Gillaspie\CONTRACTS:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Baker - Laing\1255 Gillaspie\Disclosures:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\Baker - Laing\1255 Gillaspie\emails:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\3035 47th\3035 47th:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\1390 Fairfield\Listing Docs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Tom Sales\1390 Fairfield\Photos:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\000 2017-2018 Property Management Overview.xlsx:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\001 Overview Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\007 1125 Francis:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\008 1390 Fairfield Dr:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\2017 PROPERTY TAXES.xlsx:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\PPW W-9 2018.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\Tom 2017 Mortgage Docs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\Tom 2017 Mortgage Docs:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\Tom 2017 Mortgage Docs\1104 U - Flagstar.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\Tom 2017 Mortgage Docs\2800 103 - Elevations.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\Tom 2017 Mortgage Docs\2800 112 - Elevations.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\Tom 2017 Mortgage Docs\2800 305 - Ocwen.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\Tom 2017 Mortgage Docs\2800 306 - Ocwen.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\Tom 2017 Mortgage Docs\4888 Hopkins - Elevations.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\Tom 2017 Mortgage Docs\Guaranty - All.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\001 LLC Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\002 Properties:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\003 Invoices:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\003 Invoices\001 Tenant Charges:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\002 Properties\001 Property 1:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\002 Properties\001 Property 1\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\002 Properties\001 Property 1\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\002 Properties\001 Property 1\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\002 Properties\001 Property 1\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\002 Properties\001 Property 1\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\002 Properties\001 Property 1\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\002 Properties\001 Property 1\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\002 Properties\001 Property 1\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\001 LLC Documents\001 Foundational Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\001 LLC Documents\002 Meeting Minutes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\010 Template\001 LLC Documents\003 Misc Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\008 1390 Fairfield Dr\001 Invoices:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\007 1125 Francis\1125 Francis - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\007 1125 Francis\1125 Francis - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\E+O INSURANCE 14:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\Ins 101:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\Ins 102:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\Ins 103:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\Ins 1048 11th:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\Ins 112:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\ins 1125:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\ins 303 and 304:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\ins 305:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\Ins 306:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\Ins 903 18th:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\ins 907 University:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\Ins 918 Pleasant:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\ins 932 Marine:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\ins 962 pleasant:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\insurance 1104 university:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\Insurance 1390 Fairfield:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\insurance Liability 1390 Pearl policies:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\Insurance, liability 704 Corp:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\ins 932 Marine\2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\Ins 918 Pleasant\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\006 Tom's Files\ins 907 University\2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\001 LLC Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\003 Invoices:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\003 Invoices\2013-2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\003 Invoices\2014-2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\003 Invoices\2015-2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\003 Invoices\2016-2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\003 Invoices\2017-2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\003 Invoices\Tenant Charges:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\003 Invoices\2013-2014\New folder:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\002 2800 Aurora 304:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\002 2800 Aurora 304\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\002 2800 Aurora 304\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\002 2800 Aurora 304\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\002 2800 Aurora 304\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\002 2800 Aurora 304\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\002 2800 Aurora 304\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\002 2800 Aurora 304\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\002 2800 Aurora 304\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\002 2800 Aurora 304\007 Taxes\2800 Aurora 304 - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\002 2800 Aurora 304\007 Taxes\2800 Aurora 304 - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\007 Taxes\2800 Aurora 303 - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\007 Taxes\2800 Aurora 303 - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\001 Property Management\2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\001 Property Management\2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\001 Property Management\2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\001 Property Management\2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\001 Property Management\2018\2800 Aurora 303 - Owner Statement 01-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\001 Property Management\2018\2800 Aurora 303 - Owner Statement 02-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\001 Property Management\2018\2800 Aurora 303 - Owner Statement 03-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\001 Property Management\2018\2800 Aurora 303 - Owner Statement 04-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\001 Property Management\2018\2800 Aurora 303 - Owner Statement 05-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\002 Properties\001 2800 Aurora 303\001 Property Management\2018\2800 Aurora 303 - Owner Statement 06-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\001 LLC Documents\001 Foundational Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\001 LLC Documents\002 Meeting Minutes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\005 Towne Preston\001 LLC Documents\003 Misc Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\001 LLC Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2013-2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2014-2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2015-2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2016-2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2017-2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2017-2018\00 Grenoble - Cline & Associates 27076.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2017-2018\2800 101 - Pillar 3898.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2017-2018\2800 101 - Pillar 4032.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2017-2018\2800 305 903 18th - Briggs 2006 2011.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2017-2018\4888 Hopkins - Big M 18321.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2017-2018\4888 Hopkins - Big M 18424.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2017-2018\4888 Hopkins - Northcreek HOA Annual Dues.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2017-2018\907 U - Briggs 1941.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2017-2018\907 U - Briggs 1970 1963 1964 1967 1948 1959 Home Depot Wayne Bennett Nicos Maintenance.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2017-2018\907 U - Briggs 1983 1990.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2017-2018\907 U - Home Depot Dryer.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\003 Invoices\2017-2018\907 U 2800 112 305 - Bennett 1066 A & M Window 6431 6432 AP Handyman 9.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\001 903 18th St:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\004 2800 Aurora 112:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\005 2800 Aurora 305:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\006 4888 Hopkins Pl:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\006 4888 Hopkins Pl\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\006 4888 Hopkins Pl\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\006 4888 Hopkins Pl\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\006 4888 Hopkins Pl\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\006 4888 Hopkins Pl\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\006 4888 Hopkins Pl\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\006 4888 Hopkins Pl\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\006 4888 Hopkins Pl\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\006 4888 Hopkins Pl\007 Taxes\4888 Hopkins - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\006 4888 Hopkins Pl\007 Taxes\4888 Hopkins - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\005 2800 Aurora 305\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\005 2800 Aurora 305\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\005 2800 Aurora 305\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\005 2800 Aurora 305\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\005 2800 Aurora 305\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\005 2800 Aurora 305\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\005 2800 Aurora 305\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\005 2800 Aurora 305\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\005 2800 Aurora 305\007 Taxes\2800 Aurora 305 - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\005 2800 Aurora 305\007 Taxes\2800 Aurora 305 - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\005 2800 Aurora 305\004 Leases\2013-2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\005 2800 Aurora 305\004 Leases\2014-2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\004 2800 Aurora 112\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\004 2800 Aurora 112\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\004 2800 Aurora 112\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\004 2800 Aurora 112\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\004 2800 Aurora 112\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\004 2800 Aurora 112\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\004 2800 Aurora 112\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\004 2800 Aurora 112\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\004 2800 Aurora 112\007 Taxes\2800 Aurora 112 - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\004 2800 Aurora 112\007 Taxes\2800 Aurora 112 - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\007 Taxes\2800 Aurora 101 - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\007 Taxes\2800 Aurora 101 - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\004 Leases\2013-2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\004 Leases\2014-2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\001 Property Management\2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\001 Property Management\2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\001 Property Management\2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\001 Property Management\2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\001 Property Management\2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\001 Property Management\2018\2800 Aurora 101 - Owner Statement 01-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\001 Property Management\2018\2800 Aurora 101 - Owner Statement 02-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\001 Property Management\2018\2800 Aurora 101 - Owner Statement 03-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\001 Property Management\2018\2800 Aurora 101 - Owner Statement 04-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\001 Property Management\2018\2800 Aurora 101 - Owner Statement 05-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\003 2800 Aurora 101\001 Property Management\2018\2800 Aurora 101 - Owner Statement 06-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave\007 Taxes\907 University - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave\007 Taxes\907 University - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave\002 Insurance\2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave\002 Insurance\2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave\002 Insurance\2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave\002 Insurance\2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\002 907 University Ave\002 Insurance\2018\907 U - Insurance 2018.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\001 903 18th St\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\001 903 18th St\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\001 903 18th St\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\001 903 18th St\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\001 903 18th St\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\001 903 18th St\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\001 903 18th St\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\001 903 18th St\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\001 903 18th St\008 Misc\903 18th - HOA Assessment 2018.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\001 903 18th St\007 Taxes\903 18th St - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\002 Properties\001 903 18th St\007 Taxes\903 18th St - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\001 LLC Documents\001 Foundational Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\001 LLC Documents\002 Meeting Minutes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\004 Grenoble Best\001 LLC Documents\003 Misc Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\001 LLC Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\003 Invoices:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\003 Invoices\2013-2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\003 Invoices\2014-2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\003 Invoices\2015-2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\003 Invoices\2016-2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\003 Invoices\2017-2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\003 Invoices\2017-2018\00 Atlas - Cline & Associates 27075.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\003 Invoices\2017-2018\2800 102 103 918 P 962 P - Briggs 1962 1958 1952 1949 1946 1960 1969 1968 1961 1947 1950 Utopia Mechanical Nicos Maintenance.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\003 Invoices\2017-2018\2800 306 - Pillar 3908.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\003 Invoices\2017-2018\918 P - All Phase Cleaning Briggs 1965 Home Depot.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\003 Invoices\2017-2018\918 P - Briggs 2010.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\003 Invoices\2017-2018\918 P - PG Rentals SR918.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\003 Invoices\2017-2018\918 P 2800 306 - Pillar 3611 3747 3744.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\003 Invoices\2017-2018\918 P 962 P 2800 102 103 - Briggs 2022 Home Depot Hi Tech 197059 Bennett 1067 1068.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\003 Invoices\2017-2018\918 P 962 P 2800 103 - Briggs 1984 1985 1991 1992 Home Depot.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\001 918 Pleasant:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\002 962 Pleasant:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\003 2800 Aurora 102:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\004 2800 Aurora 103:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\007 Taxes\2800 Aurora 306 - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\007 Taxes\2800 Aurora 306 - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\004 Leases\2013-2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\004 Leases\2014-2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\001 Property Management\2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\001 Property Management\2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\001 Property Management\2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\001 Property Management\2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\001 Property Management\2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\001 Property Management\2018\2800 Aurora 306 - Owner Statement 01-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\001 Property Management\2018\2800 Aurora 306 - Owner Statement 02-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\001 Property Management\2018\2800 Aurora 306 - Owner Statement 03-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\001 Property Management\2018\2800 Aurora 306 - Owner Statement 04-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\001 Property Management\2018\2800 Aurora 306 - Owner Statement 05-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\005 2800 Aurora 306\001 Property Management\2018\2800 Aurora 306 - Owner Statement 06-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\004 2800 Aurora 103\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\004 2800 Aurora 103\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\004 2800 Aurora 103\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\004 2800 Aurora 103\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\004 2800 Aurora 103\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\004 2800 Aurora 103\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\004 2800 Aurora 103\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\004 2800 Aurora 103\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\004 2800 Aurora 103\007 Taxes\2800 Aurora 103 - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\004 2800 Aurora 103\007 Taxes\2800 Aurora 103 - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\003 2800 Aurora 102\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\003 2800 Aurora 102\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\003 2800 Aurora 102\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\003 2800 Aurora 102\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\003 2800 Aurora 102\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\003 2800 Aurora 102\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\003 2800 Aurora 102\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\003 2800 Aurora 102\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\003 2800 Aurora 102\007 Taxes\2800 Aurora 102 - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\002 962 Pleasant\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\002 962 Pleasant\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\002 962 Pleasant\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\002 962 Pleasant\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\002 962 Pleasant\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\002 962 Pleasant\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\002 962 Pleasant\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\002 962 Pleasant\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\002 962 Pleasant\007 Taxes\962 Pleasant - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\002 962 Pleasant\007 Taxes\962 Pleasant - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\002 962 Pleasant\002 Insurance\2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\002 962 Pleasant\002 Insurance\2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\002 962 Pleasant\002 Insurance\2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\001 918 Pleasant\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\001 918 Pleasant\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\001 918 Pleasant\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\001 918 Pleasant\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\001 918 Pleasant\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\001 918 Pleasant\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\001 918 Pleasant\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\001 918 Pleasant\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\001 918 Pleasant\007 Taxes\918 Pleasant - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\001 918 Pleasant\007 Taxes\918 Pleasant - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\002 Properties\001 918 Pleasant\005 Smartregs\918 Pleasant Rental License 2017.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\001 LLC Documents\001 Foundational Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\001 LLC Documents\002 Meeting Minutes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\003 Atlas Investments\001 LLC Documents\003 Misc Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\001 LLC Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\001 Invoices:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\003 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\004 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\001 Invoices\2015-2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\001 Invoices\2016-2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\001 Invoices\2017-2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\000 1390 Fairfield Dr:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\001 1220 Cedar Ave:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\001 1220 Cedar Ave\00 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\001 1220 Cedar Ave\1220 Cedar - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\001 1220 Cedar Ave\00 Property Management\2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\001 1220 Cedar Ave\00 Property Management\2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\001 1220 Cedar Ave\00 Property Management\2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\001 1220 Cedar Ave\00 Property Management\2018\1220 Cedar Ave - Owner Statement 03-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\000 1390 Fairfield Dr\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\000 1390 Fairfield Dr\002 Flagstar Mortgage Docs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\000 1390 Fairfield Dr\003 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\000 1390 Fairfield Dr\003 Taxes:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\000 1390 Fairfield Dr\1390 Fairfield Dr - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\000 1390 Fairfield Dr\003 Taxes\1390 Fairfield - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\000 1390 Fairfield Dr\001 Property Management\2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\000 1390 Fairfield Dr\001 Property Management\2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\000 1390 Fairfield Dr\001 Property Management\2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\000 1390 Fairfield Dr\001 Property Management\2018\1390 Fairfield Dr - Owner Statement 01-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\000 1390 Fairfield Dr\001 Property Management\2018\1390 Fairfield Dr - Owner Statement 03-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\006 Denning Costin\000 Properties\000 1390 Fairfield Dr\001 Property Management\2018\1390 Fairfield Dr - Owner Statement 04-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\001 LLC Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\003 Invoices:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\003 Invoices\2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\003 Invoices\2015-2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\003 Invoices\2016-2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\003 Invoices\2017-2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\003 Invoices\Tenant Charges:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\003 Invoices\2017-2018\1104 University - Cline & Associates 27058.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\003 Invoices\2017-2018\1104 University - Pillar 3737.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\003 Invoices\2017-2018\1104 University - Pillar 3769.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\009 Remodel:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\1104_pics_for_insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\01 Jan 2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\02 Feb 2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\02 Feb 2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\03 Mar 2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\03 Mar 2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\04 Apr 2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\04 Apr 2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\05 May 2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\05 May 2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\06 Jun 2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\06 Jun 2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\07 Jul 2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\07 Jul 2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\07 Jul 2018\Jul 2018 1104 University Co-Owner Statement.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\07 Jul 2018\Jul 2018 Aegis.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\07 Jul 2018\Jul 2018 Profit & Loss.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\07 Jul 2018\Jul 2018 Wells Fargo.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\06 Jun 2018\Jun 2018 1104 University Co-Owner Statement.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\06 Jun 2018\Jun 2018 Aegis.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\06 Jun 2018\Jun 2018 Profit & Loss.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\06 Jun 2018\Jun 2018 Wells Fargo.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\05 May 2018\1104 Xcel project down payment invoice.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\05 May 2018\May 2018 1104 University Co-Owner Statement.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\05 May 2018\May 2018 Aegis.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\05 May 2018\May 2018 Profit & Loss.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\05 May 2018\May 2018 Wells Fargo.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\04 Apr 2018\Apr 2018 1104 University Co-Owner Statement.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\04 Apr 2018\Apr 2018 1104.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\04 Apr 2018\Apr 2018 Profit & Loss.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\04 Apr 2018\Apr 2018 Wells Fargo.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\03 Mar 2018\Mar 2018 1104 University Co-Owner Statement.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\03 Mar 2018\Mar 2018 1104.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\03 Mar 2018\Mar 2018 Profit & Loss.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\03 Mar 2018\Mar 2018 Wells Fargo.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\02 Feb 2018\Feb 2018 - 1104 University Co-Owner Statement.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\02 Feb 2018\Feb 2018 1104 Statement.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\02 Feb 2018\Feb 2018 Profit & Loss.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\02 Feb 2018\Feb 2018 Wells Fargo.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\01 Jan 2018\Jan 2018 - 1104 University Co-Owner Statement.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\01 Jan 2018\Jan 2018 1104 Statement.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2018\01 Jan 2018\Jan 2018 Profit & Loss.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2017\01 Jan 2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2017\02 Feb 2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2017\03 Mar 2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2017\04 Apr 2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2017\05 May 2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2017\06 June 2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2017\07 July 2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2017\08 Aug 2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2017\09 Sep 2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2017\10 Oct 2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2017\11 Nov 2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2017\12 Dec 2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2016\001 Jan -Mar:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2016\002 Apr 2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2016\003 May 2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2016\004 Jun 2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2016\005 Jul 2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2016\006 Aug 2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2016\007 Sep 2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2016\008 Oct 2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2016\009 Nov 2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\010 Monthly Statements\2016\010 Dec 2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\008 Misc\1104 Xcel project down payment invoice.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\007 Taxes\1104 University - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\007 Taxes\1104 University- 2017 Tax 2nd Payment Statement.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\007 Taxes\1104 University- 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\003 Bank Statements\Aegis - WF statement (01-2018).pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\003 Bank Statements\Aegis - WF statement (02-2018).pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\003 Bank Statements\Aegis - WF statement (03-2018).pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\003 Bank Statements\Aegis - WF statement (04-2018).pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\003 Bank Statements\Aegis - WF statement (05-2018).pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\003 Bank Statements\Aegis - WF statement (06-2018).pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\003 Bank Statements\Aegis - WF statement (10-2017).pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\003 Bank Statements\Aegis - WF statement (12-2017).pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\002 Insurance\1104 University - Insurance 2017-2018 Statement.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\001 Property Management\2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\001 Property Management\2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\001 Property Management\2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\001 Property Management\2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\001 Property Management\2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\001 Property Management\2018\1104 University - Owner Statement 01-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\001 Property Management\2018\1104 University - Owner Statement 02-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\001 Property Management\2018\1104 University - Owner Statement 03-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\001 Property Management\2018\1104 University - Owner Statement 04-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\001 Property Management\2018\1104 University - Owner Statement 05-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\002 Properties\1104 University\001 Property Management\2018\1104 University - Owner Statement 06-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\005 Aegis Investments\001 LLC Documents\001 Foundational Docs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\001 LLC Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\003 Invoices:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\003 Invoices\001 Tenant Charges:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\003 Invoices\2013-2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\003 Invoices\2014-2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\003 Invoices\2016-2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\002 1855 Folsom St:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\002 1855 Folsom St\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\002 1855 Folsom St\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\002 1855 Folsom St\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\002 1855 Folsom St\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\002 1855 Folsom St\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\002 1855 Folsom St\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\002 1855 Folsom St\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\002 1855 Folsom St\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\002 1855 Folsom St\007 Taxes\1855 Folsom St - 2018 Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\002 1855 Folsom St\002 Insurance\1855 Folsom - 2018 Vacant Land Ins.PDF:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\008 Misc\Renovation:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\004 Leases\2013-2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\004 Leases\2014-2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\003 Bank Statements\2013:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\003 Bank Statements\2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\001 Property Management\2013:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\001 Property Management\2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\002 Properties\001 1065 10th St\001 Property Management\2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\001 LLC Documents\001 Foundational Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\001 LLC Documents\002 Meeting Minutes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\004 4301 LLC\001 LLC Documents\003 Tax Returns:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\001 LLC Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\003 Invoices:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\003 Invoices\001 Tenant Charges:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\003 Invoices\2014-2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\003 Invoices\2015-2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\003 Invoices\2016-2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\001 2800 Aurora 303:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\002 2800 Aurora 304:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\002 2800 Aurora 304\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\002 2800 Aurora 304\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\002 2800 Aurora 304\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\002 2800 Aurora 304\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\002 2800 Aurora 304\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\002 2800 Aurora 304\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\002 2800 Aurora 304\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\002 2800 Aurora 304\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\001 2800 Aurora 303\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\001 2800 Aurora 303\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\001 2800 Aurora 303\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\001 2800 Aurora 303\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\001 2800 Aurora 303\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\001 2800 Aurora 303\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\001 2800 Aurora 303\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\001 2800 Aurora 303\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\001 2800 Aurora 303\001 Property Management\2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\001 2800 Aurora 303\001 Property Management\2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\002 Properties\001 2800 Aurora 303\001 Property Management\2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\001 LLC Documents\001 Foundational Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\001 LLC Documents\002 Meeting Minutes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\003 Towne Preston LLC\001 LLC Documents\003 Tax Returns:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\001 LLC Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\003 Invoices:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\003 Invoices\001 Tenant Charges:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\003 Invoices\2013-2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\003 Invoices\2014-2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\003 Invoices\2015-2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\003 Invoices\2016-2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\003 Invoices\2017-2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\003 Invoices\2017-2018\1048 11th - Pillar 3771.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\003 Invoices\2017-2018\1048 11th - Pillar 3832.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\003 Invoices\2017-2018\932 Marine - Hi Tech 198262.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\003 Invoices\2017-2018\932 Marine - New Windows for America 022818-MArine.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\003 Invoices\2017-2018\932 Marine - Pillar 3778.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\003 Invoices\2017-2018\932 Marine - Pillar 4096.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\008 Misc\1048 11th St - MLS.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\008 Misc\1048 11th St - Public Record.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\008 Misc\1048 11th Unit A - Inspection:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\008 Misc\1048 11th Unit A - Inspection:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\008 Misc\1048 11th Unit B - Inspection:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\008 Misc\1048 11th Unit B - Inspection:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\008 Misc\Renovation:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\007 Taxes\1048 11th St - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\007 Taxes\1048 11th St - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\004 Leases\2013:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\004 Leases\2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\003 Bank Statements\2013:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\003 Bank Statements\2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\002 Insurance\2013:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\002 Insurance\2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\002 Insurance\2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\002 Insurance\2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\002 Insurance\2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\002 Insurance\2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\002 Insurance\2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\002 Insurance\2018\1048 11th Declaration.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\001 Property Management\2013:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\001 Property Management\2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\001 Property Management\2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\001 Property Management\2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\001 Property Management\2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\001 Property Management\2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\001 Property Management\2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\001 Property Management\2018\1048 11th - Owner Statement 01-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\001 Property Management\2018\1048 11th - Owner Statement 02-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\001 Property Management\2018\1048 11th - Owner Statement 03-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\001 Property Management\2018\1048 11th - Owner Statement 04-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\001 Property Management\2018\1048 11th - Owner Statement 05-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\002 1048 11th St\001 Property Management\2018\1048 11th - Owner Statement 06-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\001 Property Management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\002 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\003 Bank Statements:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\004 Leases:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\005 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\006 Rental License:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\007 Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\008 Misc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\007 Taxes\932 Marine St - 2012 Tax 1st Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\007 Taxes\932 Marine St - 2012 Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\007 Taxes\932 Marine St - 2013 Tax 1st Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\007 Taxes\932 Marine St - 2013 Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\007 Taxes\932 Marine St - 2016 Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\007 Taxes\932 Marine St - 2017 Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\007 Taxes\932 Marine St - 2018 Property Tax 2nd Payment.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\007 Taxes\932 Marine St - 2018 Property Tax.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\004 Leases\2012-2013:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\004 Leases\2013-2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\004 Leases\2014-2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\003 Bank Statements\2013:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\003 Bank Statements\2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\002 Insurance\2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\002 Insurance\2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\002 Insurance\2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\002 Insurance\2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\002 Insurance\2018\932 Marine St - Insurance 2018.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\001 Property Management\2013:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\001 Property Management\2014:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\001 Property Management\2015:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\001 Property Management\2016:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\001 Property Management\2017:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\001 Property Management\2018:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\001 Property Management\2018:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\001 Property Management\2018\932 Marine - Owner Statement 01-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\001 Property Management\2018\932 Marine - Owner Statement 02-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\001 Property Management\2018\932 Marine - Owner Statement 03-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\001 Property Management\2018\932 Marine - Owner Statement 04-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\001 Property Management\2018\932 Marine - Owner Statement 05-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\002 Properties\001 932 Marine St\001 Property Management\2018\932 Marine - Owner Statement 06-18.pdf:com.dropbox.attrs:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\001 LLC Documents\001 Foundational Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\001 LLC Documents\002 Meeting Minutes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\002 Sabre Regis LLC\001 LLC Documents\003 Misc Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\001 LLC Documents\001 Foundational Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\001 LLC Documents\002 Meeting Minutes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\002 Tarroco\001 LLC Documents\003 Misc Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\001 Overview Documents\001 Overview:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\001 Overview Documents\002 Smartregs:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\001 Overview Documents\003 Rental Certificates:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\001 Overview Documents\004 Property Taxes:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\001 Overview Documents\005 Insurance:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\001 Overview Documents\002 Smartregs\Smartregs Certificates:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\Property Management\001 Overview Documents\002 Smartregs\Smartregs Tests:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\1125-1147 Francis St - Estoppels - Fully Executed\Counseling:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\1125-1147 Francis St - Estoppels - Fully Executed\Las Palmas:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\1125-1147 Francis St - Estoppels - Fully Executed\Ragazzi:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\1125-1147 Francis St - Estoppels - Fully Executed\Smoothie Facotry:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\1125-1147 Francis St - Estoppels - Fully Executed\Wing Shack:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Dropbox\1125-1147 Francis St - Estoppels - Fully Executed\Ziggi's:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Desktop\2018 Community Services:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Desktop\2018 Toms Scanned Documents:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Desktop\1-2018 Managed Stuff\1220 cedar B:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Desktop\1-2018 Managed Stuff\1390 Fairfield mgt folder:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Desktop\1-2018 Managed Stuff\1390 Fairfield mgt folder\1390 Fairfield:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Desktop\1-2018 Managed Stuff\1390 Fairfield mgt folder\2017 sales and prop management:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Desktop\1-2018 Managed Stuff\1390 Fairfield mgt folder\Loan Information:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Desktop\1-2018 Managed Stuff\1390 Fairfield mgt folder\new overhead light etc:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Desktop\1-2018 Managed Stuff\1390 Fairfield mgt folder\refinance Fairfield:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Desktop\1-2018 Managed Stuff\1220 cedar B\emails:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\tom work\Desktop\1-2018 COMMISSION\1-2018 win the day:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\ProgramData\Trusteer\Rapport\store\exts:Win32App_1:$DATA"
File:"Unknown ADS","C:\ProgramData\Apple\Apple Application Support\kdrl:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Apple Software Update:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Bonjour:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\BrokerMetrics:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Novatel Wireless:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Verizon Wireless\VZAccess Manager:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Verizon Wireless\Firmware Updates\Novatel:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Trusteer\Rapport\bin\x64:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\Update Core:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Novatel Wireless\Verizon:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office16:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Dropbox\Client:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\VC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Apple\Mobile Device Support:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Bonjour\Bonjour.Resources:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Adobe\Acrobat Reader DC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Bonjour:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\UNP:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Control Panel Client:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Display.NvContainer:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{28E61295-7678-449D-96F7-4DF97A12A8AA}:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Optimus.{56209314-104F-4527-AF69-DA05FFF331E7}:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\Display.Update.{0E8A70F7-13D6-4A1B-AA51-75E0A2FAF8A0}:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\Apple\Apple Application Support:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\Apple\Mobile Device Support:Win32App_1:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK2HWU","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK1HWU","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK2HWU","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK1HWU","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Provider"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","CBP"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","DPA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center","Provider"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","CBP"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","DPA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

Emsisoft Emergency Kit - Version 2018.6
Last update: 7/14/2018 8:05:15 AM
User account: DESKTOP-RSNIP8M\tom work
Computer name: DESKTOP-RSNIP8M
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 7/14/2018 8:05:38 AM

Scanned 82159
Found 0

Scan end: 7/14/2018 8:07:19 AM
Scan time: 0:01:41

RogueKiller V12.12.26.0 (x64) [Jul 9 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : tom work [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 07/14/2018 07:25:37 (Duration : 00:18:15)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{669C25F9-C476-4AB1-BECD-F988E60C6B1A}C:\users\tom work\appdata\local\ringcentral\softphoneapp\softphone.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\tom work\appdata\local\ringcentral\softphoneapp\softphone.exe|Name=softphone.exe|Desc=softphone.exe|Defer=User| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8C13EEA0-3C14-4DB3-A10D-4A54F95B55A9}C:\users\tom work\appdata\local\ringcentral\softphoneapp\softphone.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\tom work\appdata\local\ringcentral\softphoneapp\softphone.exe|Name=softphone.exe|Desc=softphone.exe|Defer=User| [7] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZFLV512HCJH-000MV +++++
--- User ---
[MBR] b4da89c74aa115ba696ced0fdf886ccf
[BSP] e18ec1fd312d2da4dfd7beac1dfe8e62 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 796672 | Size: 487137 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 998453248 | Size: 860 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

please let me know if you need anything else.

Thank you.

Juliet

2018-07-15, 12:10

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
2018-07-11 11:46 - 2018-07-11 11:46 - 000479816 _____ (Microsoft Corporation) C:\Users\tom work\AppData\Local\Temp\SurfaceBaseFwUpdate.dll
AlternateDataStreams: C:\Users\tom work\Desktop\2018 Community Services:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\tom work\Desktop\2018 Toms Scanned Documents:com.dropbox.attributes [168]
Emptytemp:
End::

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Is the computer functioning as it should?

nakkan13

2018-07-16, 00:37

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by tom work (15-07-2018 16:25:58) Run:1
Running from C:\Users\tom work\Desktop
Loaded Profiles: tom work (Available Profiles: defaultuser0 & tom work)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
2018-07-11 11:46 - 2018-07-11 11:46 - 000479816 _____ (Microsoft Corporation) C:\Users\tom work\AppData\Local\Temp\SurfaceBaseFwUpdate.dll
AlternateDataStreams: C:\Users\tom work\Desktop\2018 Community Services:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\tom work\Desktop\2018 Toms Scanned Documents:com.dropbox.attributes [168]
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
C:\Users\tom work\AppData\Local\Temp\SurfaceBaseFwUpdate.dll => moved successfully
C:\Users\tom work\Desktop\2018 Community Services => ":com.dropbox.attributes" ADS removed successfully
C:\Users\tom work\Desktop\2018 Toms Scanned Documents => ":com.dropbox.attributes" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26349192 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 849584 B
Edge => 5762 B
Chrome => 396325657 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 19166 B
LocalService => 0 B
NetworkService => 3510 B
NetworkService => 0 B
defaultuser0 => 0 B
tom work => 832900701 B

RecycleBin => 101658 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 16:26:24 ====

The computer at times has run a bit slow, a couple if times the start bar has disappeared and had to ctrl alt del to shut down. It is also connected to several monitors and the configuration on that keeps getitng messed up.

Thank you

Juliet

2018-07-16, 11:40

The computer at times has run a bit slow, a couple if times the start bar has disappeared and had to ctrl alt del to shut down. It is also connected to several monitors and the configuration on that keeps getitng messed up.
Is there a Taskbar along the bottom of the screen? If there is there is a little windows icon at the left end. This is the start button. If the Taskbar is not there try to run the mouse arrow t the bottom of the screen and the Taskbar may show up. If it does then while it is up right click on a blank area of the Taskbar and select Properties and uncheck the Hide Taskbar box. Then the Taskbar will show at the bottom of the screen.

Check for configuration settings at the link below.
Windows 10: Multiple Displays
https://www.tenforums.com/tutorials/21084-multiple-displays-change-settings-layout-windows-10-a.html

Juliet

2018-07-21, 14:19

Still need help?

nakkan13

2018-07-22, 17:48

I am unsure if I still need help with his computer. It seems to be working better now. Is there any other test I should run for it?

Juliet

2018-07-22, 19:54

I think we've done all we can do.

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

http://i.imgur.com/BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.

Download DelFix (https://toolslib.net/downloads/viewdownload/2-delfix/) and move the executable to your Desktop
Right-click on DelFix.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Check the following options :

Activate UAC
Remove disinfection tools
Create registry backup
Reset system settings

Once all the options mentionned above are checked, click on Run
After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply

Juliet

2018-07-28, 13:06

Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.