Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Ozzie

Pages: 1 [2] 3 4
16
Analysis and Malware Removal / Re: File Type Question
« on: January 26, 2017, 07:35:51 PM »
I posted the Addition.txt at 3:05:33 up above. 

I was also able to get a print screen of that DOS screen that pops up now.  Should I share the content here or send it to you privately, if there is a way to do so.

17
Analysis and Malware Removal / Re: File Type Question
« on: January 26, 2017, 04:46:42 PM »
I just tried to download the newest version of Malwarebytes twice and failed because of the below that appeared in a popup box with a yellow triangle.  I attempted the Retry button several times and the same popup always appeared.  Maybe this has some significance.


C:\WINDOWS\system32\drivers\mbae64.sys

An error occurred while trying to replace the existing file:
DeleteFile failed; code 5
Access is denied.

Clicl Retry to try again, Ignore to skip this file (not
recommended), or Abort to cancel installation.

18
Analysis and Malware Removal / Re: File Type Question
« on: January 26, 2017, 03:13:10 PM »
Corinne, would you like me to run FRST without checking all the boxes and post those results.  I honestly did not know what I was doing when I first ran it. 

Also, I have notice when the computer starts and just before everything is ready to go, a very quick flash of a DOS screen comes up with one line of text.  It is so fast that I cannot read it, no have I been quick enough to create a PrntScrn.  That used to never occur, so don't know if it has something to do with this ransomeware or not, but thought it worth mentioning.

19
Analysis and Malware Removal / Re: File Type Question
« on: January 26, 2017, 03:05:33 PM »
Here is the Addition.txt log.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by nepta (24-01-2017 14:28:00)
Running from C:\Users\nepta\Downloads
Windows 10 Pro Insider Preview Version 1607 (X64) (2016-12-22 01:52:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3155403222-1004678540-3907824167-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3155403222-1004678540-3907824167-503 - Limited - Disabled)
Guest (S-1-5-21-3155403222-1004678540-3907824167-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3155403222-1004678540-3907824167-1005 - Limited - Enabled)
nepta (S-1-5-21-3155403222-1004678540-3907824167-1001 - Administrator - Enabled) => C:\Users\nepta

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version:  - SEIKO EPSON Corporation)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
KeePass Password Safe 2.35 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.35 - Dominik Reichl)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 369.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 369.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Software Update Wizard (Redistributable) 4.5 (HKLM-x32\...\Software Update Wizard (Redistributable)) (Version: 4.5 - PowerProgrammer)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SplashShopper Desktop 3.1.0 (HKLM-x32\...\SplashShopper Desktop) (Version: 3.1.0 - SplashData)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Xmarks for IE (HKLM-x32\...\{ABFA6EAE-C9C0-4B39-B722-02094EF6B889}) (Version: 127.0.177 - Xmarks)
YNAB 4 version 4.3.857 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.857 - YouNeedABudget.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04771B00-E472-4CA7-B478-E2DCAD3DDFE7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {0BE0FB80-2013-4937-8462-C3EF4E350231} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-13] (Google Inc.)
Task: {18A4D7EE-CCD8-4D33-9904-9064CF8A5DD9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2F431CA5-1A07-4DBF-B9FB-E13EB2E94F84} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged
Task: {439B6DE1-58F7-48A1-AD8B-5B1EBC6CD269} - \Microsoft\XblGameSave\XblGameSaveTask\Logon -> No File <==== ATTENTION
Task: {5690CAE8-4FA1-42A9-9538-B06E4673EB24} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => Rundll32.exe ResetEng.dll,RjvDelayedCleanupEntryPoint
Task: {7597ADD9-C074-4C1E-A4A0-2650C0686697} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2016-12-03] (Microsoft Corporation)
Task: {783E8AC2-3F32-4DE5-9F06-C062E4762819} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {7BFC09BB-DC63-4BD5-8011-5D65B94B3F11} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {A32A7355-CF98-41E0-B886-B6B74534B3CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-13] (Google Inc.)
Task: {AC707944-592E-444D-86B0-D4A4019DCA71} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {E326602E-A55A-4DB3-8428-67A57CF0EB7C} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2016-12-03] (Microsoft Corporation)
Task: {E9073F07-64D7-4A00-A6AA-B1FDAEE0FF88} - System32\Tasks\{2746715E-41F5-45F6-87C8-F6AD1333CC64} => pcalua.exe -a "C:\Program Files (x86)\Wondershare\MobileGo\unins000.exe" -c /WAF
Task: {EF82857E-6B76-45B1-9FE1-AD22C9553C59} - System32\Tasks\GoogleUpdateTaskMachineCore1d1b446eafdf7a7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-13] (Google Inc.)
Task: {F19CEB9F-AAB9-459F-9C7B-29DD4EF0617A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F80142CF-167E-4F3D-BF86-F9531AD8E1B7} - System32\Tasks\Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask
Task: {FC0D430B-2A86-4FC5-988C-29544DBCE340} - System32\Tasks\{3B8F5E62-39B9-47BB-8AE7-DEB6E12BD22B} => pcalua.exe -a C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YINSHVA.EXE -c /R /APD /P:"EPSON WorkForce 645 Series"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\nepta\AppData\Local\685b23\0a1e0a.lnk -> C:\Users\nepta\AppData\Local\685b23\ee2b2d.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2016-12-03 08:34 - 2016-12-03 08:34 - 03142840 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00347136 _____ () C:\Windows\System32\HrtfApo.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03142840 _____ () c:\windows\system32\CoreUIComponents.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03142840 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-21 19:58 - 2016-12-21 19:58 - 01678560 _____ () C:\Users\nepta\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2017-01-18 09:08 - 2017-01-18 09:08 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-18 09:08 - 2017-01-18 09:08 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00148752 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00186368 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00816640 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 10812416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 02004480 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 01100800 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 05280256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03142840 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-21 19:30 - 2016-08-01 06:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-01-21 08:52 - 2017-01-21 08:52 - 03865600 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-12-13 10:36 - 2016-12-13 10:36 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 03142840 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00410896 _____ () C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
2016-11-17 01:29 - 2016-11-17 01:29 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2016-12-09 15:44 - 2016-12-08 01:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-09 15:44 - 2016-12-08 01:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2016-12-13 10:36 - 2016-12-13 10:36 - 12163072 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2016-12-13 10:36 - 2016-12-13 10:36 - 00958464 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-05-07 07:09 - 2016-05-07 07:09 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-08-20 10:17 - 2016-08-20 10:17 - 03312024 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
2015-11-04 12:40 - 2015-10-11 21:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\Software\Classes\05592: "C:\WINDOWS\system32\mshta.exe" "javascript:qQDHE1RB8="Mzhx5ZR";Ba8=new ActiveXObject("WScript.Shell");HCenQii8="bzZ";q4GcW=Ba8.RegRead("HKCU\\software\\lcepqwksl\\apojauvq");lEkDKq6="LjAo";eval(q4GcW);F55NPtu="ix";" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-19 16:09 - 2015-10-19 16:07 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\Control Panel\Desktop\\Wallpaper -> c:\users\nepta\pictures\wallpaper\12122952_1169510753063347_5170063591229541779_n.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [holoshellapp-In-TCP] => %systemroot%\holoshell\holoshellapp.exe
FirewallRules: [holoshellapp-Out-TCP] => %systemroot%\holoshell\holoshellapp.exe
FirewallRules: [compositor-In-TCP] => LPort=48862
FirewallRules: [compositor-Out-TCP] => LPort=48862
FirewallRules: [{38749D41-9B19-423A-8772-CF4A598E41CC}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BF921DD7-EDF3-4D31-93C6-31A21DB129FF}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C0409259-95BE-489A-96E7-3FC59394A6E5}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2AFAB629-77CC-45E7-9A7F-8722C449D2BE}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{000DEFFA-6821-4F9B-ACDD-AF56E8C2E22E}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4008ED15-426B-4E27-8FF2-A6638805D27F}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4B63113D-EA0B-4334-A428-3C3A67BCCFE5}] => C:\Program Files (x86)\SplashData\SplashShopper Desktop\SplashShopper Desktop.exe
FirewallRules: [{4D894AA0-7D8E-45E3-AD73-ED06CBC619FD}] => C:\Program Files (x86)\SplashData\SplashShopper Desktop\SplashShopper Desktop.exe
FirewallRules: [{6DE609A2-112E-4504-8DBB-C54963EB629F}] => I:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{4F31EDE2-4DE3-4856-A4C3-7CC1BC03A36E}] => I:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{0879753D-6892-4962-8665-C1AB3929BA56}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5C8BE526-A1C4-484B-851F-7FA123CC3083}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C0DE496C-975C-4700-ACAB-5CF8ED569EF3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A0ADBAC6-FF70-40D4-82B7-4E7AB6C87D3D}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FAEF4F61-0D68-4974-B158-1F1D88F613F5}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{34811BD7-5AA1-4154-8096-5D2AFD62A2B0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4E8F7955-1A2A-4D38-9A0A-26F8B1C0D081}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1183227F-8F60-44F4-BFD6-483BB0626E0E}] => C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{CC4603FF-F649-42C0-B5E9-D15CA97CEEF1}] => C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{480D28FB-7A85-495C-A76E-7DB65B81B845}] => C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{8F52466D-0E61-4E99-879D-0D65035E3032}] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{613F0329-2ED0-4ACB-B989-D99B368BE058}] => LPort=5357
FirewallRules: [{EE96252E-7B53-4693-AEE8-A71435FCAA1B}] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe

==================== Restore Points =========================

24-01-2017 11:44:04 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2017 02:20:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.14986.1000, time stamp: 0x5fae2cca
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000005
Fault offset: 0x000000000003c53d
Faulting process id: 0x2708
Faulting application start time: 0x01d2767de5ff3258
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f5587d52-a24e-4860-8d30-d00f3678faaa
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 02:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_ResetEng.dll, version: 10.0.14986.1000, time stamp: 0x4067e605
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000409
Fault offset: 0x00000000000957ef
Faulting process id: 0x2a94
Faulting application start time: 0x01d2767dd3d7699a
Faulting application path: C:\WINDOWS\system32\rundll32.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 4c5d09f9-5f34-4678-9c31-2b382d6cc0f9
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 02:05:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.14986.1000, time stamp: 0x5fae2cca
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000005
Fault offset: 0x000000000003c53d
Faulting process id: 0x1950
Faulting application start time: 0x01d2767bcd2bfaaf
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 69c4132b-9eee-4a47-b25d-e695be67e65e
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 01:55:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.14986.1000, time stamp: 0x5fae2cca
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000005
Fault offset: 0x000000000003c53d
Faulting process id: 0x2d28
Faulting application start time: 0x01d2767a62c414b7
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 27e13a43-0e78-4021-b349-694029583fba
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 01:49:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_ResetEng.dll, version: 10.0.14986.1000, time stamp: 0x4067e605
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000409
Fault offset: 0x00000000000957ef
Faulting process id: 0x28e0
Faulting application start time: 0x01d2767af9b21589
Faulting application path: C:\WINDOWS\system32\rundll32.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 30361fb0-10a7-4757-8b22-056317e39741
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 01:45:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.14986.1000, time stamp: 0x5fae2cca
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000005
Fault offset: 0x000000000003c53d
Faulting process id: 0x2760
Faulting application start time: 0x01d27678f7257d2e
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 80d6a599-dcc0-4d5c-90be-267fe81f259d
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 01:34:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.14986.1000, time stamp: 0x5fae2cca
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000005
Fault offset: 0x000000000003c53d
Faulting process id: 0x209c
Faulting application start time: 0x01d276777d6bef1e
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: a08f967e-cb15-45bb-bb18-929285d05152
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 01:21:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.14986.1000, time stamp: 0x5fae2cca
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000005
Fault offset: 0x000000000003c53d
Faulting process id: 0x1c68
Faulting application start time: 0x01d276734c56cf2d
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 4ef94bc0-05dc-4e6b-ba44-1cec53db137f
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 12:52:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_ResetEng.dll, version: 10.0.14986.1000, time stamp: 0x4067e605
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000409
Fault offset: 0x00000000000957ef
Faulting process id: 0x42c
Faulting application start time: 0x01d27673014f6918
Faulting application path: C:\WINDOWS\system32\rundll32.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 99fec37e-1aee-4d6a-8cec-770d4ded3f30
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 12:48:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.14986.1000, time stamp: 0x5fae2cca
Faulting module name: ntdll.dll, version: 10.0.14986.1000, time stamp: 0xd8fc5bf5
Exception code: 0xc0000005
Fault offset: 0x000000000003c53d
Faulting process id: 0x186c
Faulting application start time: 0x01d2767108c0529b
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 8ba9c4b7-3efb-4db4-86b1-4324441417a3
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (01/24/2017 02:28:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 02:12:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 11:43:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 11:33:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 11:31:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (01/24/2017 11:31:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (01/24/2017 11:31:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (01/24/2017 11:31:39 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (01/24/2017 11:31:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/24/2017 11:31:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2017-01-24 11:35:49.048
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:35:49.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:28:54.490
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:28:54.489
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:28:53.624
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:28:53.622
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:28:23.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:28:23.694
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:14:04.299
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-24 11:14:04.298
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 48%
Total physical RAM: 8174.52 MB
Available physical RAM: 4179.76 MB
Total Virtual: 9454.52 MB
Available Virtual: 4842.48 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.73 GB) (Free:808.77 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.25 GB) (Free:1.83 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive j: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
Drive k: (My Passport) (Fixed) (Total:930.86 GB) (Free:894.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4A1A018B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=12.2 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 00052F35)
Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

20
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 09:01:25 PM »
I apologize for it being so long.

21
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 09:00:45 PM »
20th continuation of FRST

Resume from Hibernate
---------------------
identifier              {1f85e35b-ad1f-11e6-a6b2-cd1b6bd63995}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {90ec7a02-ad1f-11e6-a6b2-cd1b6bd63995}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {3aefe89e-a4f1-11e4-a74f-990c0320d25c}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {67a5f5d2-a4f2-11e4-a74f-990c0320d25c}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {405b0c58-5878-11e5-ba10-d3779ebad293}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {1c337f50-5892-11e5-ba10-d3779ebad293}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {45383338-9fbd-11e5-bc98-a742e1ee1e86}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {0a3beb22-9fbe-11e5-bc98-a742e1ee1e86}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {595939b6-2103-11e5-9fe8-96955d914c1a}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {90d1b72e-2104-11e5-9fe8-96955d914c1a}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {5bac4a59-2050-11e6-848b-b0cf0c155543}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {ca4e4463-2050-11e6-848b-b0cf0c155543}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {6ac0f650-f199-11e4-b309-96fcc1ebdff1}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-GB
inherit                 {resumeloadersettings}
recoverysequence        {27b924d8-f19a-11e4-b309-96fcc1ebdff1}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {72d05f34-74d6-11e4-ab1c-9cb198ec84d4}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {c0563398-74d7-11e4-ab1c-9cb198ec84d4}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {74c4be10-3600-11e0-8ff1-0018716eb820}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {8362fcd7-ffa4-11e4-9d76-8f895f96bdb5}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {56d2cfbe-ffa5-11e4-9d76-8f895f96bdb5}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {8b93df4d-3e9c-11e6-b4ce-890e583dd6aa}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {5ed48d06-3e9d-11e6-b4ce-890e583dd6aa}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {9dccde00-5ef1-11e4-a253-a762ade906b2}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {89f532e4-5ef3-11e4-a253-a762ade906b2}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {a1420209-2c6e-11e5-9b7e-99b7c27ee180}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {aba9da96-2c6f-11e5-9b7e-99b7c27ee180}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {a9340868-26f8-11e5-92d8-c964757cb674}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {2af3ba9e-26f9-11e5-92d8-c964757cb674}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {aa5b5bcf-fe02-11e5-a48d-a04756c6d275}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {1817421a-fe03-11e5-a48d-a04756c6d275}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {b2e989df-4ada-11e5-90ec-a1eca10b6741}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {01381978-4adb-11e5-90ec-a1eca10b6741}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {b4fb9e1a-90ea-11e6-9cba-ce2631d934cd}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {362d5e24-90eb-11e6-9cba-ce2631d934cd}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {d0b36eaa-778d-11e5-bd80-df3b4abbd218}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {fa4c8e4c-778e-11e5-bd80-df3b4abbd218}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {d0f0ec58-4ef3-11e6-b864-8e4e49a5f15c}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {46bc2ade-4ef4-11e6-b864-8e4e49a5f15c}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {e86dc95c-5114-11e6-b299-cac8d5d6ee70}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {bd8e81a8-5115-11e6-b299-cac8d5d6ee70}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {eed82528-1c62-11e5-9523-b09403b1f74a}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {eed8252a-1c62-11e5-9523-b09403b1f74a}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {f5c59a7d-5d4d-11e4-b3b5-8fd73e18ab92}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {0bc6c150-5d4e-11e4-b3b5-8fd73e18ab92}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {f732e007-d33e-11e4-b541-bf24e1a268f6}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {bdae523f-d33f-11e4-b541-bf24e1a268f6}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {ffe3a91b-a82a-11e4-9f21-bbcb7c4ae7c6}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {4e494be6-a82c-11e4-9f21-bbcb7c4ae7c6}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {01381979-4adb-11e5-90ec-a1eca10b6741}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {0561ba6b-a4de-11e4-95f8-386077a7a31a}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {072c6105-50fa-11e6-baf2-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {07f471a4-3b00-11e1-8ee8-d0df9ade1364}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {0a3beb23-9fbe-11e5-bc98-a742e1ee1e86}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {0bc6c151-5d4e-11e4-b3b5-8fd73e18ab92}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {10e34318-3513-11e6-b390-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {1817421b-fe03-11e5-a48d-a04756c6d275}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {19a2ec41-2c54-11e5-99c3-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {1c337f51-5892-11e5-ba10-d3779ebad293}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {1c75c319-69ca-11e5-9cf9-9ab429923201}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {1f059db4-0e00-11e5-9654-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {2179e136-74c4-11e4-95dd-386077a7a31a}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {27b924d9-f19a-11e4-b309-96fcc1ebdff1}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {2af3ba9f-26f9-11e5-92d8-c964757cb674}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {33cbba83-585d-11e5-b6aa-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {362d5e25-90eb-11e6-9cba-ce2631d934cd}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {39802f99-0e1c-11e5-826f-9d41d4129edd}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {41b1de6c-4ac0-11e5-b6a5-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {46bc2adf-4ef4-11e6-b864-8e4e49a5f15c}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {4e494be7-a82c-11e4-9f21-bbcb7c4ae7c6}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {56d2cfbf-ffa5-11e4-9d76-8f895f96bdb5}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {59bbc8af-0652-11e5-9651-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {5d967430-26de-11e5-b69e-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {5e21caee-5d32-11e4-bba7-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {5ed48d07-3e9d-11e6-b4ce-890e583dd6aa}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {67a5f5d3-a4f2-11e4-a74f-990c0320d25c}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {6f394633-062c-11e5-9e46-c70a78578c1e}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {74b63f53-352e-11e6-9274-dba575b7dfbb}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {811b1a47-90ce-11e6-b3b4-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {84377095-c7f6-11e6-8d9d-9dd2077c58d7}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {853e0695-2035-11e6-b38d-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {89f532e5-5ef3-11e4-a253-a762ade906b2}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {90a49c7c-c7e3-11e6-b3bd-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {90d1b72f-2104-11e5-9fe8-96955d914c1a}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {90ec7a03-ad1f-11e6-a6b2-cd1b6bd63995}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {9f8b0992-69ad-11e5-b6ab-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {a48c66b7-5ecf-11e4-95d5-386077a7a31a}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {a9609e5e-3e81-11e6-b392-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {aba9da97-2c6f-11e5-9b7e-99b7c27ee180}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {b9ae0dde-ffcc-11e4-9646-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {ba3a276d-ad0c-11e6-b3ba-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {bd8e81a9-5115-11e6-b299-cac8d5d6ee70}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {bdae5240-d33f-11e4-b541-bf24e1a268f6}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {c0563399-74d7-11e4-ab1c-9cb198ec84d4}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {ca4e4464-2050-11e6-848b-b0cf0c155543}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {d24bf5bf-d322-11e4-9617-386077a7a31a}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {d27a4702-fde7-11e5-b382-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {d67b8984-9faa-11e5-b370-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {eed8252b-1c62-11e5-9523-b09403b1f74a}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {eed8252c-1c62-11e5-9523-b09403b1f74a}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {f176c1fd-4ed8-11e6-b394-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {f2be3dd2-a817-11e4-9600-386077a7a31a}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {f69b7c33-f1c1-11e4-9635-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {fa4c8e4d-778e-11e5-bd80-df3b4abbd218}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {fd532406-7772-11e5-b365-d0df9ade1364}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi


LastRegBack: 2017-01-18 11:49

==================== End of FRST.txt ============================

22
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:59:28 PM »
19th continuation of FRST

2016-12-03 08:33 - 2016-12-03 08:33 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidi2c.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00049424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vdrvroot.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00048912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\circlass.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidir.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00046352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00045840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mausbip.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00045840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidinterrupt.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\devauthe.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00044352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00042768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbGDCoInstaller.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00040720 _____ (Silicon Integrated Systems Corp.) C:\WINDOWS\system32\Drivers\sisraid2.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00040208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssmbios.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidusb.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00038128 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaLPSSi_GPIO.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2016-12-03 08:33 - 2016-12-03 08:33 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\TsUsbGD.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00033552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbatt.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00033280 _____ (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\iagpio.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00032528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00032528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fdc.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthhfHid.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wacompen.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CmBatt.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00029456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00028432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00027920 _____ (Mellanox) C:\WINDOWS\system32\Drivers\winmad.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00026896 _____ C:\WINDOWS\system32\Drivers\SDFRd.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00026896 _____ (Promise Technology, Inc.) C:\WINDOWS\system32\Drivers\stexstor.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npsvctrig.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSDScan.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00024336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urschipidea.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00024336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00024280 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00023312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urssynopsys.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSDPrint.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kdnic.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00022800 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdxata.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\genericusbfn.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AcpiDev.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00018704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmiacpi.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsilog.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00016704 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtIntcLpioDMA.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MTConfig.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00015120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelide.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpipmi.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00014656 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtPL080.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00014608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msisadrv.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00014144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRTProxy.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00014096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\umpass.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\errdev.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpitime.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serscan.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpipagr.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00012560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciide.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00012048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volume.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00011992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CIRCoInst.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00011536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00009728 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\bcmfn2.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00001913 _____ C:\WINDOWS\system32\@WindowsUpdate.240.png
2016-12-03 08:27 - 2016-12-28 22:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-03 02:56 - 2016-12-03 02:56 - 00000000 _____ C:\GLOB(0x2c46be4)
2016-12-03 02:56 - 2016-12-03 02:56 - 00000000 _____ C:\GLOB(0x2c1371c)
2016-12-03 02:56 - 2016-12-03 02:56 - 00000000 _____ C:\GLOB(0x2bea754)
2016-12-03 02:56 - 2016-12-03 02:56 - 00000000 _____ C:\GLOB(0x2a5572c)
2016-12-03 02:55 - 2017-01-24 11:52 - 00000000 ____D C:\Windows
2016-12-03 02:55 - 2017-01-24 11:36 - 00000000 ____D C:\WINDOWS\System32
2016-12-03 02:55 - 2017-01-24 11:31 - 16777216 _____ C:\WINDOWS\system32\config\SYSTEM
2016-12-03 02:55 - 2017-01-24 11:31 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2016-12-03 02:55 - 2017-01-24 11:31 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT
2016-12-03 02:55 - 2017-01-24 11:31 - 00057344 _____ C:\WINDOWS\system32\config\SECURITY
2016-12-03 02:55 - 2017-01-24 10:44 - 00000000 ____D C:\WINDOWS\SysWOW64
2016-12-03 02:55 - 2017-01-24 10:24 - 06029312 _____ C:\WINDOWS\system32\config\DRIVERS
2016-12-03 02:55 - 2017-01-23 18:42 - 00000000 __RHD C:\Users\Default
2016-12-03 02:55 - 2017-01-06 13:46 - 29622272 _____ C:\WINDOWS\system32\config\COMPONENTS
2016-12-03 02:55 - 2017-01-04 15:32 - 00000000 ____D C:\WINDOWS\WinSxS
2016-12-03 02:55 - 2017-01-03 12:24 - 00000000 ____D C:\WINDOWS\system32\config
2016-12-03 02:55 - 2017-01-02 16:49 - 00069632 _____ C:\WINDOWS\system32\config\SAM
2016-12-03 02:55 - 2016-12-26 08:52 - 00000000 ____D C:\WINDOWS\Logs
2016-12-03 02:55 - 2016-12-23 12:22 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-03 02:55 - 2016-12-21 19:51 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-12-03 02:55 - 2016-12-21 19:34 - 00000000 ___RD C:\Users
2016-12-03 02:55 - 2016-12-21 19:30 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-03 02:55 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-03 02:55 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\servicing
2016-12-03 02:55 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2016-12-03 02:55 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\CatRoot
2016-12-03 02:55 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-12-03 02:55 - 2016-12-03 02:56 - 00053743 _____ C:\GLOB(0x22b727c)
2016-12-03 02:55 - 2016-12-03 02:56 - 00004184 _____ C:\GLOB(0x210727c)
2016-12-03 02:55 - 2016-12-03 02:56 - 00003546 _____ C:\GLOB(0x231727c)
2016-12-03 02:55 - 2016-12-03 02:56 - 00003414 _____ C:\GLOB(0x22e727c)
2016-12-03 02:55 - 2016-12-03 02:55 - 20971520 ___SH C:\WINDOWS\system32\config\SOFTWARE.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 16416768 ___SH C:\WINDOWS\system32\config\SOFTWARE.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 07340032 ___SH C:\WINDOWS\system32\config\COMPONENTS.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 02760704 ___SH C:\WINDOWS\system32\config\SYSTEM.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 02621440 ___SH C:\WINDOWS\system32\config\SYSTEM.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 01040384 ___SH C:\WINDOWS\system32\config\DRIVERS.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 00903952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-12-03 02:55 - 2016-12-03 02:55 - 00860432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmiEngine.dll
2016-12-03 02:55 - 2016-12-03 02:55 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00524288 ___SH C:\WINDOWS\system32\config\BBI{120e2566-b936-11e6-a947-e41d2d740e30}.TMContainer00000000000000000002.regtrans-ms
2016-12-03 02:55 - 2016-12-03 02:55 - 00524288 ___SH C:\WINDOWS\system32\config\BBI{120e2566-b936-11e6-a947-e41d2d740e30}.TMContainer00000000000000000001.regtrans-ms
2016-12-03 02:55 - 2016-12-03 02:55 - 00319488 ___SH C:\WINDOWS\system32\config\BBI.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 00280336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdscore.dll
2016-12-03 02:55 - 2016-12-03 02:55 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\PkgMgr.exe
2016-12-03 02:55 - 2016-12-03 02:55 - 00212992 ___SH C:\WINDOWS\system32\config\BBI.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00149264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-12-03 02:55 - 2016-12-03 02:55 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2016-12-03 02:55 - 2016-12-03 02:55 - 00131856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SSShim.dll
2016-12-03 02:55 - 2016-12-03 02:55 - 00131072 ___SH C:\WINDOWS\system32\config\DEFAULT.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2016-12-03 02:55 - 2016-12-03 02:55 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2016-12-03 02:55 - 2016-12-03 02:55 - 00098304 ___SH C:\WINDOWS\system32\config\DEFAULT.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00065536 ___SH C:\WINDOWS\system32\config\SECURITY.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 00065536 ___SH C:\WINDOWS\system32\config\SECURITY.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00065536 ___SH C:\WINDOWS\system32\config\SAM.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 00065536 ___SH C:\WINDOWS\system32\config\SAM.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00065536 ___SH C:\WINDOWS\system32\config\BBI{120e2566-b936-11e6-a947-e41d2d740e30}.TM.blf
2016-12-03 02:55 - 2016-12-03 02:55 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00008192 ___SH C:\WINDOWS\system32\config\COMPONENTS.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 ___SH C:\WINDOWS\system32\config\ELAM.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 ___SH C:\Users\Default\NTUSER.DAT.LOG2
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 ___SH C:\Users\Default\NTUSER.DAT.LOG1
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 _____ C:\GLOB(0x2c4c6e4)
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 _____ C:\GLOB(0x2c1d23c)
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 _____ C:\GLOB(0x2bed23c)
2016-12-03 02:55 - 2016-12-03 02:55 - 00000000 _____ C:\GLOB(0x2a5921c)
2016-11-21 16:04 - 2016-11-21 16:04 - 00002087 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2016-11-21 16:01 - 2017-01-12 13:58 - 00000000 ____D C:\Users\nepta\Downloads\HP Downloads
2016-11-21 15:58 - 2016-11-21 15:58 - 00000000 ____D C:\Users\nepta\Documents\HpReg_Backup
2016-11-19 12:50 - 2016-11-19 12:50 - 00019083 _____ C:\Users\nepta\Documents\WIN-9VDBKK3EQVE.speccy
2016-11-19 12:48 - 2016-12-21 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-11-19 12:47 - 2016-11-19 12:48 - 06290016 _____ (Piriform Ltd) C:\Users\nepta\Downloads\spsetup130.exe
2016-11-19 12:46 - 2016-11-19 12:48 - 00000839 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-11-19 12:46 - 2016-11-19 12:46 - 00000000 ____D C:\Program Files\Speccy
2016-11-19 12:43 - 2016-11-19 12:45 - 05201280 _____ (Piriform Ltd) C:\Users\nepta\Downloads\spsetup129.exe
2016-11-19 12:06 - 2016-11-19 12:06 - 00000000 ___HD C:\$SysReset
2016-11-12 15:03 - 2016-11-12 15:03 - 15564308 _____ C:\Users\nepta\Downloads\haidt.APA-2016-lecture-on-polarization.for-posting.compressed.pptx.crdownload
2016-11-05 04:36 - 2016-12-21 19:48 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-11-05 04:27 - 2016-11-05 04:27 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShieldProviderService.exe
2016-11-05 04:27 - 2016-11-05 04:27 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\DefenderShield.dll
2016-11-05 04:27 - 2016-11-05 04:27 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.WelcomeScreen.dll
2016-11-05 04:27 - 2016-11-05 04:27 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShieldProviderProxyStub.dll
2016-11-05 04:26 - 2016-11-05 04:26 - 01812219 ____N C:\WINDOWS\system32\ActionCenterWelcomeImage.png
2016-11-05 04:26 - 2016-11-05 04:26 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.WelcomeScreen.dll
2016-11-05 04:26 - 2016-11-05 04:26 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2016-11-05 04:26 - 2016-11-05 04:26 - 00000639 ____N C:\WINDOWS\system32\@ActionCenterToastIcon.png
2016-11-05 04:25 - 2016-11-05 04:25 - 18491904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HydrogenCompositor.dll
2016-11-04 13:16 - 2016-10-31 05:15 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-04 13:16 - 2016-10-31 04:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-03 08:55 - 2016-12-21 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-10-27 13:09 - 2016-12-21 19:39 - 00000000 ____D C:\Users\nepta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xmarks
2016-10-27 13:09 - 2016-10-27 13:09 - 00000000 ____D C:\Program Files (x86)\Xmarks

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 14:24 - 2015-07-09 13:18 - 00000000 ____D C:\AdwCleaner
2017-01-24 12:29 - 2015-10-19 15:25 - 00093480 _____ C:\Users\nepta\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-24 11:29 - 2015-11-04 15:18 - 00000000 ____D C:\Users\nepta\AppData\Local\Xmarks
2017-01-24 10:44 - 2015-10-22 12:19 - 00002211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2017-01-24 10:41 - 2016-08-15 18:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-24 10:37 - 2015-10-20 15:26 - 00000000 ____D C:\Users\nepta\AppData\Roaming\KeePass
2017-01-24 10:24 - 2015-10-19 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-01-24 10:23 - 2016-03-19 10:15 - 00000000 ____D C:\WINDOWS\ShellNew
2017-01-24 08:53 - 2016-08-28 06:04 - 00000000 ____D C:\ProgramData\FitbitConnect
2017-01-23 18:42 - 2015-06-29 08:54 - 00000000 ____D C:\Users\nepta\Desktop\Retrieved
2017-01-23 18:40 - 2015-12-02 19:08 - 00000000 ____D C:\Users\nepta\Desktop\Steph's Work Folder
2017-01-23 18:36 - 2016-06-30 08:33 - 00000000 ____D C:\Users\nepta\Downloads\Drawing Programs
2017-01-23 18:27 - 2015-08-25 19:18 - 00000000 ____D C:\Users\nepta\Desktop\Stacee Work Folder
2017-01-23 18:22 - 2016-06-03 15:45 - 00000000 ____D C:\Users\nepta\Desktop\Finances
2017-01-23 18:22 - 2015-09-06 12:10 - 00000000 ____D C:\Users\nepta\Desktop\Menues
2017-01-23 18:22 - 2011-02-11 10:32 - 00000000 __RHD C:\SYSTEM.SAV
2017-01-23 18:22 - 2011-02-11 10:32 - 00000000 ____D C:\SWSETUP
2017-01-23 18:21 - 2016-04-26 16:58 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-01-23 18:21 - 2013-08-22 14:37 - 00000000 ____D C:\GRAPHPAP
2017-01-23 18:20 - 2016-07-23 10:57 - 00000000 ____D C:\Users\nepta\Documents\City Application
2017-01-23 18:20 - 2015-11-05 13:15 - 00000000 ____D C:\Users\nepta\Documents\pixie
2017-01-23 18:20 - 2014-10-26 14:07 - 00000000 ____D C:\RecoveryImage
2017-01-23 18:18 - 2016-04-10 17:30 - 00000000 ____D C:\Users\nepta\Documents\Finances Stephanie
2017-01-19 13:06 - 2016-01-21 11:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 13:25 - 2015-10-20 12:41 - 00000442 _____ C:\Users\nepta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Passport (K).lnk
2017-01-10 13:21 - 2015-10-20 11:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 13:19 - 2016-08-14 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-10 13:18 - 2015-10-20 11:13 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-09 13:03 - 2015-10-19 16:09 - 00000167 _____ C:\WINDOWS\win.ini
2017-01-09 09:43 - 2015-10-21 15:41 - 00001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2017-01-09 09:43 - 2015-10-21 15:41 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2017-01-02 16:55 - 2016-06-23 16:45 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware

==================== Files in the root of some directories =======

2016-10-01 17:39 - 2016-10-01 17:39 - 0038411 _____ () C:\Users\nepta\AppData\Roaming\Microsoft Excel 97-2003.ADR
2016-10-01 17:34 - 2016-11-29 15:26 - 0009301 _____ () C:\Users\nepta\AppData\Roaming\Microsoft Excel 97-2003.EML
2016-04-09 08:14 - 2016-04-09 08:14 - 0000017 _____ () C:\Users\nepta\AppData\Local\resmon.resmoncfg
2017-01-23 18:21 - 2017-01-23 18:21 - 0003592 _____ () C:\ProgramData\346FD420--07CA--C4B7--4928A8E6--FA91EDB292F1.osiris
2015-11-05 18:28 - 2015-11-05 18:28 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-01-23 18:21 - 2017-01-23 18:21 - 0008182 _____ () C:\ProgramData\OSIRIS-a761.htm

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
flightsigning           Yes
default                 {current}
resumeobject            {04d461d9-c7f6-11e6-8d9d-9dd2077c58d7}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 0

Windows Boot Loader
-------------------
identifier              {01381978-4adb-11e5-90ec-a1eca10b6741}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{01381979-4adb-11e5-90ec-a1eca10b6741}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{01381979-4adb-11e5-90ec-a1eca10b6741}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.exe
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {84377094-c7f6-11e6-8d9d-9dd2077c58d7}
displaymessageoverride  Recovery
recoveryenabled         Yes
flightsigning           Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {04d461d9-c7f6-11e6-8d9d-9dd2077c58d7}
nx                      OptIn
bootmenupolicy          Standard

Windows Boot Loader
-------------------
identifier              {07f471a3-3b00-11e1-8ee8-d0df9ade1364}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{07f471a4-3b00-11e1-8ee8-d0df9ade1364}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{07f471a4-3b00-11e1-8ee8-d0df9ade1364}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {0a3beb22-9fbe-11e5-bc98-a742e1ee1e86}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{0a3beb23-9fbe-11e5-bc98-a742e1ee1e86}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{0a3beb23-9fbe-11e5-bc98-a742e1ee1e86}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {0bc6c150-5d4e-11e4-b3b5-8fd73e18ab92}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{0bc6c151-5d4e-11e4-b3b5-8fd73e18ab92}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{0bc6c151-5d4e-11e4-b3b5-8fd73e18ab92}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {1817421a-fe03-11e5-a48d-a04756c6d275}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{1817421b-fe03-11e5-a48d-a04756c6d275}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{1817421b-fe03-11e5-a48d-a04756c6d275}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {1c337f50-5892-11e5-ba10-d3779ebad293}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{1c337f51-5892-11e5-ba10-d3779ebad293}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{1c337f51-5892-11e5-ba10-d3779ebad293}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {1c75c318-69ca-11e5-9cf9-9ab429923201}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{1c75c319-69ca-11e5-9cf9-9ab429923201}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{1c75c319-69ca-11e5-9cf9-9ab429923201}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {27b924d8-f19a-11e4-b309-96fcc1ebdff1}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{27b924d9-f19a-11e4-b309-96fcc1ebdff1}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-GB
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{27b924d9-f19a-11e4-b309-96fcc1ebdff1}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {2af3ba9e-26f9-11e5-92d8-c964757cb674}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{2af3ba9f-26f9-11e5-92d8-c964757cb674}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{2af3ba9f-26f9-11e5-92d8-c964757cb674}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {362d5e24-90eb-11e6-9cba-ce2631d934cd}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{362d5e25-90eb-11e6-9cba-ce2631d934cd}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{362d5e25-90eb-11e6-9cba-ce2631d934cd}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {39802f98-0e1c-11e5-826f-9d41d4129edd}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{39802f99-0e1c-11e5-826f-9d41d4129edd}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{39802f99-0e1c-11e5-826f-9d41d4129edd}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {46bc2ade-4ef4-11e6-b864-8e4e49a5f15c}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{46bc2adf-4ef4-11e6-b864-8e4e49a5f15c}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{46bc2adf-4ef4-11e6-b864-8e4e49a5f15c}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {4e494be6-a82c-11e4-9f21-bbcb7c4ae7c6}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{4e494be7-a82c-11e4-9f21-bbcb7c4ae7c6}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{4e494be7-a82c-11e4-9f21-bbcb7c4ae7c6}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {56d2cfbe-ffa5-11e4-9d76-8f895f96bdb5}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{56d2cfbf-ffa5-11e4-9d76-8f895f96bdb5}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-GB
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{56d2cfbf-ffa5-11e4-9d76-8f895f96bdb5}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {5ed48d06-3e9d-11e6-b4ce-890e583dd6aa}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{5ed48d07-3e9d-11e6-b4ce-890e583dd6aa}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{5ed48d07-3e9d-11e6-b4ce-890e583dd6aa}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {67a5f5d2-a4f2-11e4-a74f-990c0320d25c}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{67a5f5d3-a4f2-11e4-a74f-990c0320d25c}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{67a5f5d3-a4f2-11e4-a74f-990c0320d25c}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {6f394632-062c-11e5-9e46-c70a78578c1e}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{6f394633-062c-11e5-9e46-c70a78578c1e}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-GB
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{6f394633-062c-11e5-9e46-c70a78578c1e}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {74b63f52-352e-11e6-9274-dba575b7dfbb}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{74b63f53-352e-11e6-9274-dba575b7dfbb}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{74b63f53-352e-11e6-9274-dba575b7dfbb}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {84377094-c7f6-11e6-8d9d-9dd2077c58d7}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{84377095-c7f6-11e6-8d9d-9dd2077c58d7}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{84377095-c7f6-11e6-8d9d-9dd2077c58d7}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {89f532e4-5ef3-11e4-a253-a762ade906b2}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{89f532e5-5ef3-11e4-a253-a762ade906b2}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{89f532e5-5ef3-11e4-a253-a762ade906b2}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {90d1b72e-2104-11e5-9fe8-96955d914c1a}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{90d1b72f-2104-11e5-9fe8-96955d914c1a}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{90d1b72f-2104-11e5-9fe8-96955d914c1a}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {90ec7a02-ad1f-11e6-a6b2-cd1b6bd63995}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{90ec7a03-ad1f-11e6-a6b2-cd1b6bd63995}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{90ec7a03-ad1f-11e6-a6b2-cd1b6bd63995}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {aba9da96-2c6f-11e5-9b7e-99b7c27ee180}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{aba9da97-2c6f-11e5-9b7e-99b7c27ee180}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{aba9da97-2c6f-11e5-9b7e-99b7c27ee180}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {bd8e81a8-5115-11e6-b299-cac8d5d6ee70}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{bd8e81a9-5115-11e6-b299-cac8d5d6ee70}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{bd8e81a9-5115-11e6-b299-cac8d5d6ee70}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {bdae523f-d33f-11e4-b541-bf24e1a268f6}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{bdae5240-d33f-11e4-b541-bf24e1a268f6}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{bdae5240-d33f-11e4-b541-bf24e1a268f6}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {c0563398-74d7-11e4-ab1c-9cb198ec84d4}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{c0563399-74d7-11e4-ab1c-9cb198ec84d4}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{c0563399-74d7-11e4-ab1c-9cb198ec84d4}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {ca4e4463-2050-11e6-848b-b0cf0c155543}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{ca4e4464-2050-11e6-848b-b0cf0c155543}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{ca4e4464-2050-11e6-848b-b0cf0c155543}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {eed8252a-1c62-11e5-9523-b09403b1f74a}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{eed8252b-1c62-11e5-9523-b09403b1f74a}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{eed8252b-1c62-11e5-9523-b09403b1f74a}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {fa4c8e4c-778e-11e5-bd80-df3b4abbd218}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{fa4c8e4d-778e-11e5-bd80-df3b4abbd218}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{fa4c8e4d-778e-11e5-bd80-df3b4abbd218}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {04313033-352e-11e6-9274-dba575b7dfbb}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {74b63f52-352e-11e6-9274-dba575b7dfbb}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {04d461d9-c7f6-11e6-8d9d-9dd2077c58d7}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale          &

23
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:58:10 PM »
18th continuation of FRST

2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINDEV.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINBEN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDIBO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHU.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHELA3.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHELA2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHE319.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHE220.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGTHC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGR1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGKL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDFC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDES.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBENE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdax2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd106n.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd106.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd101.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmdrmsdk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimeng.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYCC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYBA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDWOL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDVNTC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUZB.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUSR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUSL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUSA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUR1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUGHR1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUGHR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTURME.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTIFI2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTIFI.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTH3.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTH2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTH1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTH0.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAJIK.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAILE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSYR2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSYR1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSW.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSP.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSORA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdphags.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDPASH.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDOSM.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDOLDIT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDOLCH.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDOGHAM.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDNTL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDNO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDNE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMYAN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMONST.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMONMO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMON.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMLT48.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMLT47.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMAORI.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMACST.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDMAC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLV.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLT2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLT1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdlisus.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdlisub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLAO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKURD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKNI.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKHMR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKAZ.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDJAV.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDIT142.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINTEL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINPUN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINMAR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINKAN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINHIN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINGUJ.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINBE2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINBE1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINASA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHU1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdhebl3.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHAW.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeooa.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeome.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGAE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDFTHRK.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDFR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDFO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDFI.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdfar.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDEST.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDDZO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDDIV2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDDIV1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDDA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCHER.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBULG.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBUG.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBU.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBLR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBHC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBGPH1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBGPH.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdarmty.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdarmph.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDA3.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDA1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd103.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd101c.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd101b.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd101a.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007440 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxlibres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole32.tlb
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDURDU.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUK.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSN1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdnko.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKYR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDIT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDIR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDIC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHEB.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHAU.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGEO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDFA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDDV.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDARMW.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDARME.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDA2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Firewall.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00006948 _____ C:\WINDOWS\system32\kanji_1.uce
2016-12-03 08:34 - 2016-12-03 08:34 - 00006886 _____ C:\WINDOWS\system32\SecurityAndMaintenance_Error.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-hal-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-storage-tiering-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-sleepstudy-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00005796 _____ C:\WINDOWS\system32\SecurityAndMaintenance.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\normaliz.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\security.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msidntld.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdatsrc.tlb
2016-12-03 08:34 - 2016-12-03 08:34 - 00004687 _____ C:\WINDOWS\system32\wpcmon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00004675 _____ C:\WINDOWS\system32\wsmanconfig_schema.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00004608 _____ (Microsoft) C:\WINDOWS\system32\WEB.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2help.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00004148 _____ C:\WINDOWS\system32\psmodulediscoveryprovider.mof
2016-12-03 08:34 - 2016-12-03 08:34 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsyncres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-processor-aggregator-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00004014 _____ C:\WINDOWS\system32\xwizard.dtd
2016-12-03 08:34 - 2016-12-03 08:34 - 00003666 _____ C:\WINDOWS\system32\sysprtj.sep
2016-12-03 08:34 - 2016-12-03 08:34 - 00003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_8.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00003458 _____ C:\WINDOWS\system32\ieuinit.inf
2016-12-03 08:34 - 2016-12-03 08:34 - 00003317 _____ C:\WINDOWS\system32\sysprint.sep
2016-12-03 08:34 - 2016-12-03 08:34 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sfc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\msafd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lz32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\icmp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootstr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002778 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00002626 _____ C:\WINDOWS\system32\SecurityAndMaintenance_Alert.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUserRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rnr20.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneutilRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneServiceRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netmsg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\neth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msprivs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-WindowsPhone-SEManagementProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lltdres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iologmsg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmdskres2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAppsRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bridgeres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\asferror.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32res.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00002426 _____ C:\WINDOWS\system32\WsmTxt.xsl
2016-12-03 08:34 - 2016-12-03 08:34 - 00002307 _____ C:\WINDOWS\system32\WimBootCompress.ini
2016-12-03 08:34 - 2016-12-03 08:34 - 00002219 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2016-12-03 08:34 - 2016-12-03 08:34 - 00002199 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2016-12-03 08:34 - 2016-12-03 08:34 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winrsmgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00001820 _____ C:\WINDOWS\system32\rasctrnm.h
2016-12-03 08:34 - 2016-12-03 08:34 - 00001688 _____ C:\WINDOWS\system32\TransformPPSToWlanCredentials.xslt
2016-12-03 08:34 - 2016-12-03 08:34 - 00001673 _____ C:\WINDOWS\system32\tcpbidi.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00001559 _____ C:\WINDOWS\system32\WsmPty.xsl
2016-12-03 08:34 - 2016-12-03 08:34 - 00000843 _____ C:\WINDOWS\system32\onlinesetup.cmd
2016-12-03 08:34 - 2016-12-03 08:34 - 00000760 _____ C:\WINDOWS\system32\@edptoastimage.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000726 _____ C:\WINDOWS\system32\wpr.config.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00000714 _____ C:\WINDOWS\system32\RestartManager.mof
2016-12-03 08:34 - 2016-12-03 08:34 - 00000714 _____ C:\WINDOWS\system32\@WindowsHelloFaceToastIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000670 ___RH C:\WINDOWS\WindowsShell.Manifest
2016-12-03 08:34 - 2016-12-03 08:34 - 00000646 _____ C:\WINDOWS\system32\Drivers\gmreadme.txt
2016-12-03 08:34 - 2016-12-03 08:34 - 00000614 _____ C:\WINDOWS\system32\WdsUnattendTemplate.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00000600 _____ C:\WINDOWS\system32\@language_notification_icon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000565 _____ C:\WINDOWS\system32\NdfEventView.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00000520 _____ C:\WINDOWS\system32\@optionalfeatures.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000450 _____ C:\WINDOWS\system32\@BackgroundAccessToastIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000404 _____ C:\WINDOWS\system32\@VpnToastIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000352 _____ C:\WINDOWS\system32\@WwanSimLockIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000330 _____ C:\WINDOWS\system32\@EnrollmentToastIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000308 _____ C:\WINDOWS\system32\@AudioToastIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000263 _____ C:\WINDOWS\system32\odbcconf.rsp
2016-12-03 08:34 - 2016-12-03 08:34 - 00000176 _____ C:\WINDOWS\system32\RestartManagerUninstall.mof
2016-12-03 08:34 - 2016-12-03 08:34 - 00000167 _____ C:\WINDOWS\system32\removehypervisor.mof
2016-12-03 08:34 - 2016-12-03 08:34 - 00000155 _____ C:\WINDOWS\system32\@WwanNotificationIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00000150 _____ C:\WINDOWS\system32\pcl.sep
2016-12-03 08:34 - 2016-12-03 08:34 - 00000051 _____ C:\WINDOWS\system32\pscript.sep
2016-12-03 08:34 - 2016-12-03 08:34 - 00000033 _____ C:\WINDOWS\system32\winrm.cmd
2016-12-03 08:33 - 2016-12-03 10:01 - 00035088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\terminpt.sys
2016-12-03 08:33 - 2016-12-03 10:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2016-12-03 08:33 - 2016-12-03 10:00 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 03414800 _____ (QLogic Corporation) C:\WINDOWS\system32\Drivers\evbda.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 02099984 _____ (Chelsio Communications) C:\WINDOWS\system32\Drivers\cht4vx64.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 01806672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 01131280 _____ (PMC-Sierra) C:\WINDOWS\system32\Drivers\adp80xx.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00838416 _____ (Mellanox) C:\WINDOWS\system32\Drivers\mlx4_bus.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00711440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00708880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00683520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00668944 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorAV.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00604160 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00571664 _____ (LSI Corporation, Inc.) C:\WINDOWS\system32\Drivers\megasr.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00558864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00537360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-12-03 08:33 - 2016-12-03 08:33 - 00529680 _____ (QLogic Corporation) C:\WINDOWS\system32\Drivers\bxvbda.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00522000 _____ (Mellanox) C:\WINDOWS\system32\Drivers\ibbus.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00502544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00455440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00407824 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorV.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00380688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-12-03 08:33 - 2016-12-03 08:33 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00342800 _____ (Chelsio Communications) C:\WINDOWS\system32\Drivers\cht4sx64.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00340240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00301328 _____ (VIA Corporation) C:\WINDOWS\system32\Drivers\VSTXRAID.SYS
2016-12-03 08:33 - 2016-12-03 08:33 - 00279824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00273680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00266000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mausbhost.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDScDrv.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-12-03 08:33 - 2016-12-03 08:33 - 00255248 _____ (AMD Technologies Inc.) C:\WINDOWS\system32\Drivers\amdsbs.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\1394ohci.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtp.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00208656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00187664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00185104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidclass.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00176384 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaLPSS2i_I2C.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00165136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00162576 _____ (VIA Technologies Inc.,Ltd) C:\WINDOWS\system32\Drivers\vsmraid.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00162064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvstor.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtpUS.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00146192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvraid.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00133392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00130320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00127760 _____ (PMC-Sierra, Inc.) C:\WINDOWS\system32\Drivers\arcsas.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00126224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-12-03 08:33 - 2016-12-03 08:33 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00119568 _____ (LSI Corporation) C:\WINDOWS\system32\Drivers\lsi_sas2i.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00113936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcmcia.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00113936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00113152 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaLPSSi_I2C.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00105744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sbp2port.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00104720 _____ (Mellanox) C:\WINDOWS\system32\Drivers\ndfltr.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00104720 _____ (LSI Corporation) C:\WINDOWS\system32\Drivers\lsi_sas.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00103184 _____ (LSI) C:\WINDOWS\system32\Drivers\3ware.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-12-03 08:33 - 2016-12-03 08:33 - 00101136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00099088 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\lsi_sas3i.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00098576 _____ (Chelsio Communications) C:\WINDOWS\system32\Drivers\cht4dx64.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pmem.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00097552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00093456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UfxChipidea.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00091920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00091408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00087312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00085776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-12-03 08:33 - 2016-12-03 08:33 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00083216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00081408 _____ (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\iai2c.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00079120 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdsata.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00078608 _____ (LSI Corporation) C:\WINDOWS\system32\Drivers\lsi_sss.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00077584 _____ (Silicon Integrated Systems) C:\WINDOWS\system32\Drivers\sisraid4.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00075536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00074000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uaspstor.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00069904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00064512 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaLPSS2i_GPIO2.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00060688 _____ (Mellanox) C:\WINDOWS\system32\Drivers\winverbs.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00060176 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\HpSAMD.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00060176 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\MegaSas2i.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00059664 _____ (Marvell Semiconductor, Inc.) C:\WINDOWS\system32\Drivers\mvumis.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00058640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00057616 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\percsas3i.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-12-03 08:33 - 2016-12-03 08:33 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\umbus.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicDisplay.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00056080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00055568 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\megasas.sys
2016-12-03 08:33 - 2016-12-03 08:33 - 00054544 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\percsas2i.sys

24
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:57:07 PM »
17th continuation of FRST

2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dswave.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\asyncmac.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00028432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WppRecorder.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00028376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraSettingsUIHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscisvif.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\secur32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpauto.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\more.com
2016-12-03 08:34 - 2016-12-03 08:34 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00027960 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptbase.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00027864 _____ (Microsoft Corporation) C:\WINDOWS\system32\version.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winusb.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WINSRPC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\icmui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEject.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\davhlpr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00027352 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VaultCmd.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdown.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\osbaseln.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncuprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DefaultPrinterProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcom.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ C:\WINDOWS\system32\GamePanelExternalHook.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsldr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysntfy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdiagnhost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\netbtugc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gptext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscTimer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifibus.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ARP.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdProp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\midimap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskperf.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\chkwudrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\bitsperf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025872 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_19a2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025872 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10df.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\comp.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\chkdsk.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AJRouter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00025360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDACLSys.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsrole.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sort.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\serwvdrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileAppxStreamingDataSource.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmlprovi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshcon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedcli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ROUTE.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Register-CimProvider.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ktmw32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\easconsent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbnmpntw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cofire.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\capisp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAMRNBSink.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\PaymentMediatorServiceProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fltLib.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsvcctl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00024006 _____ C:\WINDOWS\system32\gb2312.uce
2016-12-03 08:34 - 2016-12-03 08:34 - 00023824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WallpaperHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mcd.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00023312 _____ (Microsoft Corporation) C:\WINDOWS\system32\streamci.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.SystemManagedAccount.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\uniplat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\acu.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022984 _____ C:\WINDOWS\system32\bopomofo.uce
2016-12-03 08:34 - 2016-12-03 08:34 - 00022800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tbs.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00022800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022744 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcwum.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winnsi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\replace.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasctrs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogHost3D.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PING.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\nbtstat.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCCSPal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00022232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msg711.acm
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft) C:\WINDOWS\system32\grb.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\shpafact.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdial.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiltcfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fixmapi.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\convert.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\bridgeunattend.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00021776 _____ (Microsoft Corporation) C:\WINDOWS\system32\BOOTVID.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00021656 _____ C:\WINDOWS\system32\NetTrace.PLA.Diagnostics.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Background.ps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteWipeCSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\smclib.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmstplua.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\chkntfs.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\attrib.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00021160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft) C:\WINDOWS\system32\pegi-pt.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft) C:\WINDOWS\system32\pegi.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icmui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshqos.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.StartLayoutPopulationEvents.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\userinitext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanui2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EsdSip.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dscproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisVirtualBus.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_1137.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmsgapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\runas.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\irclass.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\bnmanager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHostProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00020208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscorier.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMmRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnlsres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\umdmxfrm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\TieringEngineProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Startupscan.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\serialui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\PATHPING.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscorier.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpnotify.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontgroupsoverride.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMmRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmdkey.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00019632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksuser.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsock32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\syssetup.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\localui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseetw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\doskey.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00019072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumbase.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityRtapiPal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\netbios.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mountvol.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernelceip.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmpushproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\hh.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\TRACERT.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\RmClient.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrle32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ktmutil.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\clb.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00018192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00018160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017976 _____ (Microsoft Corporation) C:\WINDOWS\system32\IumSdk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017935 _____ C:\WINDOWS\system32\EventViewer_EventDetails.xsl
2016-12-03 08:34 - 2016-12-03 08:34 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wowreg32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\find.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CortanaMapiHelper.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017806 ____R C:\WINDOWS\system32\CaptureToast.hcp
2016-12-03 08:34 - 2016-12-03 08:34 - 00017680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlS0WndH.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdstub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\whhelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsbyuv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\secinit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommonPal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\print.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRINFO.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\label.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCHERP.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsavailux.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcmsetup.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\subst.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\regidle.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\pstask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulation.ProxyStubs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MUILanguageCleanup.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LangCleanupSysprepAction.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetmon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhuxapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\clrhost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016740 _____ C:\WINDOWS\system32\ShiftJIS.uce
2016-12-03 08:34 - 2016-12-03 08:34 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\pstorec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcwrun.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcico.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\finger.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\applockerfltr.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00016144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmilib.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00015976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nsi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SlideToShutDown.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft) C:\WINDOWS\system32\djctq.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshirda.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwinsat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpts.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msidcrl40.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDJPN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutilx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmiso8601utils.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00015632 _____ (Microsoft Corporation) C:\WINDOWS\system32\backgroundTaskHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00015504 _____ (Microsoft Corporation) C:\WINDOWS\system32\psapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft) C:\WINDOWS\system32\pcbp.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpPortingLibrary.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeSyncTask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TapiUnattend.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\sas.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoveDeviceElevated.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\panmap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKOR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dmpusbstor.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcommandlineutils.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcmonitor.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfmifsproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\browseui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\amsiproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00015120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntosext.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00015106 _____ C:\WINDOWS\system32\@WiFiNotificationIcon.png
2016-12-03 08:34 - 2016-12-03 08:34 - 00014952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmcodecdspps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winrssrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbperf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncHostps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\HOSTNAME.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBthProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\FamilySafetyExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsui.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DockInterface.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopView.Internal.Broker.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\coreaudiopolicymanagerext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2016-12-03 08:34 - 2016-12-03 08:34 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014608 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupetw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\verclsid.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\svsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecondaryTileExperienceCallback.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\recover.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentTask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\prflbmsg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameBarPresenceWriter.proxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Eap3Host.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\registry.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_ISCII.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00013968 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrss.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundPlayback.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringIeProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\TapiSysprep.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonUI.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LAPRXY.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\InfDefaultInstall.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dstokenclean.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllhst3g.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clrhost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSHTCPIP.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletBackgroundServiceProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\txfw32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\TCPSVCS.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\netwphelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUxRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\acproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00013091 _____ C:\WINDOWS\system32\DevModeRunAsUserConfig.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00013072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_07_1415.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012876 _____ C:\WINDOWS\system32\korean.uce
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wship6.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapiperf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemotePosWorker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdiagnostics.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiwer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msidle.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsied.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dvdplay.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mstee.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DefaultDeviceManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012560 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012560 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet_uart16550.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshhyperv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PerceptionSimulation.ProxyStubs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiaExtensionHost64.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeDateMUICallback.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\spnet.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\regedt32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscat32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MinstoreEvents.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-battery-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\help.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mshidumdf.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomcnfg.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\write.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapihost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\write.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WppRecorderUM.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\systray.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\spmpm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvcPAL.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Locator.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\getuname.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\acledit.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInput9_1_0.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\softpub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\shfolder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\plasrv.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Nlsdl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmcodecdspps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebCache.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcNs4.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OskSupport.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssip32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdnecat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\idndl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mspqm.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mspclock.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\comcat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010540 _____ C:\WINDOWS\system32\TransformPPSToWlan.xslt
2016-12-03 08:34 - 2016-12-03 08:34 - 00010240 _____ C:\WINDOWS\system32\VpnSohDesktop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\osuninst.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxex.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetupproxyserv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDHEPT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00009926 _____ C:\WINDOWS\SysWOW64\l_intl.nls
2016-12-03 08:34 - 2016-12-03 08:34 - 00009926 _____ C:\WINDOWS\system32\l_intl.nls
2016-12-03 08:34 - 2016-12-03 08:34 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscadminui.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUS.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYCL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSMSNO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSMSFI.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDROST.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDROPR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdnecnt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLVST.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINEN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCAN.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00009129 _____ C:\WINDOWS\system32\ResPriHMImageList
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUKX.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTUF.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTIPRD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTIPRC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSORST.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSOREX.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSL1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSG.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDNSO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDNO1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdnec95.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdnec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdlk41a.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINUK2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdibm02.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDGRLND.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDFI1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCZ2.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCZ1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCZ.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDCR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mshidkmdf.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00008598 _____ C:\WINDOWS\system32\ResPriImageList
2016-12-03 08:34 - 2016-12-03 08:34 - 00008484 _____ C:\WINDOWS\system32\kanji_2.uce
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ C:\WINDOWS\system32\settings.dat
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccessRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\simpdata.tlb
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDUSX.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTZM.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTUQ.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSW09.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSORS1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDSF.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDPO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDPL1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDPL.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDNEPR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLV1.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDLA.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDIULAT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINTAM.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINORI.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDINMAL.DLL

25
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:55:57 PM »
16th continuation of FRST

2016-12-03 08:34 - 2016-12-03 08:34 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\drttransport.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00055272 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00054784 _____ (Microsoft) C:\WINDOWS\system32\fpb.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NfcRadioMedia.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MultiDigiMon.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeXmlParser.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iyuv_32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geocommon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmocx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\RegCtrl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstallerComHandler.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcComImplementations.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DSCache.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.BioEnrollment.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spopk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdiagschd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnppolicy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\watchdog.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00053640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PickerHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00053520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmdl32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWESEProviderResources.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft) C:\WINDOWS\system32\esrb.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ustprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcacli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh263enc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\joinproviderol.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\grpconv.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpolcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspatcha.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\RoamingSecurity.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lodctr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lltdapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmloader.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\amsi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\condrv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimeprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SortWindows61.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sfc_os.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NAPCRYPT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcicda.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\deskadp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winrs.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiscap.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmgrcspps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrameHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\forfiles.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EtwRundown.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00050112 _____ C:\WINDOWS\system32\normnfc.nls
2016-12-03 08:34 - 2016-12-03 08:34 - 00049936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00049664 ____R (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.Capture.Pipeline.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandBrokerClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2016-12-03 08:34 - 2016-12-03 08:34 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\fodhelper.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\deskmon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049616 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFCoinstaller.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbisurf.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rrinstaller.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcbcp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetEvtFwdr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\nci.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mmcss.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00049032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iri.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00049032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsclient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInputUap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\xcopy.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbioext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityServicePal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\notificationplatformcomponent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\lfsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\qwavedrv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00048560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Websocket.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\typeperf.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtffilt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhuxcommon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CspCellularSettings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmgrcspsvr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00048072 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047682 _____ C:\WINDOWS\system32\diskmgmt.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SortServer2003Compat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\linkinfo.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00047376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcw.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAlacDecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiclnt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfctrs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ndfetw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsCore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvcapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046908 _____ C:\WINDOWS\system32\OutdoorAudioEnvironment.bin
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucsvc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxshared.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpkinstall.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dimsroam.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dimsjob.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmlua.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046080 _____ (Microsoft) C:\WINDOWS\system32\oflc-nz.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\pid.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvfw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Portable.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\uicom.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Udecx.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00045328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00045228 _____ C:\WINDOWS\system32\hypervisor.mof
2016-12-03 08:34 - 2016-12-03 08:34 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\compact.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00044904 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netfxperf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh263enc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmcompc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\relog.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\netfxperf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsiCofire.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafDnsSd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044032 _____ (Microsoft) C:\WINDOWS\system32\csrr.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\traffic.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciqtz32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cttunesvr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RuntimeBroker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00043566 _____ C:\WINDOWS\system32\normnfd.nls
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\UI0Detect.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmmon32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00043131 _____ C:\WINDOWS\mib.bin
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsbCApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\sfc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcreate.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\docprop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\unlodctr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00042344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netutils.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfos.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\navshutdown.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00041587 _____ C:\WINDOWS\system32\azman.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00041472 _____ (Microsoft) C:\WINDOWS\system32\cob-au.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\where.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprnext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00041232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdusb.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecEdit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfdisk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Netplwiz.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mimefilt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidphone.tsp
2016-12-03 08:34 - 2016-12-03 08:34 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthudtask.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00040768 _____ (Microsoft Corporation) C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00040768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00040720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\whealogr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\waitfor.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackagedCWALauncher.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\gmsaclient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsauth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00040208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiawow64.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocationFlyout.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\NETSTAT.EXE
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksetup.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcfghost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\cnvfat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACCTRES.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039696 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppinst.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapPeerProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvidc32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastInputMgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-pnp-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dtsh.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00039272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msgsm32.acm
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rrinstaller.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInput1_4.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmib.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxstrace.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrnsave.scr
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcsubs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxpps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddodiag.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmcfg32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00038760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmprovhost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasphone.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\format.com
2016-12-03 08:34 - 2016-12-03 08:34 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\esevss.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialer.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\credwiz.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00038160 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_15b3.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 ____R (Microsoft Corporation) C:\WINDOWS\system32\MixedRealityCapture.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnsruprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapAuthProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\tvratings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwlauncher.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToStatusProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\hid.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\witnesswmiv2provider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\klist.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\icacls.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBCAMD2.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cliconfg.rll
2016-12-03 08:34 - 2016-12-03 08:34 - 00037136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfmifs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32topl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vidcap.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncInfrastructureps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetProxyCredential.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FdDevQuery.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpol.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdhcinst.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\pots.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\FDResPub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IndirectKmd.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filetrace.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDisplayStatusManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\datusage.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\canonurl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Apphlpdm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00036112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdi.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\RacEngn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\pifmgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthMtpContextHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035576 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserAccountBroker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ThumbnailExtractionHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapilua.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfg.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipconfig.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\findstr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\extrac32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\choice.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00035088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cnghwassist.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WofUtil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.WebPlatform.SecurityBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\proquota.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00034576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_1969.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcnsh.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwsso.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RNDISMP.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmOmaCpMo.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzSqlExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00034064 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveTask.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimgvw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ndproxystub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\luiapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnscacheugc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmNotificationBroker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cofiredm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winrnr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutilext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmprocessxmlfiltered.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\cacls.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthTelemetry.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033040 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkPS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00033040 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_0C_8086.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\syskey.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifmon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbrpm.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthpanapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\imaadp32.acm
2016-12-03 08:34 - 2016-12-03 08:34 - 00032416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2016-12-03 08:34 - 2016-12-03 08:34 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00032016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031992 _____ (Microsoft Corporation) C:\WINDOWS\system32\reguwpapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdmo.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft) C:\WINDOWS\system32\usk.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ureg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\timeout.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxdm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fltMC.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\elsTrans.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDOIProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscdll.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDFHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00031504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpata.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00031480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msadp32.acm
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\shunimpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpupdate.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tape.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dot3Conn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\clip.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\cliconfg.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\at.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAMRNBSink.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciwave.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmpbk32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SpatialGraphFilter.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToStatusProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxsstore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\setspn.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciseq.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.proxystub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeevts.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shgina.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\prevhost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MemoryDiagnostic.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmoleaututils.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dispex.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CheckNetIsolation.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnsi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\avrt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmdext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallButtons.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvfw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winrshost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wephostsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msyuv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lmhsvc.dll

26
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:54:55 PM »
15th continuation of FRST

2016-12-03 08:34 - 2016-12-03 08:34 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\umb.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacctprofile.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcommandscsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00071264 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDScanProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintPlatformConfig.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprovisionsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DfsShlEx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mferror.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfwwdm32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SortWindows6Compat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\radarrs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\NapiNSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mferror.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hcproviders.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhlisten.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eUICCsCSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\drtprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00070416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxGipRadioManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwanRadioManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Storprop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\stordiag.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00069776 _____ C:\WINDOWS\system32\SmallRoom.bin
2016-12-03 08:34 - 2016-12-03 08:34 - 00069632 ____R (Microsoft Corporation) C:\WINDOWS\system32\MixedRealityCapture.Broker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanRadioManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentprf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00069216 _____ (Microsoft Corporation) C:\WINDOWS\system32\profapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00069184 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastSrv.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AddressParser.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00068672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\prauthproviders.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksxbar.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetmib1.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhautoplay.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\certenc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationHostProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFSpellcheckDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipxlatcfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\expand.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00067576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidnsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\stclient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\SysWOW64\C_437.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_874.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_869.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_866.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_865.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_864.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_863.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_862.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_861.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_860.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_858.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_857.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_855.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_852.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_850.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_775.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_737.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_720.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066594 _____ C:\WINDOWS\system32\C_437.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webauthn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartCardBackgroundPolicy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fthsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConnectedAccountState.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bidispl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\SysWOW64\C_1252.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_875.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_870.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_708.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_500.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_28605.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\c_28603.nls
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_28599.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_28598.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_28597.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_28596.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_28595.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_28594.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_28593.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_28592.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_28591.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_21866.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_21027.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_21025.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20924.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20905.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20880.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20871.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20866.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20838.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20833.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20424.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20423.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20420.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20297.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20290.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20285.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20284.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20280.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20278.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20277.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20273.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20269.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20127.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20108.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20107.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20106.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_20105.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1258.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1257.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1256.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1255.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1254.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1253.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1252.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1251.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1250.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1149.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1148.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1147.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1146.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1145.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1144.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1143.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1142.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1141.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1140.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1047.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_1026.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_10082.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_10081.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_10079.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_10029.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_10021.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_10017.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_10010.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_10007.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_10006.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_10005.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_10004.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_10000.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066082 _____ C:\WINDOWS\system32\C_037.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\sberes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ndadmin.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hdwwiz.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\edptask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfscli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00065856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00065808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gacinstall.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00065698 _____ C:\WINDOWS\system32\normnfkd.nls
2016-12-03 08:34 - 2016-12-03 08:34 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xwizard.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SebBackgroundManagerPolicy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\pautoenr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msident.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lltdio.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00065072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2nacp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmxmlhelputils.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUAttributeProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsActionDialog.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprovfw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhtask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopView.Internal.Broker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\capiprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00064088 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmbmgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredential.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CspProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactActivation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00063081 _____ C:\WINDOWS\system32\certlm.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00063070 _____ C:\WINDOWS\system32\certmgr.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00063000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Devices.Display.BrightnessOverride.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Background.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucmhc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\takeown.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCompositor.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintIsolationProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-pdc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mskeyprotect.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\energytask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3dlg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\bitsigd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00061976 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WorkFoldersRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\g711codc.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\devrtl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00061944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlrmdr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00061712 _____ (Microsoft Corporation) C:\WINDOWS\system32\PSHED.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\InprocLogger.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\TsUsbFlt.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothDesktopHandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\adprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00060952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransliterationRanker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\provlaunch.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\HelpPaneProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ffbroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPnp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmwappushsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstUI.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00060458 _____ C:\WINDOWS\system32\ideograf.uce
2016-12-03 08:34 - 2016-12-03 08:34 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAlacDecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00060408 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcRtRemote.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00060176 _____ (Microsoft Corporation) C:\WINDOWS\system32\luainstall.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00060124 _____ C:\WINDOWS\system32\tcpmon.ini
2016-12-03 08:34 - 2016-12-03 08:34 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsvd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzutil.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthDefender.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\runonce.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpclnt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypttpmeksvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00059392 ____R (Microsoft Corporation) C:\WINDOWS\system32\mdmpostprocessevaluator.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winver.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpowmi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskSchdPS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwcfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00059368 _____ (Microsoft Corporation) C:\WINDOWS\system32\msasn1.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.SystemId.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\net.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhsetup.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapiprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00058640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00058640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PnPUnattend.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcleanup.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitsProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AtBroker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\TapiMigPlugin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PNPXAssocPrx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdhui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\networkitemfactory.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpninputrouter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAConn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\signdrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ftp.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\eeutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmojiDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmintf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfSMCClassExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msports.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00056119 _____ C:\WINDOWS\system32\srms.dat
2016-12-03 08:34 - 2016-12-03 08:34 - 00056080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00055808 _____ (Microsoft) C:\WINDOWS\system32\cero.rs
2016-12-03 08:34 - 2016-12-03 08:34 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAlacEncoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnikeapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\setx.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingService.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00055568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAProfileNotificationHandler.dll

27
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:53:51 PM »
14th continuation of FRST

2016-12-03 08:34 - 2016-12-03 08:34 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00113256 _____ C:\WINDOWS\system32\compmgmt.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcwutl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapistub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapi32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Fondue.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\container_xml.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngcredui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWWizFwk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.ps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PNPXAssoc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\OptionalFeatures.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2016-12-03 08:34 - 2016-12-03 08:34 - 00112040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00111888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winrscmd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wecutil.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\secproc_ssp_isv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\secproc_ssp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Authentication.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00111376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.Schema.DesktopShell.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\spinf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnshc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopShellExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\resmon.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00110536 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00110536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResourcePolicyClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00110504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbrand.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00110504 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtfwd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PinEnrollmentHelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fidocredprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00110024 _____ C:\WINDOWS\system32\MediumRoom.bin
2016-12-03 08:34 - 2016-12-03 08:34 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds_ps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\telephon.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.TraceReporting.PlatformDiagnosticActions.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Renewal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapiui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Mpeg2Data.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00107360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfAACEnc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00107280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\joinutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\remotesp.tsp
2016-12-03 08:34 - 2016-12-03 08:34 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\kstvtune.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevDispItemProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\spfileq.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Query.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafAspInfraProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00105824 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidfdp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\logagent.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NetAdapterCx.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddisplay.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipsec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecureTimeAggregator.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanext.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00103776 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00103424 _____ C:\WINDOWS\system32\WindowsDefaultHeatProcessor.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmclient.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdaplgin.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00103296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00103224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00103184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootsect.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00103184 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiascanprofiles.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ndishc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallButtons.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\atl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00102160 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00101728 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00101688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmInit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\joy.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\amstream.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\alg.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00101136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\radardt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00100624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\psisrndr.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Cache.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00100192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSTPager.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserAccountControlSettings.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mobsync.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciavi32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00099600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxranker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00098304 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolss.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\cca.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputInjectionBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDPrintProxy.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaacmgr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Utilman.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provmigrate.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeopleAPIs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingWizard.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsockhc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlahc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcl.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00095512 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00095472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbccu32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\netsh.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAMRNBSource.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceProperties.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00095000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\RuleBasedDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompMgmtLauncher.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmstp.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqlsrv32.rll
2016-12-03 08:34 - 2016-12-03 08:34 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcirt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\InternetMailCsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00093976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00093702 _____ C:\WINDOWS\system32\SubRange.uce
2016-12-03 08:34 - 2016-12-03 08:34 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingFilterDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSAssessment.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbccr32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\iashlpr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hotplug.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\correngine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00092746 _____ C:\WINDOWS\system32\services.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\recovery.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdSched.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00092186 _____ C:\WINDOWS\system32\DiskSnapshot.conf
2016-12-03 08:34 - 2016-12-03 08:34 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpbcreds.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mibincodec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdsrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00091920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WfHC.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00091132 _____ C:\WINDOWS\system32\gatherNetworkInfo.vbs
2016-12-03 08:34 - 2016-12-03 08:34 - 00090912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinMsoIrmProtector.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.ServiceHostBuilder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlaySndSrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00090352 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00090320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\loghours.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAMRNBSource.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpnsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\perftrack.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\igdDiag.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsrchapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootcfg.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winethc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngctasks.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\frprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\cliconfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\prvdmofcomp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00088272 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserAccountControlSettings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\nslookup.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\getmac.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\colorcpl.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdRes.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiskSnapshot.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\colorcpl.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2016-12-03 08:34 - 2016-12-03 08:34 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sihost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00086528 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\system32\l3codeca.acm
2016-12-03 08:34 - 2016-12-03 08:34 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\makecab.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipfltdrv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00085776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Pnrphc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspatchc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\driverquery.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinOpcIrmProtector.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguageProfileCallback.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tabcal.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabbtnEx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\hbaapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00084752 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlsbres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemPropertiesRemote.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemPropertiesProtection.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemPropertiesPerformance.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemPropertiesHardware.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemPropertiesComputerName.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemPropertiesAdvanced.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\playlistfolder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventvwr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00084240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorClass.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wecapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSchedExe.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00083624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\colbact.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cabapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\UiaManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Syncreg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ELSCore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbussdapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\efslsaext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mslldp.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipcontainer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcEpMap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmci.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\eqossnap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\avicap32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00081680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fileinfo.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00081560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscories.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSDvbNP.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rspndr.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00081168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\scripto.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00080104 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\samcli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasdatastore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasads.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DpiScaling.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00079516 _____ C:\WINDOWS\system32\AverageRoom.bin
2016-12-03 08:34 - 2016-12-03 08:34 - 00078984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\provplatformdesktop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MuiUnattend.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPELoggingDictationHelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\feclient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00078544 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.Fontgroups.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartScreenSettings.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\nduprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MaintenanceUI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationNotificationWindows.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsidsc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhuxgraphics.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintIsolationHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\execmodelproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rassstp.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpnUserService.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogonext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdmat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapimig.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DocumentPerformanceEvents.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanHC.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsbSettingsHandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\EventAggregation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00076560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhevents.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3hc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00076048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_AuthenticAMD.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00076048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00075920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Groupinghc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\slwga.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\sigverif.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\reg.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stream.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\djoin.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConfigureExpandedStorage.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\btpanui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00075024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SpbCx.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhonePlatformAbstraction.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcad32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msauserext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsrchph.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00074512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00074512 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeservice.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TempSignedLicenseExchangeTask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00073880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscories.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00073824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmDeploy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Lockdown.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WABSyncProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Sens.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RunLegacyCPLElevated.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafGip.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmlfilter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\threadpoolwinrt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LegacyNetUX.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00072976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CEA.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmonui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAlacEncoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundMediaPolicy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00072704 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\SysWOW64\l3codeca.acm
2016-12-03 08:34 - 2016-12-03 08:34 - 00072286 _____ C:\WINDOWS\system32\normidna.nls
2016-12-03 08:34 - 2016-12-03 08:34 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\whoami.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoveDeviceContextHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3cfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00071824 _____ C:\WINDOWS\system32\normnfkc.nls

28
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:52:41 PM »
13th continuation of FRST

2016-12-03 08:34 - 2016-12-03 08:34 - 00144998 _____ C:\WINDOWS\system32\lusrmgr.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00144909 _____ C:\WINDOWS\system32\fsmgmt.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00144862 _____ C:\WINDOWS\system32\tpm.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00144673 _____ C:\WINDOWS\system32\WmiMgmt.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00144584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00144144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00143560 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00143560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdart.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dskquota.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00143120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsentUX.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00142904 _____ C:\WINDOWS\system32\slmgr.vbs
2016-12-03 08:34 - 2016-12-03 08:34 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafDockingProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhmanagew.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpauditapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00141032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cabinet.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00140448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00139810 _____ C:\WINDOWS\system32\C_20261.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSyncProviders.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcProCsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00139024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Kswdmcap.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00137304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfAACEnc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbceip.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaproxystub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\verifier.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\EhStorAPI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00135768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSOpusDecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmusic.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\networkhelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtstocom.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rshx32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtclog.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00133280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00133248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxva2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\gcdef.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcksp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAMRNBDecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhuxadapter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnscmmc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWinPalMisc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmiv2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\eeprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\EhStorAuthn.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00130832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbccp32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcshext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceElementSource.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRCommon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00129592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.CredentialProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00129152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\fingerprintcredential.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoipRT.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsadu.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWiProv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAMRNBDecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysclass.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00125712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemCredentialManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00125015 ____R C:\WINDOWS\system32\CaptureCountdown.hcp
2016-12-03 08:34 - 2016-12-03 08:34 - 00124944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00124928 _____ C:\WINDOWS\system32\HeatCore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00124688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00124118 _____ C:\WINDOWS\system32\comexp.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fphc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmsynth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\xwreg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvscmgr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\loadperf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPolEng.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00123152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpiex.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyMATEnc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\rekeywiz.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ndfhcdiscovery.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfdvdec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsicpl.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00122128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontview.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00121616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00121360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlgpclnt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameBarPresenceWriter.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\txflog.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\isoburn.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irda.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbnetlib.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00119808 _____ (Microsoft) C:\WINDOWS\system32\VaultRoaming.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\trkwks.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\comrepl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00119568 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00119017 ____R C:\WINDOWS\system32\CaptureBrackets.hcp
2016-12-03 08:34 - 2016-12-03 08:34 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\control.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00118216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00117744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uexfat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingCSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\avifil32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00117160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00117008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\logman.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\profprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprmsg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppMon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00115472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFFuzzyDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00115091 _____ C:\WINDOWS\system32\WF.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00114960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SSShim.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\EhStorPwdMgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcfgutils.dll

29
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:51:38 PM »
12th continuation of FRST

2016-12-03 08:34 - 2016-12-03 08:34 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountExtension.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssText3d.scr
2016-12-03 08:34 - 2016-12-03 08:34 - 00237224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rometadata.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditcse.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFIoT.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnputil.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00234424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00234256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmitomi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpresult.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsicpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSyncMetastore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAC3ENC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactHarvesterDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsRasterService.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00227184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcint.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeopleBand.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoeacct.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00223600 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00223504 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_8086.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msls31.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wecsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00221520 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00221456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResourcePolicyServer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00220944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\LegacyNetUXHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00220456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntasn1.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00219920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WLanHC.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cleanmgr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdiageng.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\sstpsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdListen.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00214288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataExchangeHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacEncoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00212992 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00212480 _____ (Microsoft Corporation) C:\WINDOWS\system32\bitsadmin.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAMRNBEncoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EhStorShell.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00210704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdscore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00210704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqlceoledb40.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrdc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smbwmiv2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiohlp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00208656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_14e4.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00207632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VerifierExt.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uireng.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00206096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\cic.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlandlg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-power-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00204800 _____ C:\WINDOWS\system32\IHDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00204105 _____ C:\WINDOWS\system32\winrm.vbs
2016-12-03 08:34 - 2016-12-03 08:34 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00202976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00202944 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPPMon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PkgMgr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsigd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmvdspa.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlhtml.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsdmo.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\prncache.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00200464 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00199832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsBroker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAMRNBEncoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrecst.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00196642 _____ C:\WINDOWS\system32\C_950.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00196642 _____ C:\WINDOWS\system32\C_949.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00196642 _____ C:\WINDOWS\system32\C_936.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmidx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\qcap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\L2SecHC.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\globinputhost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00196096 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\system32\msconfig.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00195618 _____ C:\WINDOWS\system32\C_10002.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\irftp.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00194320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbeio.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00193656 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mskeyprotcli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\charmap.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00192272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_OneCore_BatterySaver.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00189986 _____ C:\WINDOWS\system32\C_1361.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00189520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntmarta.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00189440 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\SysWOW64\l3codecp.acm
2016-12-03 08:34 - 2016-12-03 08:34 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingDiagSpp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00188416 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00187938 _____ C:\WINDOWS\system32\C_20005.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netid.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00187152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCCSEngineShared.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00186880 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\system32\l3codecp.acm
2016-12-03 08:34 - 2016-12-03 08:34 - 00186402 _____ C:\WINDOWS\system32\C_20001.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00185936 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\modemui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00185616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00185378 _____ C:\WINDOWS\system32\C_20003.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\moricons.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchTM.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00184368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\miguiresource.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmgp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmCommon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00180770 _____ C:\WINDOWS\system32\C_20932.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsprop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00180258 _____ C:\WINDOWS\system32\C_20004.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00180258 _____ C:\WINDOWS\system32\C_20000.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\net1.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\slr100.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfmon.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ocsetapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdiagprv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00177698 _____ C:\WINDOWS\system32\C_20949.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00177698 _____ C:\WINDOWS\system32\C_10003.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppExtension.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\trie.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdminst.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmidcom.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafupnp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00174352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Tabbtn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00173602 _____ C:\WINDOWS\system32\C_20936.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00173602 _____ C:\WINDOWS\system32\C_20002.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00173602 _____ C:\WINDOWS\system32\C_10008.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\fde.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\fundisc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00172816 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxlib.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CourtesyEngine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovslegacy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmvdspa.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\glu32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\desk.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00169744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scsiport.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbctrac.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\uudf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\keymgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\cabview.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00168456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mydocs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosettings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PortableDeviceSyncProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdadiag.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00167640 _____ C:\WINDOWS\system32\chs_singlechar_pinyin.dat
2016-12-03 08:34 - 2016-12-03 08:34 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsExtensibilityHandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Compression.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00166160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00165136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00165136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Internal.Printing.Workflow.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSOpusDecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmwmicsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhshl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00163704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\netjoin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00162850 _____ C:\WINDOWS\system32\C_10001.NLS
2016-12-03 08:34 - 2016-12-03 08:34 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00162680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvscmgrsvr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskpart.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFIPP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmttpmvscmgrsvr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\VocabRoamingHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mimofcodec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winjson.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00157968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Help.Runtime.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutil.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Docking.VirtualInput.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\playtomenu.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsicli.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Mystify.scr
2016-12-03 08:34 - 2016-12-03 08:34 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ufat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\socialapis.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oledlg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapsimextdesktop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00155408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Ribbons.scr
2016-12-03 08:34 - 2016-12-03 08:34 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00154896 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00154440 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWSD.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dsui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00153392 _____ (Microsoft Corporation) C:\WINDOWS\system32\devobj.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssadmin.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00152576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00152576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00152576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfdvdec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPPolicy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00151824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssenh.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\xwtpw32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00149776 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmview.ocx
2016-12-03 08:34 - 2016-12-03 08:34 - 00149264 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00149044 _____ C:\WINDOWS\system32\LargeRoom.bin
2016-12-03 08:34 - 2016-12-03 08:34 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00148752 _____ C:\WINDOWS\system32\InputHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastingShellExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\advpack.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00147728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqlcecompact40.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpcsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassvcs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00146704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00146664 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwmi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\StaticDictDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvfw32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00145622 _____ C:\WINDOWS\system32\devmgmt.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00145519 _____ C:\WINDOWS\system32\perfmon.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-12-03 08:34 - 2016-12-03 08:34 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IDStore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00145168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00145128 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00145127 _____ C:\WINDOWS\system32\eventvwr.msc
2016-12-03 08:34 - 2016-12-03 08:34 - 00145059 _____ C:\WINDOWS\system32\taskschd.msc

30
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:50:46 PM »
11th continuation of FRST

2016-12-03 08:34 - 2016-12-03 08:34 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsquery.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\difxapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00446728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\certCredProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00441632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncInfrastructure.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00438976 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00438464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00437760 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00437760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Winlangdb.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00434448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\termmgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00431376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00428544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshipsec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\irprops.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00424520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2016-12-03 08:34 - 2016-12-03 08:34 - 00423424 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00422960 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00421464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00418816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00413200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskApis.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxclu.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00410384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-12-03 08:34 - 2016-12-03 08:34 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\shrpubw.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00407824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneOm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00402944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSATAPI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00401168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00400656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00399632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00397144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\secproc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\secproc_isv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00387344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00386872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00386560 _____ C:\WINDOWS\system32\ssdm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptuiwizard.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00383248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\hdwwiz.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtckrm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxDecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxinputrouter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00376592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Workplace.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00375808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpndecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WmpDui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\srchadmin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\eudcedit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00372496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00368768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00368760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00368184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00366864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00366648 _____ (Microsoft Corporation) C:\WINDOWS\system32\verifier.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmontr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00363280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgrx.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00363032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00361528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00360208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsnt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00355088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00352528 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\provthrd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00352208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00347136 _____ C:\WINDOWS\system32\HrtfApo.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfgui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00347016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00346896 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00346064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00345000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Controls.Private.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskraid.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00337680 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00336224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00334688 _____ (Microsoft Corporation) C:\WINDOWS\system32\HdcpHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwlauncher.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mintdh.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\cttune.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\regedit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00325424 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscoree.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MtfDecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00320784 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\netdiagfx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ndfapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3ui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00318224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00316688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dism.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00316640 _____ C:\WINDOWS\WMSysPr9.prx
2016-12-03 08:34 - 2016-12-03 08:34 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00315016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00313448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00311568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00310472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFServer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00308496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWGP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapisrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00304160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00303720 _____ (Microsoft Corporation) C:\WINDOWS\system32\powrprof.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\scansetting.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\PowerWmiProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EaseOfAccessDialog.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dxpserver.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlancfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\TieringEngineService.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsnap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2016-12-03 08:34 - 2016-12-03 08:34 - 00300024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdprint.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpnranker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmdskmgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\lltdsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Maps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacEncoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataExchange.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CortanaMapiHelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountCloudAP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSHExtensions.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00285968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WmpDui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschapext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\qwave.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\drt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\offfilt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\sethc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mycomput.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PerceptionSimulationExtensions.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTF.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialStore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSNP.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00270112 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgmgr32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00269072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DataModel.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00268568 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xwtpdui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00267536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00267480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityUxHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB7.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\apds.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuceffects.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wavemsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00262328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00262328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00262328 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsldp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsldpc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00258320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvisioningHandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2016-12-03 08:34 - 2016-12-03 08:34 - 00257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringStation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00252528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00251664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00250952 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00249968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mlang.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgprint.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileHistory.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00248080 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApproveChildRequest.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\onex.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00245288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\els.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\miutils.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00240400 _____ (Microsoft Corporation) C:\WINDOWS\system32\unattend.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dskquoui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpeval.dll

Pages: 1 [2] 3 4