Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Ozzie

Pages: 1 2 [3] 4
31
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:49:17 PM »
10th continuation of FRST

2016-12-03 08:34 - 2016-12-03 08:34 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsquery.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\difxapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00446728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-12-03 08:34 - 2016-12-03 08:34 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\certCredProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00441632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncInfrastructure.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00438976 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00438464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00437760 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00437760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Winlangdb.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00434448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\termmgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00431376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00428544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshipsec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\irprops.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00424520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2016-12-03 08:34 - 2016-12-03 08:34 - 00423424 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00422960 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00421464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00418816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00413200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskApis.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxclu.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00410384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-12-03 08:34 - 2016-12-03 08:34 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\shrpubw.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00407824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneOm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00402944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSATAPI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00401168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00400656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00399632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00397144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\secproc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\secproc_isv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00387344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00386872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00386560 _____ C:\WINDOWS\system32\ssdm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptuiwizard.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00383248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\hdwwiz.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtckrm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxDecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxinputrouter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00376592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Workplace.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00375808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpndecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WmpDui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\srchadmin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\eudcedit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00372496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00368768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00368760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00368184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00366864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00366648 _____ (Microsoft Corporation) C:\WINDOWS\system32\verifier.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmontr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00363280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgrx.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00363032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00361528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00360208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsnt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00355088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00352528 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\provthrd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00352208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00347136 _____ C:\WINDOWS\system32\HrtfApo.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfgui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00347016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00346896 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00346064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00345000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Controls.Private.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskraid.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00337680 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00336224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00334688 _____ (Microsoft Corporation) C:\WINDOWS\system32\HdcpHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwlauncher.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mintdh.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\cttune.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\regedit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00325424 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscoree.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MtfDecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00320784 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\netdiagfx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ndfapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3ui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00318224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00316688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dism.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00316640 _____ C:\WINDOWS\WMSysPr9.prx
2016-12-03 08:34 - 2016-12-03 08:34 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00315016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00313448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00311568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00310472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFServer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00308496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWGP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapisrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00304160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00303720 _____ (Microsoft Corporation) C:\WINDOWS\system32\powrprof.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\scansetting.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\PowerWmiProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EaseOfAccessDialog.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dxpserver.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlancfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\TieringEngineService.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsnap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2016-12-03 08:34 - 2016-12-03 08:34 - 00300024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdprint.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpnranker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmdskmgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\lltdsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Maps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacEncoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataExchange.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CortanaMapiHelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountCloudAP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSHExtensions.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00285968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WmpDui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschapext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\qwave.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\drt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\offfilt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\sethc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mycomput.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PerceptionSimulationExtensions.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTF.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialStore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSNP.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00270112 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgmgr32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2016-12-03 08:34 - 2016-12-03 08:34 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00269072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DataModel.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00268568 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xwtpdui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00267536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00267480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityUxHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB7.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\apds.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuceffects.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wavemsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00262328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00262328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00262328 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsldp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsldpc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00258320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvisioningHandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2016-12-03 08:34 - 2016-12-03 08:34 - 00257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringStation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00252528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00251664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00250952 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00249968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mlang.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgprint.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileHistory.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00248080 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApproveChildRequest.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\onex.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00245288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\els.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\miutils.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00240400 _____ (Microsoft Corporation) C:\WINDOWS\system32\unattend.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dskquoui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpeval.dll

32
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:48:15 PM »
9th continuation of FRST

2016-12-03 08:34 - 2016-12-03 08:34 - 01086976 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\onexui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01076328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfperfhelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01070592 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01065472 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01064960 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmdskres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01061376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagCpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01059328 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01056728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01044992 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01037824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01037312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaclient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01032464 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkObjCore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01026560 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01022736 _____ (Microsoft Corporation) C:\WINDOWS\system32\DismApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01017344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh265enc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01014384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01008720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01008128 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01007888 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi3.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00999936 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00997312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00987512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00985976 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00983552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00983552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00979456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00978944 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00976528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00973544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00968192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00966656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00964800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00962560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallControlPanel.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00959488 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00956928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00949008 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00937928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00930304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqlceqp40.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00922896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\azroles.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00911560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00909584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00907264 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00906240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00902240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhuxpresentation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00900192 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00887280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00881152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmIndexer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\provcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00872960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00872960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh265enc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00870792 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipsecsnp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00860160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00855320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00854016 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Search.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00849168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00849168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00844288 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00843776 _____ (Microsoft Corporation) C:\WINDOWS\system32\devmgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00840464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00835072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00828448 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00825344 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Bubbles.scr
2016-12-03 08:34 - 2016-12-03 08:34 - 00810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00805264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00802304 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00797592 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-12-03 08:34 - 2016-12-03 08:34 - 00797592 _____ C:\WINDOWS\system32\locale.nls
2016-12-03 08:34 - 2016-12-03 08:34 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanpref.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00791256 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartCardSimulator.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00789504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetup.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00786944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSync.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00779888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabletPC.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Vault.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00768288 _____ (SQLite Development Team) C:\WINDOWS\system32\winsqlite3.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00766432 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00757144 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00751616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqlsrv32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00751000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00738056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00735456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedwipes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00731840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00729360 _____ (Microsoft Corporation) C:\WINDOWS\system32\IasMigPlugin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00729088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00727160 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00724632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00717904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbc32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkCollectionAgent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.HologramFramework.BinaryData.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\elslad.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00706048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00702736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00698808 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagesp1.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00690448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00688640 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsuiext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00685800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00682256 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00682256 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00681472 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00681232 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00680720 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00679936 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00677608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00677088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2016-12-03 08:34 - 2016-12-03 08:34 - 00676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxApplicabilityEngine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00675600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00675088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00673088 _____ C:\WINDOWS\system32\mlang.dat
2016-12-03 08:34 - 2016-12-03 08:34 - 00672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00671944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp60.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00666784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00665728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00664704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00662016 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneDataSync.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00660992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dccw.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00656984 _____ (Microsoft Corporation) C:\WINDOWS\system32\clbcatq.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00656656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00655376 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\system32\main.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00646080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00643672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dccw.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00637440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00637440 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00636800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00633344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\OobeFldr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WLanConn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00625664 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\colorui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00623336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110_win.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00617472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00612112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00609792 _____ (Microsoft Corporation) C:\WINDOWS\system32\psisdecd.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00608256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00608256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00607368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00605832 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\filemgmt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMActivate_isv.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\psr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsdyn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00601600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\colorui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00596984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00593408 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\system32\wvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00589600 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00588280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_9.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00584464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipsmsnap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdohlp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfrgui.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00576360 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMActivate.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00566592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00562352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00553760 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00550160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-12-03 08:34 - 2016-12-03 08:34 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxAPDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFSv1.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrGidsHandler.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00542480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00539920 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\localsec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00537360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\glmf32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00536096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00535552 ____R (Microsoft Corporation) C:\WINDOWS\system32\MixedRealityCapture.Pipeline.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqlcese40.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00527120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00526776 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00525584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_PCDisplay.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00522680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00522512 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizeng.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmdial32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00521488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdelta.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00516608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbemcomn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00516608 _____ (Microsoft Corporation) C:\WINDOWS\system32\authfwcfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxHAPDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00507904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00507904 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00504616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpunits.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMActivate_ssp_isv.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00498984 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMActivate_ssp.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmdlgs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00495888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00491008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnfldr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00486672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 00486400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx
2016-12-03 08:34 - 2016-12-03 08:34 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00484864 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00481792 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00478992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 00478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00475136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00475136 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\azroleui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassdo.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtCangjieDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiashext.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtBopomofoDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsStrokeDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00461072 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\shwebsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xwizards.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtHkStrokeDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadefui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtQuickDS.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00453968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 00453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe

33
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:47:46 PM »
8th continuation of FRST

2016-12-03 08:35 - 2016-12-03 08:35 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaccrc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaccrc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00004453 _____ C:\WINDOWS\SysWOW64\odbcconf.rsp
2016-12-03 08:35 - 2016-12-03 08:35 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2help.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00004014 _____ C:\WINDOWS\SysWOW64\xwizard.dtd
2016-12-03 08:35 - 2016-12-03 08:35 - 00003666 _____ C:\WINDOWS\SysWOW64\sysprtj.sep
2016-12-03 08:35 - 2016-12-03 08:35 - 00003584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCertResources.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00003420 _____ C:\WINDOWS\SysWOW64\UevCustomActionTypes.tlb
2016-12-03 08:35 - 2016-12-03 08:35 - 00003420 _____ C:\WINDOWS\system32\UevCustomActionTypes.tlb
2016-12-03 08:35 - 2016-12-03 08:35 - 00003317 _____ C:\WINDOWS\SysWOW64\sysprint.sep
2016-12-03 08:35 - 2016-12-03 08:35 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_8.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanutil.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002778 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-12-03 08:35 - 2016-12-03 08:35 - 00002626 _____ C:\WINDOWS\SysWOW64\SecurityAndMaintenance_Alert.png
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncRes.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sfc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneutilRes.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netmsg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\neth.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3r.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorc32r.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscpx32r.dLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msafd.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lz32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprop.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iologmsg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icmp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmdskres2.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32res.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002426 _____ C:\WINDOWS\SysWOW64\WsmTxt.xsl
2016-12-03 08:35 - 2016-12-03 08:35 - 00002307 _____ C:\WINDOWS\SysWOW64\WimBootCompress.ini
2016-12-03 08:35 - 2016-12-03 08:35 - 00002233 _____ C:\WINDOWS\SysWOW64\12520850.cpx
2016-12-03 08:35 - 2016-12-03 08:35 - 00002151 _____ C:\WINDOWS\SysWOW64\12520437.cpx
2016-12-03 08:35 - 2016-12-03 08:35 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winrsmgr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rnr20.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00001820 _____ C:\WINDOWS\SysWOW64\rasctrnm.h
2016-12-03 08:35 - 2016-12-03 08:35 - 00001720 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.vbs
2016-12-03 08:35 - 2016-12-03 08:35 - 00001673 _____ C:\WINDOWS\SysWOW64\tcpbidi.xml
2016-12-03 08:35 - 2016-12-03 08:35 - 00001559 _____ C:\WINDOWS\SysWOW64\WsmPty.xsl
2016-12-03 08:35 - 2016-12-03 08:35 - 00000714 _____ C:\WINDOWS\SysWOW64\RestartManager.mof
2016-12-03 08:35 - 2016-12-03 08:35 - 00000646 _____ C:\WINDOWS\SysWOW64\Drivers\gmreadme.txt
2016-12-03 08:35 - 2016-12-03 08:35 - 00000565 _____ C:\WINDOWS\SysWOW64\NdfEventView.xml
2016-12-03 08:35 - 2016-12-03 08:35 - 00000404 _____ C:\WINDOWS\SysWOW64\@VpnToastIcon.png
2016-12-03 08:35 - 2016-12-03 08:35 - 00000330 _____ C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
2016-12-03 08:35 - 2016-12-03 08:35 - 00000308 _____ C:\WINDOWS\SysWOW64\@AudioToastIcon.png
2016-12-03 08:35 - 2016-12-03 08:35 - 00000191 _____ C:\WINDOWS\system32\AppVStreamingUX.exe.config
2016-12-03 08:35 - 2016-12-03 08:35 - 00000176 _____ C:\WINDOWS\SysWOW64\RestartManagerUninstall.mof
2016-12-03 08:35 - 2016-12-03 08:35 - 00000150 _____ C:\WINDOWS\SysWOW64\pcl.sep
2016-12-03 08:35 - 2016-12-03 08:35 - 00000146 _____ C:\WINDOWS\system32\UevAppMonitor.exe.config
2016-12-03 08:35 - 2016-12-03 08:35 - 00000051 _____ C:\WINDOWS\SysWOW64\pscript.sep
2016-12-03 08:35 - 2016-12-03 08:35 - 00000033 _____ C:\WINDOWS\SysWOW64\winrm.cmd
2016-12-03 08:34 - 2016-12-03 08:34 - 26130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\imageres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 21691952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 19437568 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\HfxCompositor.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 18439680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDORes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 13106176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 09569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 09117696 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 09035264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.HologramFramework.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 08425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 08415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 08257832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 07947536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 07814616 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 07168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 06742528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 06585856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 06144512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 06037504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 05861136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizimg.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 05804032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 05722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 05538816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 05485200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 05365248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 05241856 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 05088768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 05048280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 05040488 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 04812288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 04560592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 04476928 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 04476456 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 04373152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 04298752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMM.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 04238336 _____ (Microsoft) C:\WINDOWS\system32\GameUXLegacyGDFs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 04227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2016-12-03 08:34 - 2016-12-03 08:34 - 04166144 _____ (Microsoft) C:\WINDOWS\system32\Windows.UI.Input.Inking.InkAnalysis.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 04094976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03948544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03836416 _____ (Microsoft Corporation) C:\WINDOWS\system32\accessibilitycpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03631104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03476480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03472384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 03440660 _____ C:\WINDOWS\system32\Drivers\gm.dls
2016-12-03 08:34 - 2016-12-03 08:34 - 03424768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03421696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03324928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03265024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03230720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03198976 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03185664 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03173888 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03170304 _____ C:\WINDOWS\system32\boot.sdi
2016-12-03 08:34 - 2016-12-03 08:34 - 03156992 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03154248 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03153192 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03146240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03142840 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03061248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 03006976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02904576 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 02892288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02891776 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02839552 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02833408 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02795008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02759168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02713088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02652672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02608864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02597136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 02548224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02545856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02544128 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02531328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02509312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02502656 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02491392 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02488488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 02488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02479104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02475008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02464768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02440704 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02392424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 02329352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02316480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 02314240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02313392 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02285328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 02260752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 02209080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 02205936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02204160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02202624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02190336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02182656 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02166664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02153280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02138624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02132584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 02102784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 02101248 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 02052544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02038784 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02021888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02012672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 02001424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01961744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01959424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01951256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01937392 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01929568 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplaySwitch.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01911296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01905664 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01893536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01879040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01869088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01835520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01833472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01801728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01800192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01786368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01785344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01774128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01771528 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01750904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01720832 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01719424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01699840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01699784 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01693184 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01688864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01675776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01669632 _____ (Microsoft Corporation) C:\WINDOWS\system32\RASMM.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01634816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01613824 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01609728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01602048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01596928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfshim.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01585152 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0000.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01573160 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01565696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01544856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01526720 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01523096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01517568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01514320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01512448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01493648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01480704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01475072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01474560 _____ (Microsoft Corporation) C:\WINDOWS\system32\pla.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01468392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-03 08:34 - 2016-12-03 08:34 - 01467904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01467904 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxpTaskSync.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01432064 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagperf.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01423456 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01408512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01398112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01382160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\connect.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMNetMgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01358848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01348080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01342352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01338256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01325056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01319608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01317592 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\system32\Taskmgr.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01316864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01303824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01300240 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01295360 _____ (Microsoft Corporation) C:\WINDOWS\system32\comres.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01291264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01288088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01276824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01272144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01270784 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-12-03 08:34 - 2016-12-03 08:34 - 01269248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01265344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01256448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01256128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01253376 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01250816 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01246256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01243216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01239552 ____R (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.Capture.UX.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01239312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01237576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01230272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfperfhelper.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01229312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-03 08:34 - 2016-12-03 08:34 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01209344 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01206928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\networkexplorer.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dfshim.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01196032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01191696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-12-03 08:34 - 2016-12-03 08:34 - 01187840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Pimstore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01183760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2016-12-03 08:34 - 2016-12-03 08:34 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01176576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01175040 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01168896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01155584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shellstyle.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01154320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01151768 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-03 08:34 - 2016-12-03 08:34 - 01151488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01151256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01149952 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01144832 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01139880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01136640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01133568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdosys.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01104768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01102336 _____ (Microsoft Corporation) C:\WINDOWS\system32\opengl32.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01100048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-12-03 08:34 - 2016-12-03 08:34 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01090560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2016-12-03 08:34 - 2016-12-03 08:34 - 01090320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys

34
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:46:02 PM »
7th continuation of FRST     Since 6th continuation cut off, had to go back and find where it cut off.

2016-12-03 08:35 - 2016-12-03 08:35 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ir41_32.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtprio.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acledit.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\typelib.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storage.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole2nls.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole2disp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole2.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compobj.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcNs4.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OskSupport.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odtext32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odpdx32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odfox32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odexl32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oddbse32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Nlsdl.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfime.ime
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYCL.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSMSNO.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSMSFI.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDROST.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDROPR.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDLVST.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDCAN.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ir32_32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\getuname.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\f3ahvoas.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comcat.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\f3ahvoas.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008484 _____ C:\WINDOWS\SysWOW64\kanji_2.uce
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscadminui.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccessRes.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\simpdata.tlb
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\riched32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osuninst.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxex.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDUS.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDUKX.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSORST.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSL1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRO.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDNO1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdnecnt.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdnec95.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdnec.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINUK2.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINEN.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDGRLND.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDFI1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDCZ2.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDCZ1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDCZ.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDCR.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\idndl.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDUSX.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTZM.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTUQ.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTUF.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTIPRD.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTIPRC.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSW09.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSORS1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSOREX.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSL.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSG.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSF.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDPO.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDPL.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDNSO.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDNEPR.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDLV1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdlk41a.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDLA.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDIULAT.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdibm02.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDHU.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDHELA3.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDGR1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDGN.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDGKL.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDFC.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDES.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDCA.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBENE.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdax2.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAL.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbd106n.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbd106.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbd101.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxlibres.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole32.tlb
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYCC.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYBA.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDWOL.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDUZB.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDUSR.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDUSL.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDUSA.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDUR1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDUGHR1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDUGHR.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTURME.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTIFI2.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTIFI.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTH3.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTH2.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTH1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTH0.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAJIK.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAILE.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSYR2.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSYR1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSW.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSP.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDPL1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdphags.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDPASH.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDOLDIT.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDOLCH.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDNTL.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDNE.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDMYAN.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDMONST.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDMONMO.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDMON.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDMLT48.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDMLT47.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDMAORI.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDMACST.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDMAC.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDLV.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDLT2.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDLT1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdlisus.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdlisub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDLAO.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDKURD.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDKNI.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDKHMR.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDKAZ.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDJAV.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINTEL.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINTAM.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINPUN.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINORI.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINMAR.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINMAL.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINKAN.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINHIN.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINGUJ.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINDEV.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINBEN.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINBE2.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINBE1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDINASA.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDIBO.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDHU1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDHELA2.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdhebl3.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDHE319.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDHE220.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDHAW.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDGTHC.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDGR.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeooa.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeome.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoer.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDGAE.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDFTHRK.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDFR.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdfar.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDEST.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDDZO.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDDIV2.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDDIV1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDCHER.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBULG.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBUG.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBR.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBLR.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBHC.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBGPH1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBGPH.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBE.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdarmty.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdarmph.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDA3.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDA1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbd103.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbd101c.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbd101b.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbd101a.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006948 _____ C:\WINDOWS\SysWOW64\kanji_1.uce
2016-12-03 08:35 - 2016-12-03 08:35 - 00006886 _____ C:\WINDOWS\SysWOW64\SecurityAndMaintenance_Error.png
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDVNTC.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDURDU.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDUR.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDUK.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSORA.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDSN1.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDOSM.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDOGHAM.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDNO.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdnko.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDLT.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDKYR.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDIT142.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDIR.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDIC.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDHEB.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDHE.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDHAU.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDGEO.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDFO.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDFI.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDFA.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDDV.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDDA.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBU.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDARMW.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDARME.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDA2.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDIT.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00005796 _____ C:\WINDOWS\SysWOW64\SecurityAndMaintenance.png
2016-12-03 08:35 - 2016-12-03 08:35 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmdrmsdk.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shimeng.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\normaliz.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msidntld.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdatsrc.tlb
2016-12-03 08:35 - 2016-12-03 08:35 - 00004675 _____ C:\WINDOWS\SysWOW64\wsmanconfig_schema.xml
2016-12-03 08:35 - 2016-12-03 08:35 - 00004608 _____ (Microsoft) C:\WINDOWS\SysWOW64\WEB.rs
2016-12-03 08:35 - 2016-12-03 08:35 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\security.dll

35
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:32:56 PM »
6th continuation of FRST

2016-12-03 08:35 - 2016-12-03 08:35 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xcopy.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vpnikeapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dfscli.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddrawex.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00043872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqlwoa.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\signdrv.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\htui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00043368 _____ (Microsoft Corporation) C:\WINDOWS\system32\utildll.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00043296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PickerHost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\networkitemfactory.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lodctr.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFrameworkInternalPS.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\execmodelproxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidnsp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RegCtrl.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geocommon.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmloader.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DSCache.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00042344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tpmcompc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spopk.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sfc_os.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitsProxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AtBroker.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00041587 _____ C:\WINDOWS\SysWOW64\azman.msc
2016-12-03 08:35 - 2016-12-03 08:35 - 00041472 _____ (Microsoft) C:\WINDOWS\SysWOW64\cob-au.rs
2016-12-03 08:35 - 2016-12-03 08:35 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winrs.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\typeperf.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regini.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnification.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SortWindows61.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfctrs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\forfiles.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EtwRundown.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edpnotify.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.XboxLive.ProxyStub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbisurf.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcbcp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compact.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00040224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsUtilsV2.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00040208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspatcha.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ustprov.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncHost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SortServer2003Compat.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpolcore.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ACCTRES.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciqtz32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2016-12-03 08:35 - 2016-12-03 08:35 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\grpconv.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\relog.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RdpSa.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcicda.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MirrorDrvCompat.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmprovhost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredprovider.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PSModuleDiscoveryProvider.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dusmapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dimsroam.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XInputUap.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmiclnt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SecEdit.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pid.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthudtask.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\amsi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00037696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00037696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsCore.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cliconfg.rll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Websocket.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WalletProxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtffilt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandBrokerClient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimtf.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmmon32.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00036864 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsclient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Printers.Extensions.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uicom.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TaskSchdPS.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfos.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcacli.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\docprop.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cttunesvr.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00036088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\utildll.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00036088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iri.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pifmgr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\htui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbioext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnpcont.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\traffic.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sfc.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfdisk.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ndfetw.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmlua.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIMgrBroker.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00035128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Netplwiz.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\embeddedmodesvcapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmband.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dimsjob.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cnvfat.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unlodctr.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcreate.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esevss.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Portable.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\where.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olesvr32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nci.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mimefilt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00033496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NETSTAT.EXE
2016-12-03 08:35 - 2016-12-03 08:35 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvidc32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MirrorDrvCompat.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gmsaclient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsutil.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddodiag.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00032528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppinst.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XInput1_4.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\waitfor.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pots.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\linkinfo.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hidphone.tsp
2016-12-03 08:35 - 2016-12-03 08:35 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprnext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialer.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmcfg32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00031992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msgsm32.acm
2016-12-03 08:35 - 2016-12-03 08:35 - 00031960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netutils.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00031744 _____ (Microsoft) C:\WINDOWS\SysWOW64\usk.rs
2016-12-03 08:35 - 2016-12-03 08:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasphone.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OposHost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtsh.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vidcap.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpmib.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\proquota.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00030749 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbajet32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidres.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tvratings.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsauth.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Apphlpdm.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00030480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfmifs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxlegih.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aeevts.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpSaUacHelper.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00029872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserAccountBroker.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaExt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackagedCWALauncher.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icacls.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hidserv.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findstr.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceDisplayStatusManager.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credwiz.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vss_ps.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxstrace.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrnsave.scr
2016-12-03 08:35 - 2016-12-03 08:35 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipconfig.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\extrac32.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cliconfg.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpol.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00028888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WofUtil.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32topl.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ThumbnailExtractionHost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcnsh.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FdDevQuery.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\choice.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\syskey.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2016-12-03 08:35 - 2016-12-03 08:35 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcsubs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsTelemetry.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\canonurl.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cacls.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationClient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00027352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptbase.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userinit.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RacEngn.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ctl3d32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BthTelemetry.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpSaProxy.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\drprov.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Direct2DDesktop.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifmon.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00026328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imaadp32.acm
2016-12-03 08:35 - 2016-12-03 08:35 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\reguwpapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIMgrBroker.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timeout.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shimgvw.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fsutilext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdlg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzSqlExt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msadp32.acm
2016-12-03 08:35 - 2016-12-03 08:35 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hid.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00025264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\avrt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmiprop.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ureg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shutdownext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxdm.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpupdate.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CheckNetIsolation.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\at.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00024752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdmo.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2016-12-03 08:35 - 2016-12-03 08:35 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWNet.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\elsTrans.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clip.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00024336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00024114 _____ C:\WINDOWS\SysWOW64\lcptr.tbl
2016-12-03 08:35 - 2016-12-03 08:35 - 00024114 _____ C:\WINDOWS\system32\lcptr.tbl
2016-12-03 08:35 - 2016-12-03 08:35 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxsstore.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prevhost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msyuv.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\more.com
2016-12-03 08:35 - 2016-12-03 08:35 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciwave.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciseq.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fltMC.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmprocessxmlfiltered.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmintf.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmpbk32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvps.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00024006 _____ C:\WINDOWS\SysWOW64\gb2312.uce
2016-12-03 08:35 - 2016-12-03 08:35 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winrshost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shutdown.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shgina.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dswave.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairingProxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comp.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00023184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\version.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winrnr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\secur32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RdpSaProxy.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fc.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmgrcspps.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chkdsk.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00022984 _____ C:\WINDOWS\SysWOW64\bopomofo.uce
2016-12-03 08:35 - 2016-12-03 08:35 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemManufacturers.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lsmproxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmoleaututils.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ARP.EXE
2016-12-03 08:35 - 2016-12-03 08:35 - 00022016 _____ (Microsoft) C:\WINDOWS\SysWOW64\grb.rs
2016-12-03 08:35 - 2016-12-03 08:35 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdiagnhost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netbtugc.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DefaultPrinterProvider.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscdll.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00021680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcwum.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshcon.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscisvif.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winusb.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shunimpl.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfhost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ndproxystub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gptext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmutil.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\diskperf.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgwdi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00021264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFrameworkPS.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00021264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DDACLSys.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00020992 _____ (Microsoft) C:\WINDOWS\SysWOW64\pegi-pt.rs
2016-12-03 08:35 - 2016-12-03 08:35 - 00020992 _____ (Microsoft) C:\WINDOWS\SysWOW64\pegi.rs
2016-12-03 08:35 - 2016-12-03 08:35 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblGameSaveProxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sort.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SEMgrPS.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osbaseln.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NcdProp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ktmw32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davhlpr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bitsperf.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regsvr32.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Register-CimProvider.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drprov.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Direct2DDesktop.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidtel.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00020144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsrole.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winnlsres.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\serwvdrv.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmdext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00019456 _____ C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxshared.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ROUTE.EXE
2016-12-03 08:35 - 2016-12-03 08:35 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\replace.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasctrs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbnmpntw.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\convert.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chkntfs.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capisp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\attrib.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00019216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BOOTVID.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PING.EXE
2016-12-03 08:35 - 2016-12-03 08:35 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\midimap.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00018576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msg711.acm
2016-12-03 08:35 - 2016-12-03 08:35 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmlprovi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-12-03 08:35 - 2016-12-03 08:35 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlmproxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fltLib.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00017935 _____ C:\WINDOWS\SysWOW64\EventViewer_EventDetails.xsl
2016-12-03 08:35 - 2016-12-03 08:35 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vdmdbg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uniplat.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2016-12-03 08:35 - 2016-12-03 08:35 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schedcli.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\runas.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdial.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanui2.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiltcfg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallButtons.ProxyStub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqlwid.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WINSRPC.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.RemoteDesktop.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shpafact.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmdkey.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudDomainJoinAUG.ProxyStub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfts.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userinitext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncInfrastructureps.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDCHERP.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fixmapi.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EsdSip.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\doskey.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dispex.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00016740 _____ C:\WINDOWS\SysWOW64\ShiftJIS.uce
2016-12-03 08:35 - 2016-12-03 08:35 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsock32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshqos.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshelper.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\umdmxfrm.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Startupscan.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PATHPING.EXE
2016-12-03 08:35 - 2016-12-03 08:35 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\irclass.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icsunattend.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hh.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EnterpriseAppMgmtClient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmstplua.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00015976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksuser.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00015872 _____ (Microsoft) C:\WINDOWS\SysWOW64\djctq.rs
2016-12-03 08:35 - 2016-12-03 08:35 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\serialui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpSaPs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft) C:\WINDOWS\SysWOW64\pcbp.rs
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wowreg32.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmsgapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.SystemManagedAccount.ProxyStub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiatrace.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TRACERT.EXE
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\syssetup.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RmClient.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mountvol.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\label.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ktmutil.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\find.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\workerdd.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsddd.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00015120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshrm.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcmsetup.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subst.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityRtapiPal.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\print.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netbios.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrle32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscpxl32.dLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clb.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IconCodecService.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WlS0WndH.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Background.ps.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\secinit.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pstorec.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prflbmsg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfts.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlmsprep.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MRINFO.EXE
2016-12-03 08:35 - 2016-12-03 08:35 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetmon.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIManagerBrokerps.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\whhelper.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsbyuv.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommonPal.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PaymentMediatorServiceProxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDJPN.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\finger.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DDOIProxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CHxReadingStringIME.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00013584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\backgroundTaskHost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCShellCommonProxyStub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msidcrl40.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDKOR.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmpushproxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012876 _____ C:\WINDOWS\SysWOW64\korean.uce
2016-12-03 08:35 - 2016-12-03 08:35 - 00012872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\psapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TapiUnattend.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\recover.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\panmap.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcico.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutilx.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsui.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2016-12-03 08:35 - 2016-12-03 08:35 - 00012560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwizres.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshirda.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpPortingLibrary.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundPlayback.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usbperf.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\txfw32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwinsat.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MinstoreEvents.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmiso8601utils.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcmonitor.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceUxRes.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_ISCII.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcfgex.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmplpxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\verclsid.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RdpSaPs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscat32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InfDefaultInstall.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IconCodecService.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HOSTNAME.EXE
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FamilySafetyExt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcommandlineutils.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CortanaMapiHelper.ProxyStub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browseui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\nddeapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ctfmon.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wship6.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensApi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfmifsproxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfime.ime
2016-12-03 08:35 - 2016-12-03 08:35 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSHTCPIP.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winrssrv.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WalletBackgroundServiceProxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIManagerBrokerps.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TCPSVCS.EXE
2016-12-03 08:35 - 2016-12-03 08:35 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncHostps.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\softpub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoveDeviceElevated.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GameBarPresenceWriter.proxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBthProxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dvdplay.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhst3g.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CHxReadingStringIME.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\riched32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\winhlp32.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\write.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TapiSysprep.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sas.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regedt32.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcji32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiwer.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\help.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DefaultDeviceManager.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomcnfg.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ctfmon.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapiperf.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systray.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nddeapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msidle.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdnecat.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDHEPT.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsied.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XInput9_1_0.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeDateMUICallback.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spnet.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shfolder.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssip32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ir50_qcx.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ir50_qc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ir50_32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ir41_qcx.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ir41_qc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ir41_32.ax
2016-12-03 08:35 - 2016-12-03

36
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:30:49 PM »
5th continuation of FRST

2016-12-03 08:35 - 2016-12-03 08:35 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSAppXHelper.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00083728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00083112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngcksp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netsh.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ndfhcdiscovery.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GameBarPresenceWriter.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmstp.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00081576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ResourcePolicyClient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventvwr.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlaySndSrv.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spinf.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Mpeg2Data.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtfwd.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tasklist.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\amstream.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wecutil.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2016-12-03 08:35 - 2016-12-03 08:35 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanext.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00078472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bootcfg.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00077920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Query.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nslookup.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cliconfg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00077312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSTPager.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systeminfo.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DpiScaling.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallButtons.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bdaplgin.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsCtfMonitor.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RMSRoamingSecurity.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00076048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00075944 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocalServiceCredUIBroker.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\sessionmsg.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.TraceReporting.PlatformDiagnosticActions.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iashlpr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00074848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpbcreds.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcompos.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cca.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskkill.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ndishc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mibincodec.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Utilman.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeopleAPIs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpapimig.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinMsoIrmProtector.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slwga.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManagerApi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmghost.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcad32.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserAccountControlSettings.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartScreenSettings.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00071952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00071744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbccu32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbccr32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00070752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00070720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSDvbNP.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eqossnap.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsockhc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddisplay.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00069656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipsec.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipcontainer.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Printers.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\avicap32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinOpcIrmProtector.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\makecab.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SCardDlg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\colbact.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samcli.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidfdp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hbaapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.ServiceHostBuilder.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\loghours.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\driverquery.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_875.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_870.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_500.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_21027.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_21025.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20924.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20905.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20880.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20871.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20838.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20833.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20424.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20423.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20420.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20297.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20290.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20285.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20284.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20280.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20278.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20277.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20273.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20269.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20108.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20107.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20106.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_20105.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_1149.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_1148.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_1147.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_1146.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_1145.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_1144.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_1143.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_1142.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_1141.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_1140.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_1047.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_1026.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_10082.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_10081.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_10079.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_10029.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_10021.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_10017.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_10010.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_10007.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_10006.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_10005.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_10004.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_10000.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066082 _____ C:\WINDOWS\SysWOW64\C_037.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sberes.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvvmtransport.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmci.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputInjectionBroker.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\frprov.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WfHC.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\getmac.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsRdpWebAccess.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00065024 _____ (Twain Working Group) C:\WINDOWS\twain_32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MuiUnattend.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00064536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcirt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentprf.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\btpanui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00064024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptsp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ndadmin.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspatchc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbussdapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hdwwiz.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00063081 _____ C:\WINDOWS\SysWOW64\certlm.msc
2016-12-03 08:35 - 2016-12-03 08:35 - 00063070 _____ C:\WINDOWS\SysWOW64\certmgr.msc
2016-12-03 08:35 - 2016-12-03 08:35 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Syncreg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\radarrs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prvdmofcomp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdmat.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00061464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wtsapi32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmRes.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scripto.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ELSCore.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\openfiles.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt40.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00060458 _____ C:\WINDOWS\SysWOW64\ideograf.uce
2016-12-03 08:35 - 2016-12-03 08:35 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sc.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\playlistfolder.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3cfg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\reg.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontGlyphAnimator.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WABSyncProvider.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpmonui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dispci.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.Fontgroups.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unenrollhook.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UiaManager.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Cortana.ProxyStub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\whoami.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfwwdm32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\threadpoolwinrt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Storprop.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dxof.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winver.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhonePlatformAbstraction.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasdatastore.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngprovider.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xwizard.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprovisionsp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsCtfMonitor.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSTheme.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wecapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SortWindows6Compat.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaproxystub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksxbar.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DfsShlEx.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceCredentialDeployment.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00055808 _____ (Microsoft) C:\WINDOWS\SysWOW64\cero.rs
2016-12-03 08:35 - 2016-12-03 08:35 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoveDeviceContextHandler.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2nacp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasads.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3hc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.ProxyStub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certenc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00054784 _____ (Microsoft) C:\WINDOWS\SysWOW64\fpb.rs
2016-12-03 08:35 - 2016-12-03 08:35 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NapiNSP.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsidsc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cabapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00054704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00054664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmDeploy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00054544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PSHED.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00054544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00054272 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capiprovider.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Management.Lockdown.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetmib1.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\g711codc.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bidispl.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AddressParser.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pautoenr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\expand.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkProxyCsp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00053168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmlfilter.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stclient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWESEProviderResources.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00052224 _____ (Microsoft) C:\WINDOWS\SysWOW64\esrb.rs
2016-12-03 08:35 - 2016-12-03 08:35 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacctprofile.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddrawex.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00052144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\takeown.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprovfw.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msident.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnification.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00051632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Print.Workflow.Source.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsRdpWebAccess.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00051080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webauthn.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintPlatformConfig.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\feclient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConnectedAccountState.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\videoprt.sys
2016-12-03 08:35 - 2016-12-03 08:35 - 00050448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hcproviders.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactActivation.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adprovider.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimtf.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncProxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mskeyprotect.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00049544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00049544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msauserext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iyuv_32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpapiprovider.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Background.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ssdpapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ftp.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00048520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wtsapi32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00048520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzutil.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdPnp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dssec.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3dlg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devrtl.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00048048 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00047682 _____ C:\WINDOWS\SysWOW64\diskmgmt.msc
2016-12-03 08:35 - 2016-12-03 08:35 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vds_ps.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucmhc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\runonce.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPELoggingDictationHelper.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpclnt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deskadp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00047616 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdhui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\APHostClient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\regini.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setx.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwcfg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FontGlyphAnimator.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmxmlhelputils.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmdl32.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00046440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcRtRemote.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00046080 _____ (Microsoft) C:\WINDOWS\SysWOW64\oflc-nz.rs
2016-12-03 08:35 - 2016-12-03 08:35 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\net.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00045840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\luainstall.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSTheme.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NAPCRYPT.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msports.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhsetup.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypttpmeksvc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmutil.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HelpPaneProxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\format.com
2016-12-03 08:35 - 2016-12-03 08:35 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deskmon.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComputerDefaults.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpSa.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsmproxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00044904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemId.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TapiMigPlugin.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\joinproviderol.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmocx.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceCredential.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00044032 _____ (Microsoft) C:\WINDOWS\SysWOW64\csrr.rs

37
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:29:41 PM »
4th continuation of FRST

2016-12-03 08:35 - 2016-12-03 08:35 - 00364544 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptuiwizard.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassdo.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00355088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authfwcfg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00351728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\secproc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00344928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\verifier.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\secproc_isv.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncInfrastructure.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00343432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10_1core.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00339848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00338824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00338432 _____ (Intel Corporation.) C:\WINDOWS\SysWOW64\ir41_qcxoriginal.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiagn.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\difxapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.Phone.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\syncutil.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroleui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10core.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\configmanager2.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00323344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00319760 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcjt32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00314032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00313520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cttune.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscandui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneOm.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00306960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10core.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00305664 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eudcedit.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00304640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00303104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSATAPI.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysdm.cpl
2016-12-03 08:35 - 2016-12-03 08:35 - 00301568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regedit.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00301568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmontr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00301328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWGP.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TaskApis.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdv.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcbase.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3ui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00287152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00286208 _____ C:\WINDOWS\SysWOW64\HrtfApo.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\diskraid.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsnt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRBroker.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00280392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkspbroker.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00273696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiagn.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00271136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powrprof.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00270096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00269584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00265432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00264976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschapext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sethc.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00261392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Management.Workplace.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00260792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2016-12-03 08:35 - 2016-12-03 08:35 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt20.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdprint.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DataExchange.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00252528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapisrv.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00251536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00248904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Controls.Private.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scansetting.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsku.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ndfapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscandui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00244224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlancfg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qwave.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRClient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mycomput.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mintdh.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsnap.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\PersonaX.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00228112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wavemsp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcint.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netdiagfx.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\provthrd.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstask.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2016-12-03 08:35 - 2016-12-03 08:35 - 00219920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Dism.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00217936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HdcpHandler.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsldpc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\accountaccessor.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qcap.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00216336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsicpl.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSNP.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00212480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offfilt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00212480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsldp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmdskmgr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00211938 _____ C:\WINDOWS\SysWOW64\lcphrase.tbl
2016-12-03 08:35 - 2016-12-03 08:35 - 00211938 _____ C:\WINDOWS\system32\lcphrase.tbl
2016-12-03 08:35 - 2016-12-03 08:35 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apds.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xwtpdui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cleanmgr.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00208096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\onex.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2016-12-03 08:35 - 2016-12-03 08:35 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\remotepg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2016-12-03 08:35 - 2016-12-03 08:35 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ssText3d.scr
2016-12-03 08:35 - 2016-12-03 08:35 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CortanaMapiHelper.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00204105 _____ C:\WINDOWS\SysWOW64\winrm.vbs
2016-12-03 08:35 - 2016-12-03 08:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmime.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remotepg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgmgr32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairingFolder.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00200192 _____ (Intel Corporation.) C:\WINDOWS\SysWOW64\ir50_qcoriginal.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\verifiergui.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icsigd.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mlang.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fms.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00197632 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\ir32_32original.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00197632 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iac25_32.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00195856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00195618 _____ C:\WINDOWS\SysWOW64\C_10002.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpresult.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoeacct.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapi32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB7.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dskquoui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSyncMetastore.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00188768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqlunirl.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msls31.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10_1.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\rgb9rast.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuceffects.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlandlg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\moricons.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsdmo.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.HardwareId.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdiageng.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\miutils.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00183808 _____ (Intel Corporation.) C:\WINDOWS\SysWOW64\ir50_qcxoriginal.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\miguiresource.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchTM.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00182760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00182760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00182280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2016-12-03 08:35 - 2016-12-03 08:35 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uireng.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Cortana.Persona.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00180232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-12-03 08:35 - 2016-12-03 08:35 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\els.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00179208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Preview.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00177698 _____ C:\WINDOWS\SysWOW64\C_10003.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MTF.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00176648 _____ (Microsoft Corporation) C:\WINDOWS\system32\imm32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00175280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rometadata.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bitsadmin.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaatext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00173602 _____ C:\WINDOWS\SysWOW64\C_10008.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqlceoledb40.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\charmap.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\modemui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coredpus.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiohlp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00169336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00169336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntasn1.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00167640 _____ C:\WINDOWS\SysWOW64\chs_singlechar_pinyin.dat
2016-12-03 08:35 - 2016-12-03 08:35 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\desk.cpl
2016-12-03 08:35 - 2016-12-03 08:35 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\softkbd.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MtcModel.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00165648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ocsetapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtm.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountExtension.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfmon.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00162850 _____ C:\WINDOWS\SysWOW64\C_10001.NLS
2016-12-03 08:35 - 2016-12-03 08:35 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdminst.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00161552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellAPI.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingDiagSpp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00158992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.SettingsExtensibility.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cic.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keymgr.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdiagprv.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fms.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mydocs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlmgp.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsRasterService.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10_1.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbeio.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\L2SecHC.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00152576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00152336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PersonaX.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cabview.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmitomi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdadiag.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCCSEngineShared.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsicli.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00150248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00149019 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crtdll.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00148712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntmarta.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\diskpart.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlhtml.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2016-12-03 08:35 - 2016-12-03 08:35 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsprop.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00146944 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ivfsrc.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00145640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00145622 _____ C:\WINDOWS\SysWOW64\devmgmt.msc
2016-12-03 08:35 - 2016-12-03 08:35 - 00145519 _____ C:\WINDOWS\SysWOW64\perfmon.msc
2016-12-03 08:35 - 2016-12-03 08:35 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\UvcModel.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00145127 _____ C:\WINDOWS\SysWOW64\eventvwr.msc
2016-12-03 08:35 - 2016-12-03 08:35 - 00145059 _____ C:\WINDOWS\SysWOW64\taskschd.msc
2016-12-03 08:35 - 2016-12-03 08:35 - 00144998 _____ C:\WINDOWS\SysWOW64\lusrmgr.msc
2016-12-03 08:35 - 2016-12-03 08:35 - 00144909 _____ C:\WINDOWS\SysWOW64\fsmgmt.msc
2016-12-03 08:35 - 2016-12-03 08:35 - 00144862 _____ C:\WINDOWS\SysWOW64\tpm.msc
2016-12-03 08:35 - 2016-12-03 08:35 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.internal.shellcommon.shareexperience.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00143632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ulib.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00142904 _____ C:\WINDOWS\SysWOW64\slmgr.vbs
2016-12-03 08:35 - 2016-12-03 08:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovslegacy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uudf.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\verifiergui.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00138752 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netjoin.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00138400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imm32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\playtomenu.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbctrac.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glu32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00138016 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\net1.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fundisc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ufat.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Cortana.Persona.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppExtension.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Mystify.scr
2016-12-03 08:35 - 2016-12-03 08:35 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\softkbd.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Ribbons.scr
2016-12-03 08:35 - 2016-12-03 08:35 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prntvpt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mskeyprotcli.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrecst.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgcore.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmidcom.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prncache.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PortableDeviceSyncProvider.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00132368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fsquirt.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CastingShellExt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00131200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dispdiag.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\globinputhost.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassvcs.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00129296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxlib.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00129296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oledlg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Dsui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devobj.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fsutil.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWSD.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fde.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netid.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00126008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dssenh.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnscmmc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00124118 _____ C:\WINDOWS\SysWOW64\comexp.msc
2016-12-03 08:35 - 2016-12-03 08:35 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-12-03 08:35 - 2016-12-03 08:35 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvfw32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaatext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00123480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00123408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gcdef.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkspbrokerAx.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Internal.Printing.Workflow.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\console.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xwtpw32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00120336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsicpl.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advpack.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00120320 _____ (Intel Corporation.) C:\WINDOWS\SysWOW64\ir41_qcoriginal.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EhStorAuthn.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmstyle.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mimofcodec.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfui.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapsimextdesktop.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqlcecompact40.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\socialapis.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rshx32.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00118256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00118032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Kswdmcap.ax
2016-12-03 08:35 - 2016-12-03 08:35 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EhStorAPI.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00117232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngckeyenum.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rekeywiz.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdart.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSyncProviders.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00115184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00115091 _____ C:\WINDOWS\SysWOW64\WF.msc
2016-12-03 08:35 - 2016-12-03 08:35 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\control.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00114632 _____ C:\WINDOWS\SysWOW64\InputHost.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00114632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cabinet.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppwmi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmsynth.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprmsg.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcshext.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontview.exe
2016-12-03 08:35 - 2016-12-03 08:35 - 00113608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\omadmapi.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00113256 _____ C:\WINDOWS\SysWOW64\compmgmt.msc
2016-12-03 08:35 - 2016-12-03 08:35 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2016-12-03 08:35 - 2016-12-03 08:35 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\S

38
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:28:17 PM »
3rd continuation of FRST

2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\Provisioning
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\PLA
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\Performance
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\Migration
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\InputMethod
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\InfusedApps
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\Globalization
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\GameBarPresenceWriter
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\diagnostics
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\Cursors
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\Branding
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\Boot
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\addins
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\Users\Default\AppData\Roaming
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\Users\Default\AppData\Local\Temp
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\Users\Default User\AppData\Local\Temp
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\ProgramData\SoftwareDistribution
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\ProgramData\Comms
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\Program Files\WindowsPowerShell
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\Program Files\Windows NT
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\Program Files\Common Files\Services
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\Program Files (x86)\WindowsPowerShell
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\PerfLogs
2016-12-03 08:42 - 2016-12-03 08:38 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2016-12-03 08:42 - 2016-12-03 08:38 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2016-12-03 08:42 - 2016-12-03 08:38 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2016-12-03 08:42 - 2016-12-03 08:38 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2016-12-03 08:42 - 2016-12-03 08:38 - 00016596 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-12-03 08:42 - 2016-12-03 08:38 - 00004096 _____ C:\WINDOWS\system32\config\VSMIDK
2016-12-03 08:42 - 2016-12-03 08:38 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2016-12-03 08:42 - 2016-12-03 08:38 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2016-12-03 08:42 - 2016-12-03 08:38 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2016-12-03 08:42 - 2016-12-03 08:38 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2016-12-03 08:42 - 2016-12-03 08:38 - 00000278 ___SH C:\Users\Public\Documents\desktop.ini
2016-12-03 08:42 - 2016-12-03 08:38 - 00000174 ___SH C:\Users\Public\Downloads\desktop.ini
2016-12-03 08:42 - 2016-12-03 08:38 - 00000174 ___SH C:\Users\Public\Desktop\desktop.ini
2016-12-03 08:42 - 2016-12-03 08:38 - 00000174 ___SH C:\Users\Public\desktop.ini
2016-12-03 08:42 - 2016-12-03 08:38 - 00000174 ___SH C:\Users\desktop.ini
2016-12-03 08:42 - 2016-12-03 08:38 - 00000174 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
2016-12-03 08:42 - 2016-12-03 08:38 - 00000174 ___SH C:\Program Files\desktop.ini
2016-12-03 08:42 - 2016-12-03 08:38 - 00000174 ___SH C:\Program Files (x86)\desktop.ini
2016-12-03 08:41 - 2017-01-18 10:01 - 00000000 ____D C:\WINDOWS\system32\drivers
2016-12-03 08:41 - 2016-12-26 09:46 - 00000000 ____D C:\WINDOWS\system32\Drivers\UMDF
2016-12-03 08:38 - 2017-01-24 10:56 - 00000000 ____D C:\WINDOWS\INF
2016-12-03 08:36 - 2016-12-03 10:01 - 02508288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkAnalysisLegacyCom.dll
2016-12-03 08:36 - 2016-12-03 10:01 - 00810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-12-03 08:36 - 2016-12-03 10:01 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2016-12-03 08:36 - 2016-12-03 10:01 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2016-12-03 08:36 - 2016-12-03 10:01 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-12-03 08:36 - 2016-12-03 10:01 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2016-12-03 08:36 - 2016-12-03 10:01 - 00264888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpendp.dll
2016-12-03 08:36 - 2016-12-03 10:01 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDist.dll
2016-12-03 08:36 - 2016-12-03 10:01 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\baaupdate.exe
2016-12-03 08:36 - 2016-12-03 10:01 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerWizardElev.exe
2016-12-03 08:36 - 2016-12-03 10:01 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerWizard.exe
2016-12-03 08:36 - 2016-12-03 10:01 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2016-12-03 08:36 - 2016-12-03 10:01 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.exe
2016-12-03 08:36 - 2016-12-03 10:01 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2016-12-03 08:36 - 2016-12-03 10:01 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeSysprep.dll
2016-12-03 08:36 - 2016-12-03 10:00 - 00345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDistSh.dll
2016-12-03 08:36 - 2016-12-03 10:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2016-12-03 08:36 - 2016-12-03 10:00 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveprompt.exe
2016-12-03 08:36 - 2016-12-03 10:00 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgmts.dll
2016-12-03 08:36 - 2016-12-03 10:00 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfg.exe
2016-12-03 08:36 - 2016-12-03 10:00 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-12-03 08:36 - 2016-12-03 10:00 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfdts.dll
2016-12-03 08:36 - 2016-12-03 09:52 - 05484032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2016-12-03 08:36 - 2016-12-03 09:52 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 32780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 31624768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 13139968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 12123136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 11716608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-12-03 08:36 - 2016-12-03 08:36 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-12-03 08:36 - 2016-12-03 08:36 - 08018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 07289344 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 05657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 04818432 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 04567696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 04128256 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 03953664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 03759104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 03424768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 03415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 02183704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2016-12-03 08:36 - 2016-12-03 08:36 - 02012160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-12-03 08:36 - 2016-12-03 08:36 - 01959424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 01867776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 01641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 01568768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 01460224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 01334600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 01276048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 01219584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 01206272 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMNetMgr.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 01143808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00992256 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFS.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00987848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00962048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSRESM.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSRESM.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00909968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSST.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00829440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdcpl.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00716944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00700928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00692496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-12-03 08:36 - 2016-12-03 08:36 - 00690016 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFSR.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PortableDeviceApi.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00660992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00660992 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSSVC.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2016-12-03 08:36 - 2016-12-03 08:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PortableDeviceApi.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2016-12-03 08:36 - 2016-12-03 08:36 - 00484552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswmdm.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00440832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\PortableDeviceStatus.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PortableDeviceStatus.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMPOSE.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSTIFF.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00395776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPDSp.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\provsvc.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00385264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswmdm.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2016-12-03 08:36 - 2016-12-03 08:36 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPDSp.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srchadmin.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasppp.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasppp.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00292824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00286128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdeunlock.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\elshyph.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\cewmdm.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOVER.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXST30.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\srrstr.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00248360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-12-03 08:36 - 2016-12-03 08:36 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\audiodev.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00243240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationHost.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cewmdm.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\unregmp2.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drt.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\elshyph.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\recdisc.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\PortableDeviceTypes.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unregmp2.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSUTILITY.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvenotify.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrdc.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmidx.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00149736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpps.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\raserver.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrahc.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PortableDeviceWiaCompat.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\repair-bde.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00120320 _____ (Microsoft) C:\WINDOWS\system32\SMBHelperClass.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\racpldlg.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raserver.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseLiveTileTask.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSXP32.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmdmps.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwrshplugin.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOM.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\srhelper.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSSessionUX.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00085888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2016-12-03 08:36 - 2016-12-03 08:36 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logagent.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00083968 _____ (Microsoft) C:\WINDOWS\SysWOW64\SMBHelperClass.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSROUTE.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingHost.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\BlbEvents.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOM.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msra.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\PortableDeviceConnectApi.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2016-12-03 08:36 - 2016-12-03 08:36 - 00076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2016-12-03 08:36 - 2016-12-03 08:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2016-12-03 08:36 - 2016-12-03 08:36 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPDShServiceObj.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pwrshplugin.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\scavengeui.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pnrpnsp.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\blb_ps.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00063632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrTasks.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drtprov.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPDShServiceObj.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdchange.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bderepair.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationHostProxy.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSMON.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmler.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.tlb
2016-12-03 08:36 - 2016-12-03 08:36 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.tlb
2016-12-03 08:36 - 2016-12-03 08:36 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsepno.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drttransport.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmdmlog.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdchange.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSEXT32.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmdmps.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdeui.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMPOSERES.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ms3dthumbnailprovider.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmdmlog.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinFax.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPDShextAutoplay.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WofTasks.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.WebPlatform.SecurityBroker.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\srwmi.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecerts.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootim.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00026384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WpdUpFltr.sys
2016-12-03 08:36 - 2016-12-03 08:36 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinFax.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ms3dthumbnailprovider.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00024208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\VscMgrPS.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSUNATD.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srdelayed.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00019112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00019112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\amcompat.tlb
2016-12-03 08:36 - 2016-12-03 08:36 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\amcompat.tlb
2016-12-03 08:36 - 2016-12-03 08:36 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srdelayed.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VscMgrPS.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2016-12-03 08:36 - 2016-12-03 08:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00010429 _____ C:\WINDOWS\system32\ScavengeSpace.xml
2016-12-03 08:36 - 2016-12-03 08:36 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LAPRXY.DLL
2016-12-03 08:36 - 2016-12-03 08:36 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSEVENT.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2016-12-03 08:36 - 2016-12-03 08:36 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2016-12-03 08:36 - 2016-12-03 08:36 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2016-12-03 08:36 - 2016-12-03 08:36 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2016-12-03 08:36 - 2016-12-03 08:36 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-12-03 08:36 - 2016-12-03 08:36 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-12-03 08:36 - 2016-12-03 08:36 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrEvents.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00003458 _____ C:\WINDOWS\SysWOW64\ieuinit.inf
2016-12-03 08:36 - 2016-12-03 08:36 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmerror.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asferror.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmerror.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\blbres.dll
2016-12-03 08:36 - 2016-12-03 08:36 - 00002349 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2016-12-03 08:36 - 2016-12-03 08:36 - 00001649 _____ C:\WINDOWS\SysWOW64\WindowsCodecsRaw.txt
2016-12-03 08:36 - 2016-12-03 08:36 - 00001649 _____ C:\WINDOWS\system32\WindowsCodecsRaw.txt
2016-12-03 08:36 - 2016-12-03 08:36 - 00000874 _____ C:\WINDOWS\system32\manage-bde.wsf
2016-12-03 08:35 - 2016-12-03 10:01 - 02469888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 01960960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 01803024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 01545488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 01527056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 01496064 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmclient.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 01347584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsCpl.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsCpl.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 01280512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 01104144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 01039120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00904976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00885520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00833808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mblctr.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00763392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCacheProvider.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00750352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmscan.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00676112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msTextPrediction.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrptadm.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00546064 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrptadm.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppIdPolicyEngineApi.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00422672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSh.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ConfigWrapper.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmstormod.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrpUxNativeSnapIn.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SrpUxNativeSnapIn.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00288016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ManagedEventLogging.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddputils.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00275216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00245008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddpchunk.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00241424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscfgwmi.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditNativeSnapIn.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationSettings.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwsharedperformance.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppvClientEventLog.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00214800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CmUtil.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgmts.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00192272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmshell.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hwrreg.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinput.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00179984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00176912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2016-12-03 08:35 - 2016-12-03 10:01 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.SecureAssessment.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\adrclient.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00147439 _____ C:\WINDOWS\system32\gpedit.msc
2016-12-03 08:35 - 2016-12-03 10:01 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsClassExtension.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddptrace.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwclientres.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00120458 _____ C:\WINDOWS\system32\secpol.msc
2016-12-03 08:35 - 2016-12-03 10:01 - 00111616 _____ C:\WINDOWS\system32\RDVGHelper.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessCsp.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmtrace.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageInspector.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpolmsg.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpolmsg.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmlib.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00088848 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dggpext.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SyncController.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssecuser.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditPolicyGPInterop.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipRenew.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintBrmUi.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00070928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Common.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddp_ps.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppCore.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAppMonitor.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CabUtil.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RotMgr.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hwrcomp.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.EventLogMessages.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00043566 _____ C:\WINDOWS\system32\rsop.msc
2016-12-03 08:35 - 2016-12-03 10:01 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAgentPolicyGenerator.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00039696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmbeddedAppLauncherConfig.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00036112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UevAgentDriver.sys
2016-12-03 08:35 - 2016-12-03 10:01 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm_ps.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00031744 _____ C:\WINDOWS\system32\LockdownUtil.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\qwinsta.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qprocess.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorPerformanceEvents.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msg.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32_DeviceGuard.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00025872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2016-12-03 08:35 - 2016-12-03 10:01 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\quser.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\chgport.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tskill.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\qappsrv.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsdiscon.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscon.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rwinsta.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Management.WmiAccess.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoff.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\chglogon.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorCustomAdbAlgorithm.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\chgusr.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Management.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppData.WinRT.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SyncCommon.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Common.WinRT.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\reset.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.LocalSyncProvider.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\change.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00017680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScriptRunner.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\query.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernSync.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AgentDriverEvents.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevTemplateBaselineGenerator.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwstreamingux.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevTemplateConfigItemGenerator.exe
2016-12-03 08:35 - 2016-12-03 10:01 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SmbSyncProvider.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.MonitorSyncProvider.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SyncConditions.dll
2016-12-03 08:35 - 2016-12-03 10:01 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.SecureAssessment.Diagnostics.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 03757056 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkAnalysisLegacyCom.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 02669840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 02386192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 02082816 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 01618192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 01480976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00911872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmclient.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00880400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2016-12-03 08:35 - 2016-12-03 10:00 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgogl32.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2016-12-03 08:35 - 2016-12-03 10:00 - 00514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SnippingTool.exe
2016-12-03 08:35 - 2016-12-03 10:00 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00457216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmscan.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AdmTmpl.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2016-12-03 08:35 - 2016-12-03 10:00 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2016-12-03 08:35 - 2016-12-03 10:00 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00304672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpendp.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tspubwmi.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDist.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCleaner.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscobj.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00190224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mavinject.exe
2016-12-03 08:35 - 2016-12-03 10:00 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmstormod.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgocl32.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00155920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys
2016-12-03 08:35 - 2016-12-03 10:00 - 00153600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgu1132.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00147728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mavinject.exe
2016-12-03 08:35 - 2016-12-03 10:00 - 00147439 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2016-12-03 08:35 - 2016-12-03 10:00 - 00146944 ____R (Microsoft Corporation) C:\WINDOWS\system32\SecureAssessmentHandlers.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00146704 _____ (Microsoft Corporation) C:\WINDOWS\system32\CscMig.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00146389 _____ C:\WINDOWS\system32\printmanagement.msc
2016-12-03 08:35 - 2016-12-03 10:00 - 00136976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVfs.sys
2016-12-03 08:35 - 2016-12-03 10:00 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppManagementConfiguration.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmshell.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00123152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppVStrm.sys
2016-12-03 08:35 - 2016-12-03 10:00 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppManagementConfiguration.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00100352 ____R (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.SecureAssessment.CfgProvider.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adrclient.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgumd32.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2016-12-03 08:35 - 2016-12-03 10:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsign.exe
2016-12-03 08:35 - 2016-12-03 10:00 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmlib.dll
2016

39
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:26:46 PM »
2nd continuation of FRST

2016-12-21 19:49 - 2016-12-21 19:51 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-12-21 19:48 - 2017-01-24 11:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-21 19:48 - 2017-01-24 08:56 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D002788C-48CD-40AE-A6C5-A9399CD88D27}
2016-12-21 19:48 - 2017-01-12 17:19 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-12-21 19:48 - 2016-12-21 19:48 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-21 19:48 - 2016-12-21 19:48 - 00003226 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-21 19:48 - 2016-12-21 19:48 - 00003150 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d1b446eafdf7a7
2016-12-21 19:48 - 2016-12-21 19:48 - 00002336 _____ C:\WINDOWS\System32\Tasks\{3B8F5E62-39B9-47BB-8AE7-DEB6E12BD22B}
2016-12-21 19:48 - 2016-12-21 19:48 - 00002276 _____ C:\WINDOWS\System32\Tasks\{2746715E-41F5-45F6-87C8-F6AD1333CC64}
2016-12-21 19:48 - 2016-12-21 19:48 - 00002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-12-21 19:48 - 2016-12-21 19:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-12-21 19:48 - 2016-12-21 19:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-12-21 19:48 - 2016-12-21 19:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-12-21 19:45 - 2017-01-24 11:36 - 01233870 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-21 19:39 - 2017-01-24 13:20 - 3428638720 ___SH C:\hiberfil.sys
2016-12-21 19:38 - 2016-12-21 19:38 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-12-21 19:33 - 2016-12-21 19:39 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-12-21 19:31 - 2017-01-24 14:27 - 00000000 ____D C:\Users\nepta\AppData\Local\Temp
2016-12-21 19:31 - 2017-01-24 11:31 - 11534336 ____H C:\Users\nepta\NTUSER.DAT
2016-12-21 19:31 - 2017-01-24 10:41 - 00000000 ____D C:\Users\nepta\AppData\Roaming
2016-12-21 19:31 - 2017-01-24 10:41 - 00000000 ____D C:\Users\nepta\AppData\Local
2016-12-21 19:31 - 2017-01-22 17:48 - 00000000 ____D C:\Users\nepta
2016-12-21 19:31 - 2017-01-21 17:48 - 00524288 ___SH C:\Users\nepta\NTUSER.DAT{d91aba27-c7e5-11e6-bc1e-d56ad53b2d41}.TMContainer00000000000000000002.regtrans-ms
2016-12-21 19:31 - 2017-01-21 17:48 - 00065536 ___SH C:\Users\nepta\NTUSER.DAT{d91aba27-c7e5-11e6-bc1e-d56ad53b2d41}.TM.blf
2016-12-21 19:31 - 2017-01-02 18:25 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{72a53a21-b964-11e6-a943-e41d2d0d3f20}.TMContainer00000000000000000002.regtrans-ms
2016-12-21 19:31 - 2017-01-02 18:25 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{72a53a21-b964-11e6-a943-e41d2d0d3f20}.TMContainer00000000000000000001.regtrans-ms
2016-12-21 19:31 - 2017-01-02 18:25 - 00065536 ___SH C:\WINDOWS\system32\config\COMPONENTS{72a53a21-b964-11e6-a943-e41d2d0d3f20}.TM.blf
2016-12-21 19:31 - 2016-12-29 17:13 - 00524288 ___SH C:\Users\nepta\NTUSER.DAT{d91aba27-c7e5-11e6-bc1e-d56ad53b2d41}.TMContainer00000000000000000001.regtrans-ms
2016-12-21 19:31 - 2016-12-21 19:54 - 00000000 ___RD C:\Users\nepta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-21 19:31 - 2016-12-21 19:44 - 00000000 ___SD C:\Users\nepta\AppData\Roaming\Microsoft
2016-12-21 19:31 - 2016-12-21 19:44 - 00000000 ____D C:\Users\nepta\AppData\Local\Microsoft
2016-12-21 19:31 - 2016-12-21 19:39 - 00524288 ___SH C:\WINDOWS\system32\config\ELAM{120e256d-b936-11e6-a947-e41d2d740e30}.TMContainer00000000000000000002.regtrans-ms
2016-12-21 19:31 - 2016-12-21 19:39 - 00524288 ___SH C:\WINDOWS\system32\config\ELAM{120e256d-b936-11e6-a947-e41d2d740e30}.TMContainer00000000000000000001.regtrans-ms
2016-12-21 19:31 - 2016-12-21 19:39 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM{120e256d-b936-11e6-a947-e41d2d740e30}.TM.blf
2016-12-21 19:31 - 2016-12-21 19:33 - 00000000 ___HD C:\Users\nepta\AppData
2016-12-21 19:31 - 2016-12-21 19:31 - 02752512 ___SH C:\Users\nepta\ntuser.dat.LOG1
2016-12-21 19:31 - 2016-12-21 19:31 - 00180224 ___SH C:\Users\nepta\ntuser.dat.LOG2
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\Templates
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\Start Menu
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\SendTo
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\Recent
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\PrintHood
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\NetHood
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\My Documents
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\Local Settings
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\Documents\My Videos
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\Documents\My Pictures
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\Documents\My Music
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\Cookies
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\Application Data
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\AppData\Local\Temporary Internet Files
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\AppData\Local\History
2016-12-21 19:31 - 2016-12-21 19:31 - 00000000 _SHDL C:\Users\nepta\AppData\Local\Application Data
2016-12-21 19:31 - 2016-12-03 08:42 - 00000000 ___RD C:\Users\nepta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-12-21 19:31 - 2016-12-03 08:42 - 00000000 ___RD C:\Users\nepta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-12-21 19:31 - 2016-12-03 08:42 - 00000000 ___RD C:\Users\nepta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-12-21 19:31 - 2016-12-03 08:42 - 00000000 ____D C:\Users\nepta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-21 19:30 - 2017-01-24 11:32 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-21 19:30 - 2016-12-21 21:20 - 01003228 _____ C:\WINDOWS\system32\oem25.inf
2016-12-21 19:30 - 2016-12-21 19:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-21 19:30 - 2016-12-21 19:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-21 19:30 - 2016-12-21 19:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-21 19:30 - 2016-12-21 19:30 - 00000000 ___HD C:\Program Files (x86)\Uninstall Information
2016-12-21 19:30 - 2016-12-21 19:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-12-21 19:30 - 2016-12-21 19:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-12-21 19:30 - 2016-12-21 19:30 - 00000000 ____D C:\Program Files\Synaptics
2016-12-21 19:30 - 2016-08-01 06:54 - 06386744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-12-21 19:30 - 2016-08-01 06:54 - 02466360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-12-21 19:30 - 2016-08-01 06:54 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-12-21 19:30 - 2016-08-01 06:54 - 01365048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-12-21 19:30 - 2016-08-01 06:54 - 00547896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-12-21 19:30 - 2016-08-01 06:54 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-12-21 19:30 - 2016-08-01 06:54 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-12-21 19:30 - 2016-08-01 06:54 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-12-21 19:30 - 2016-07-28 07:02 - 07242545 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-12-21 19:29 - 2017-01-24 13:20 - 00067584 ____S C:\WINDOWS\bootstat.dat
2016-12-21 19:29 - 2016-12-21 19:29 - 00524288 ___SH C:\Users\Default\NTUSER.DAT{d91aba27-c7e5-11e6-bc1e-d56ad53b2d41}.TMContainer00000000000000000002.regtrans-ms
2016-12-21 19:29 - 2016-12-21 19:29 - 00524288 ___SH C:\Users\Default\NTUSER.DAT{d91aba27-c7e5-11e6-bc1e-d56ad53b2d41}.TMContainer00000000000000000001.regtrans-ms
2016-12-21 19:29 - 2016-12-21 19:29 - 00065536 ___SH C:\Users\Default\NTUSER.DAT{d91aba27-c7e5-11e6-bc1e-d56ad53b2d41}.TM.blf
2016-12-21 19:29 - 2016-12-21 19:29 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-12-21 19:29 - 2016-12-21 19:29 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-12-21 19:29 - 2016-12-21 19:29 - 00000000 ____D C:\Program Files\Realtek
2016-12-21 19:29 - 2016-12-03 08:33 - 02258432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-12-21 19:28 - 2017-01-24 14:13 - 00000000 ____D C:\WINDOWS\Prefetch
2016-12-21 19:28 - 2017-01-24 13:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-21 19:28 - 2017-01-24 10:39 - 00362472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-21 19:28 - 2016-12-21 19:33 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{72a53a2f-b964-11e6-a943-e41d2d0d3f20}.TMContainer00000000000000000002.regtrans-ms
2016-12-21 19:28 - 2016-12-21 19:33 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{72a53a2f-b964-11e6-a943-e41d2d0d3f20}.TMContainer00000000000000000001.regtrans-ms
2016-12-21 19:28 - 2016-12-21 19:33 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{72a53a2f-b964-11e6-a943-e41d2d0d3f20}.TM.blf
2016-12-21 19:28 - 2016-12-21 19:28 - 00524288 ___SH C:\Users\Default\NTUSER.DAT{72a53a54-b964-11e6-a943-e41d2d0d3f20}.TMContainer00000000000000000002.regtrans-ms
2016-12-21 19:28 - 2016-12-21 19:28 - 00524288 ___SH C:\Users\Default\NTUSER.DAT{72a53a54-b964-11e6-a943-e41d2d0d3f20}.TMContainer00000000000000000001.regtrans-ms
2016-12-21 19:28 - 2016-12-21 19:28 - 00065536 ___SH C:\Users\Default\NTUSER.DAT{72a53a54-b964-11e6-a943-e41d2d0d3f20}.TM.blf
2016-12-21 19:28 - 2016-12-21 19:28 - 00032382 _____ C:\WINDOWS\system32\NetSetupMig.log
2016-12-19 10:04 - 2016-12-21 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-12-19 10:03 - 2016-12-21 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-19 10:03 - 2016-12-19 10:03 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-19 10:03 - 2016-12-19 10:03 - 00000000 ____D C:\Program Files\iTunes
2016-12-19 10:03 - 2016-12-19 10:03 - 00000000 ____D C:\Program Files\iPod
2016-12-18 13:57 - 2016-12-23 12:11 - 00000000 ___DC C:\WINDOWS\Panther
2016-12-17 13:28 - 2016-12-17 13:28 - 00030208 _____ C:\Users\nepta\Documents\2016-12 We've received your payment.msg
2016-12-11 16:39 - 2016-12-11 16:44 - 03070360 _____ C:\Users\nepta\Downloads\SplashShopper-Desktop (1).exe
2016-12-03 10:03 - 2016-12-03 10:03 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\quickassist.exe
2016-12-03 10:02 - 2016-12-03 08:35 - 00033882 _____ C:\WINDOWS\Professional.xml
2016-12-03 10:01 - 2016-12-03 10:01 - 00027136 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2016-12-03 10:01 - 2016-12-03 10:01 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2016-12-03 10:01 - 2016-12-03 10:01 - 00000000 ____D C:\WINDOWS\RemotePackages
2016-12-03 10:01 - 2016-12-03 10:01 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-12-03 09:53 - 2016-12-03 09:53 - 00000000 ____D C:\WINDOWS\OCR
2016-12-03 09:52 - 2016-12-03 10:01 - 00000000 ____D C:\WINDOWS\system32\en
2016-12-03 09:52 - 2016-12-03 10:01 - 00000000 ____D C:\WINDOWS\system32\Drivers\en-US
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\en
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\Drivers\UMDF
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\Drivers\en-US
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\system32\0409
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SKB
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\en-US
2016-12-03 09:52 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-12-03 09:30 - 2016-12-03 09:30 - 00028672 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
2016-12-03 09:30 - 2016-12-03 09:30 - 00000000 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG2
2016-12-03 09:30 - 2016-12-03 09:30 - 00000000 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG1
2016-12-03 09:25 - 2016-12-03 09:25 - 00000000 _SHDL C:\Users\Default User
2016-12-03 09:25 - 2016-12-03 09:25 - 00000000 _SHDL C:\Users\All Users
2016-12-03 08:48 - 2016-12-03 08:48 - 00000000 ____D C:\WINDOWS\Setup
2016-12-03 08:47 - 2016-12-03 08:36 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-03 08:47 - 2016-12-03 08:36 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-03 08:46 - 2017-01-24 11:36 - 01008122 _____ C:\WINDOWS\system32\perfh009.dat
2016-12-03 08:46 - 2017-01-24 11:36 - 00223418 _____ C:\WINDOWS\system32\perfc009.dat
2016-12-03 08:46 - 2016-12-03 08:38 - 00296742 _____ C:\WINDOWS\system32\perfi009.dat
2016-12-03 08:46 - 2016-12-03 08:38 - 00033362 _____ C:\WINDOWS\system32\perfd009.dat
2016-12-03 08:42 - 2017-01-24 14:10 - 00000000 ____D C:\WINDOWS\Temp
2016-12-03 08:42 - 2017-01-24 13:34 - 00000000 ____D C:\WINDOWS\system32\sru
2016-12-03 08:42 - 2017-01-24 11:31 - 00000000 ___RD C:\Program Files
2016-12-03 08:42 - 2017-01-24 10:56 - 00000000 ____D C:\WINDOWS\debug
2016-12-03 08:42 - 2017-01-24 10:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs
2016-12-03 08:42 - 2017-01-24 10:41 - 00000000 ___HD C:\ProgramData
2016-12-03 08:42 - 2017-01-24 10:38 - 00000000 __RSD C:\WINDOWS\Fonts
2016-12-03 08:42 - 2017-01-24 10:30 - 00000000 ___RD C:\WINDOWS\Microsoft.NET
2016-12-03 08:42 - 2017-01-24 10:30 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-03 08:42 - 2017-01-24 10:24 - 00000000 _SHDC C:\WINDOWS\Installer
2016-12-03 08:42 - 2017-01-24 10:23 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-03 08:42 - 2017-01-24 10:11 - 00000000 ___RD C:\WINDOWS\assembly
2016-12-03 08:42 - 2017-01-23 10:27 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-03 08:42 - 2017-01-20 14:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-03 08:42 - 2017-01-18 11:49 - 00000000 ____D C:\WINDOWS\system32\config\RegBack
2016-12-03 08:42 - 2017-01-18 09:59 - 00000000 ____D C:\WINDOWS\system32\Tasks
2016-12-03 08:42 - 2017-01-05 10:01 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-03 08:42 - 2017-01-02 14:43 - 00000000 ___RD C:\Program Files (x86)
2016-12-03 08:42 - 2016-12-23 15:25 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2016-12-03 08:42 - 2016-12-22 10:09 - 00000000 ____D C:\WINDOWS\system32\restore
2016-12-03 08:42 - 2016-12-22 10:03 - 00000000 ____D C:\WINDOWS\appcompat
2016-12-03 08:42 - 2016-12-22 10:02 - 00000000 ____D C:\WINDOWS\system32\WDI
2016-12-03 08:42 - 2016-12-21 21:27 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-12-03 08:42 - 2016-12-21 20:04 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-12-03 08:42 - 2016-12-21 20:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-12-03 08:42 - 2016-12-21 19:54 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-03 08:42 - 2016-12-21 19:53 - 00000000 ____D C:\WINDOWS\rescache
2016-12-03 08:42 - 2016-12-21 19:52 - 00000000 ____D C:\Users\Default\AppData\Local
2016-12-03 08:42 - 2016-12-21 19:52 - 00000000 ____D C:\Users\Default User\AppData\Local
2016-12-03 08:42 - 2016-12-21 19:52 - 00000000 ____D C:\ProgramData\USOPrivate
2016-12-03 08:42 - 2016-12-21 19:48 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-12-03 08:42 - 2016-12-21 19:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Microsoft
2016-12-03 08:42 - 2016-12-21 19:48 - 00000000 ____D C:\WINDOWS\Registration
2016-12-03 08:42 - 2016-12-21 19:47 - 00000000 __RSD C:\WINDOWS\Media
2016-12-03 08:42 - 2016-12-21 19:47 - 00000000 ___SD C:\ProgramData\Microsoft
2016-12-03 08:42 - 2016-12-21 19:46 - 00000000 __RHD C:\Users\Public\Libraries
2016-12-03 08:42 - 2016-12-21 19:46 - 00000000 ____D C:\WINDOWS\system32\Drivers\etc
2016-12-03 08:42 - 2016-12-21 19:42 - 00000000 ___SD C:\Users\Default\AppData\Roaming\Microsoft
2016-12-03 08:42 - 2016-12-21 19:42 - 00000000 ___SD C:\Users\Default User\AppData\Roaming\Microsoft
2016-12-03 08:42 - 2016-12-21 19:42 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-03 08:42 - 2016-12-21 19:38 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-03 08:42 - 2016-12-21 19:38 - 00000000 ____D C:\WINDOWS\system32\CodeIntegrity
2016-12-03 08:42 - 2016-12-21 19:34 - 00000000 ___RD C:\Users\Public
2016-12-03 08:42 - 2016-12-21 19:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-03 08:42 - 2016-12-21 19:34 - 00000000 ____D C:\WINDOWS\twain_32
2016-12-03 08:42 - 2016-12-21 19:34 - 00000000 ____D C:\WINDOWS\SysWOW64\migration
2016-12-03 08:42 - 2016-12-21 19:34 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-12-03 08:42 - 2016-12-21 19:34 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-03 08:42 - 2016-12-21 19:34 - 00000000 ____D C:\WINDOWS\system32\spool
2016-12-03 08:42 - 2016-12-21 19:34 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-03 08:42 - 2016-12-21 19:34 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-12-03 08:42 - 2016-12-21 19:34 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-03 08:42 - 2016-12-21 19:34 - 00000000 ____D C:\WINDOWS\HoloShell
2016-12-03 08:42 - 2016-12-21 19:34 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-03 08:42 - 2016-12-21 19:34 - 00000000 ____D C:\Program Files\Common Files
2016-12-03 08:42 - 2016-12-21 19:34 - 00000000 ____D C:\Program Files (x86)\Microsoft.NET
2016-12-03 08:42 - 2016-12-21 19:33 - 00000000 ____D C:\WINDOWS\system32\Recovery
2016-12-03 08:42 - 2016-12-21 19:30 - 00000000 ____D C:\WINDOWS\Help
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\SystemApps
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\zh-TW
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\zh-CN
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\th-TH
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\sv-SE
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\ru-RU
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\pt-PT
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\pt-BR
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\pl-PL
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\nl-NL
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\nb-NO
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\ko-KR
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\ja-jp
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\it-IT
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\hu-HU
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\he-IL
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\fr-FR
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\fr-CA
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\fi-FI
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\es-ES
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\el-GR
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\de-DE
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\da-DK
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\cs-CZ
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2016-12-03 08:42 - 2016-12-03 10:03 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2016-12-03 08:42 - 2016-12-03 10:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-03 08:42 - 2016-12-03 10:01 - 00000000 ____D C:\WINDOWS\SysWOW64\wbem
2016-12-03 08:42 - 2016-12-03 10:01 - 00000000 ____D C:\WINDOWS\system32\migration
2016-12-03 08:42 - 2016-12-03 10:01 - 00000000 ____D C:\WINDOWS\security
2016-12-03 08:42 - 2016-12-03 10:01 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft
2016-12-03 08:42 - 2016-12-03 10:01 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\drivers
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\system32\setup
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\system32\Com
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\IME
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\Program Files\Windows Media Player
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\Program Files\Windows Mail
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\Program Files\Windows Defender
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\Program Files\Common Files\System
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\Program Files (x86)\Windows Media Player
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\Program Files (x86)\Windows Mail
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-12-03 08:42 - 2016-12-03 09:52 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ___HD C:\Users\Default\AppData
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\Web
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\Vss
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\tracing
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\TAPI
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-TW
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-CN
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\WindowsPowerShell
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Tasks
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sv-SE
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sru
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-CS
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sppui
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\spp
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech_OneCore
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ru-RU
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\restore
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Recovery
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\RasToast
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\pt-PT
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\pt-BR
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\pl-PL
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\nl-NL
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\networklist
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\nb-NO
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\MSDRM
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\LogFiles
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Licenses
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ko-KR
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ja-JP
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\it-IT
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\hu-HU
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\fr-FR
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\fr-CA
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\fi-FI
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\es-MX
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\es-ES
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\el-GR
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\DriverStore
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\de-DE
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\da-DK
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\cs-CZ
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\config
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\catroot
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SystemResources
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\winevt
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\sppui
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\spp
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\Speech_OneCore
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\Speech
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\RasToast
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\ras
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\networklist
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\MSDRM
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\Licenses
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\IME
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\ias
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\Hydrogen
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\DDFs
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\config\TxR
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\config\systemprofile
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\system\Speech
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\System
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\Speech_OneCore
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\Speech
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\schemas
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\SchCache
2016-12-03 08:42 - 2016-12-03 08:42 - 00000000 ____D C:\WINDOWS\Resources

40
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 08:22:45 PM »
Continuation of FRST

2017-01-23 18:20 - 2017-01-23 18:20 - 00634590 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--91A2F770--4D5715896E9E.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00628546 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--076A9B8F--8C938D6E49E5.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00573486 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6C91C019--32B7E945049D.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00573315 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6C400787--EE1A0EBD7E1C.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00567699 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--184FF82D--7BE8823F18DA.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00385073 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--32A96D2A--76E959CB7019.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00374291 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6F038A9A--E8AC7C8D53FC.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00374291 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--E8A35AD6--E25CF151CDBE.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00336514 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--D47CFEC2--2CC8DD3DE6AC.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00316962 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--90EA4F94--A0137A43B964.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00285227 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--F5119BF5--250B4F45541C.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00279818 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--82318336--4E9667272002.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00142920 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--C8E876F4--5ED08CBCB616.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00135156 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8F4B8A86--8CC2F016D8DE.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00126980 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--08E70AE7--AFC9AF3EC8A8.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00120731 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6288AB55--DDE6F0E5F2A6.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00082853 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--53E9A3D5--3A55BC0737CC.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00080397 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--66322351--BCE68496AB49.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00076609 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--7C388E16--FFC0F92F7D63.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00051514 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--DA97BBE4--F2BFDD1CE675.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00011490 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--5AECF92F--B16326099E29.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00011231 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--E7354045--631C66D2D14A.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00011231 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--60D35C6B--95C45D638CF6.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00007267 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--7357FA20--622A43623767.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00002595 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--26B5CF5B--18456E76F1CF.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00002495 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--45963DFD--9821DFFBC86E.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00001728 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--5E71B9D5--95FF562C1E89.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00783684 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--191CE039--2A0D46073111.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00689223 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--422F459E--6C0A2C30A5C8.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00682747 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FE93C55B--9973E019A8FF.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00553497 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--DC26205F--F1F188155A11.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00538534 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--D1A96793--0FF8B2AA0C4D.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00431696 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--F61E0C3B--DC39A0EF9A62.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00429940 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--77B682D2--7741D52F1942.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00340122 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--83B4442B--C7C936B2B722.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00178293 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--B64D23F1--1D895111185D.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00134494 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--D9831C1F--DF11212D4779.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00134190 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--1187B4D0--9360452B2104.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00132114 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--61451E1B--D4EDB7B0B851.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00079172 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8A42A78C--61A395084834.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00036181 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--346E12B1--C07580F50DB5.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00035419 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--9804D12F--7D276152D6D3.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00027184 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--F6CD1708--AF7B5DABFBEC.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00027173 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--0DD4518D--B07B3FEC9E3B.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00026748 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--6A55861B--E5740B3C8C16.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00026168 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--F7034E1C--E881B9801E74.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00025412 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--E1A5A037--CA91201EABE8.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00024789 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--21FC10FB--FDBED266A65A.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00024600 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--ACB49EA5--D9440D5ABDB2.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00020745 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--1126918C--9889BBBA6A8A.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00019167 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--9BDFDDFD--87088D0D1E61.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00018004 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--33517AA1--370DC9B9E83E.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00017599 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--292E3E0F--E9B3779B006F.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00017381 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--95920C78--938866DF1224.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00017006 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--EA7EB072--515850069628.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00016881 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--539BFAC4--AF47F32CB9DC.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00016786 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--548A743F--68E7AE9ADCEB.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00016768 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--336E932E--C77A55C50628.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00016457 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--6502716D--E4BFDDD1F485.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00016256 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--88D4DB85--0A34537BA6F2.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00015861 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--475AD886--B3F7F153FF27.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00015415 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--4EE3DFF2--5B0DFD50149F.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00015086 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--8982EDAD--85380E2ACCB1.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00015083 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--FB2951FA--4FCBB76E8B5C.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00015056 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--4E01A10E--60043D6C21E9.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00015032 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--64A52427--2244E374BF0F.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00014836 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--A7A8FB15--203A90F60000.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00014445 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--51866086--4E0D331C6EFE.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00014292 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--4BF4685C--8ECAA4C61FEF.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00014275 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--A9E9F7FC--049F6590E54D.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00014274 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--3D170D19--FE57531EB40B.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00014200 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--9D6DFC52--9605D8968F10.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00013867 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--9410CF31--79F5CD842247.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00013788 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--96418AED--D39FC7E41424.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00013733 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--16C53EE0--BFD5A5F49AB7.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00013729 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--36EF7545--60A5FF98B272.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00013724 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--BDBFA006--4BAA516972E0.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00013639 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--5C0DF03A--B9D3FA81DB2B.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00013634 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--E4289FC4--F34A7B2F5DA1.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00013533 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--64E1A65A--2766A5FA3172.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00013479 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--06FD7245--8FF374AD76D5.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00013449 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--A6D8A79F--7180CC3A7DAD.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00011003 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--F12A8B46--EA042587322C.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00010775 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--C4B5D3AB--D7792EC8C906.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00008182 _____ C:\Users\nepta\Downloads\OSIRIS-2136.htm
2017-01-23 18:18 - 2017-01-23 18:18 - 00008182 _____ C:\Users\nepta\Documents\OSIRIS-f4e1.htm
2017-01-23 18:18 - 2017-01-23 18:18 - 00008182 _____ C:\Users\nepta\Desktop\OSIRIS-87bb.htm
2017-01-23 18:18 - 2017-01-23 18:18 - 00008182 _____ C:\Users\nepta\Desktop\OSIRIS-316c.htm
2017-01-23 18:18 - 2017-01-23 18:18 - 00004464 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--BC557CFF--6881409AF076.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00000998 ____N C:\Users\nepta\Documents\346FD420--07CA--C4B7--780B5242--B24D87EB4F88.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00000998 ____N C:\Users\nepta\Documents\346FD420--07CA--C4B7--4D522167--5A556C528ED3.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00000998 ____N C:\Users\nepta\Desktop\346FD420--07CA--C4B7--DCE3683D--B6D0BB1B58ED.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00000998 ____N C:\Users\nepta\Desktop\346FD420--07CA--C4B7--CF0D8F1B--FE2793FFD440.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00000998 ____N C:\Users\nepta\Desktop\346FD420--07CA--C4B7--C975338A--8F03AF0DB140.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00000998 ____N C:\Users\nepta\Desktop\346FD420--07CA--C4B7--B30F2FE0--A7CF49653DE5.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00000998 ____N C:\Users\nepta\Desktop\346FD420--07CA--C4B7--A46F8476--677328F75836.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00000998 ____N C:\Users\nepta\Desktop\346FD420--07CA--C4B7--9AD2C289--57DE3987E6B7.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00000998 ____N C:\Users\nepta\Desktop\346FD420--07CA--C4B7--8CBF759F--6CCDC7F60C66.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00000998 ____N C:\Users\nepta\Desktop\346FD420--07CA--C4B7--8BC15DC4--6EEEF53C5277.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00000998 ____N C:\Users\nepta\Desktop\346FD420--07CA--C4B7--7025ED4C--C244AA01C530.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00000998 ____N C:\Users\nepta\Desktop\346FD420--07CA--C4B7--56BDF080--EEF348D5A5F4.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00000998 ____N C:\Users\nepta\Desktop\346FD420--07CA--C4B7--44615F79--480FBC82C216.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00000998 ____N C:\Users\nepta\Desktop\346FD420--07CA--C4B7--0AF8937C--6491C2C9BA47.osiris
2017-01-23 18:18 - 2017-01-23 18:18 - 00000998 ____N C:\Users\nepta\Desktop\346FD420--07CA--C4B7--0391ABCD--CEB38BB9F5CD.osiris
2017-01-23 18:17 - 2017-01-23 18:17 - 00613148 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--35D4A8D3--3C697EA49556.osiris
2017-01-23 18:17 - 2017-01-23 18:17 - 00069444 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--7ED5E44C--85A2A3106D9A.osiris
2017-01-23 18:17 - 2017-01-23 18:17 - 00035140 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--218827EA--8E42CAC71673.osiris
2017-01-23 18:17 - 2017-01-23 18:17 - 00032539 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--2E77F834--B60347ABDBD7.osiris
2017-01-23 18:17 - 2017-01-23 18:17 - 00028996 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--50FB0733--F3B8585FCDEA.osiris
2017-01-23 18:17 - 2017-01-23 18:17 - 00027273 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--E8BC6052--87AE1E325952.osiris
2017-01-23 18:17 - 2017-01-23 18:17 - 00024900 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--65380C31--87FEF88FD17B.osiris
2017-01-23 18:17 - 2017-01-23 18:17 - 00017599 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A00D5D4D--561A6BA51359.osiris
2017-01-23 18:17 - 2017-01-23 18:17 - 00014467 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--D4C740D4--EB7E50CF1690.osiris
2017-01-23 18:17 - 2017-01-23 18:17 - 00012612 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A52319D2--940FA7236121.osiris
2017-01-23 18:17 - 2017-01-23 18:17 - 00012244 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--D0E08BE5--132E0AAE357C.osiris
2017-01-23 18:17 - 2017-01-23 18:17 - 00008182 _____ C:\Users\nepta\Downloads\OSIRIS-cefc.htm
2017-01-23 18:17 - 2017-01-23 18:17 - 00008182 _____ C:\Users\nepta\Documents\OSIRIS-9db3.htm
2017-01-23 18:17 - 2017-01-23 18:17 - 00000000 ____D C:\Users\nepta\AppData\Local\f1076
2017-01-20 13:52 - 2017-01-23 18:18 - 00000000 ____D C:\Users\nepta\Desktop\Charleston
2017-01-17 14:32 - 2017-01-17 14:39 - 00000000 ____D C:\Users\nepta\Documents\Kitchen
2017-01-15 12:34 - 2017-01-15 12:39 - 00000364 _____ C:\Users\nepta\Downloads\Baked Hash Brown Potatoes
2017-01-12 10:03 - 2017-01-12 10:03 - 00000000 ____D C:\WINDOWS\PCHEALTH
2017-01-11 17:15 - 2017-01-23 18:18 - 00000000 ____D C:\Users\nepta\Desktop\My Story
2017-01-10 13:00 - 2017-01-23 18:42 - 00192283 _____ C:\Users\nepta\Desktop\Charleston.pages
2017-01-04 15:48 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-04 15:40 - 2017-01-04 15:40 - 54199488 _____ (Malwarebytes ) C:\Users\nepta\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-04 15:32 - 2017-01-04 15:32 - 00044952 _____ () C:\WINDOWS\system32\Drivers\staport.sys
2017-01-04 15:31 - 2017-01-18 10:01 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-02 14:24 - 2017-01-02 14:24 - 00000000 ____D C:\quardata
2016-12-29 16:27 - 2016-12-29 16:27 - 00033331 _____ C:\Users\nepta\Desktop\hospitals I can go to if need be.mht
2016-12-22 10:09 - 2016-12-12 02:21 - 00109504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-12-22 10:09 - 2016-12-12 01:48 - 00376592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-22 10:09 - 2016-12-12 01:48 - 00165136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-12-22 10:09 - 2016-12-12 01:42 - 00169912 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-22 10:09 - 2016-12-12 01:40 - 00651864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-22 10:09 - 2016-12-12 01:38 - 00068880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-12-22 10:09 - 2016-12-12 01:04 - 01404328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-22 10:09 - 2016-12-12 01:03 - 01270024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-22 10:09 - 2016-12-12 01:03 - 00074848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-12-22 10:09 - 2016-12-12 01:02 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-22 10:09 - 2016-12-12 00:59 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-12-22 10:09 - 2016-12-12 00:55 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-12-22 10:09 - 2016-12-12 00:47 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-12-22 10:09 - 2016-12-12 00:21 - 00101656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-22 10:09 - 2016-12-11 23:47 - 02924032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-22 10:09 - 2016-12-11 23:46 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-22 10:09 - 2016-12-11 23:44 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-12-22 10:09 - 2016-12-11 23:42 - 05094912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-22 10:09 - 2016-12-11 23:39 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-12-22 10:09 - 2016-12-11 23:34 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-22 10:09 - 2016-12-11 23:33 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2016-12-22 10:09 - 2016-12-11 23:31 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2016-12-22 10:09 - 2016-12-11 23:16 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-22 10:09 - 2016-12-11 23:15 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2016-12-22 10:09 - 2016-12-11 22:46 - 05920256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-22 10:09 - 2016-12-11 22:46 - 03599360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-22 10:09 - 2016-12-11 22:24 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2016-12-22 10:09 - 2016-12-11 22:23 - 19456512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-22 10:09 - 2016-12-11 22:21 - 19085312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-22 10:08 - 2016-12-12 02:21 - 01614552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-22 10:08 - 2016-12-12 02:21 - 01353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-22 10:08 - 2016-12-12 02:21 - 01050896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-22 10:08 - 2016-12-12 02:21 - 00910608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-22 10:08 - 2016-12-12 02:21 - 00127760 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-12-22 10:08 - 2016-12-12 01:45 - 02761200 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-22 10:08 - 2016-12-12 01:44 - 01807184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-22 10:08 - 2016-12-12 01:38 - 01095952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-22 10:08 - 2016-12-12 01:38 - 00987408 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-22 10:08 - 2016-12-12 01:38 - 00015632 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-12-22 10:08 - 2016-12-12 01:23 - 00524560 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-22 10:08 - 2016-12-12 01:03 - 03580928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-22 10:08 - 2016-12-12 01:03 - 00110864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-12-22 10:08 - 2016-12-12 00:51 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2016-12-22 10:08 - 2016-12-12 00:44 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2016-12-22 10:08 - 2016-12-12 00:26 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-12-22 10:08 - 2016-12-12 00:24 - 02311832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-22 10:08 - 2016-12-12 00:23 - 01483352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-22 10:08 - 2016-12-11 23:59 - 01949696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-22 10:08 - 2016-12-11 23:51 - 01533440 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-22 10:08 - 2016-12-11 23:42 - 08642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-22 10:08 - 2016-12-11 23:30 - 24567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-22 10:08 - 2016-12-11 23:16 - 04141056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-22 10:08 - 2016-12-11 23:12 - 24752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-22 10:08 - 2016-12-11 22:25 - 04031488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-21 21:27 - 2016-12-03 09:51 - 00020657 _____ C:\WINDOWS\SysWOW64\license.rtf
2016-12-21 21:27 - 2016-12-03 09:51 - 00020657 _____ C:\WINDOWS\system32\license.rtf
2016-12-21 21:22 - 2016-12-21 21:22 - 00008192 ___SH C:\WINDOWS\system32\config\userdiff.LOG1
2016-12-21 21:22 - 2016-12-21 21:22 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-12-21 21:22 - 2016-12-21 21:22 - 00000000 ___SH C:\WINDOWS\system32\config\userdiff.LOG2
2016-12-21 21:22 - 2016-12-21 21:22 - 00000000 ____D C:\WINDOWS\system32\Microsoft
2016-12-21 21:22 - 2016-12-21 19:28 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-12-21 20:06 - 2016-12-21 20:06 - 00000000 ____D C:\Users\nepta\AppData\Local\DBG
2016-12-21 19:58 - 2016-12-21 19:58 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-21 19:56 - 2016-12-21 19:56 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-12-21 19:54 - 2016-12-21 19:54 - 00000174 ___SH C:\Users\nepta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-21 19:54 - 2016-12-21 19:54 - 00000020 ___SH C:\Users\nepta\ntuser.ini
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default\Templates
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default\Start Menu
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default\SendTo
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default\Recent
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default\PrintHood
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default\NetHood
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default\My Documents
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default\Local Settings
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default\Cookies
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default\Application Data
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default\AppData\Local\Temporary Internet Files
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default\AppData\Local\History
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default\AppData\Local\Application Data
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Temporary Internet Files
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default User\AppData\Local\History
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Application Data
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\ProgramData\Templates
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\ProgramData\Start Menu
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\ProgramData\Documents
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\ProgramData\Desktop
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 _SHDL C:\ProgramData\Application Data
2016-12-21 19:52 - 2016-12-21 19:52 - 00000000 ____D C:\ProgramData\USOShared
2016-12-21 19:49 - 2016-12-21 19:51 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-12-21 19:49 - 2016-12-21 19:51 - 00007623 _____ C:\WINDOWS\diagerr.xml

41
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 04:40:11 PM »
Here is the Addition:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by nepta (administrator) on WIN-9VDBKK3EQVE (24-01-2017 14:27:19)
Running from C:\Users\nepta\Downloads
Loaded Profiles: nepta (Available Profiles: nepta)
Platform: Windows 10 Pro Insider Preview Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [670992 2016-12-03] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [Xmarks] => C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe [1178680 2014-11-06] (Xmarks.com)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [*yqxemyqtyq<*>] => "C:\Users\nepta\AppData\Local\f1076\0380a.bat" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\MountPoints2: {edf8497a-1cec-11e5-b697-d0df9ade1364} - "J:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\nepta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-10-26]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6ff00289-07bc-4525-b980-f42fe61bf48b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b032e560-a487-42e4-87fd-5ee82da6afb3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.charter.net/
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001 -> DefaultScope {DC97778D-7A6D-49A2-AD94-DB64E8FCFD01} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001 -> {DC97778D-7A6D-49A2-AD94-DB64E8FCFD01} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-22] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-22] (Google Inc.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default [2017-01-24]
CHR Extension: (Google Slides) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-13]
CHR Extension: (Google Docs) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-13]
CHR Extension: (Google Drive) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-13]
CHR Extension: (YouTube) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-13]
CHR Extension: (Google Search) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-13]
CHR Extension: (Adobe Acrobat) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-20]
CHR Extension: (Google Sheets) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Gmail) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-13]
CHR Extension: (Chrome Media Router) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2255064 2015-08-27] (Broadcom Corporation.)
S3 DevicesFlowUserSvc; C:\WINDOWS\System32\DevicesFlowBroker.dll [785920 2016-12-03] (Microsoft Corporation)
S3 DevicesFlowUserSvc_53d50; C:\WINDOWS\system32\svchost.exe [41856 2016-12-03] (Microsoft Corporation)
S3 DevicesFlowUserSvc_53d50; C:\WINDOWS\SysWOW64\svchost.exe [35128 2016-12-03] (Microsoft Corporation)
R2 DusmSvc; C:\WINDOWS\System32\dusmsvc.dll [289280 2016-12-03] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S3 IpxlatCfgSvc; C:\WINDOWS\System32\IpxlatCfg.dll [67584 2016-12-03] (Microsoft Corporation)
S3 NaturalAuthentication; C:\WINDOWS\System32\NaturalAuth.dll [226304 2016-12-03] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
S3 PrintWorkflowUserSvc; C:\WINDOWS\System32\Windows.Graphics.Internal.Printing.Workflow.dll [164352 2016-12-03] (Microsoft Corporation)
S3 PrintWorkflowUserSvc; C:\WINDOWS\SysWOW64\Windows.Graphics.Internal.Printing.Workflow.dll [122880 2016-12-03] (Microsoft Corporation)
R3 PrintWorkflowUserSvc_53d50; C:\WINDOWS\system32\svchost.exe [41856 2016-12-03] (Microsoft Corporation)
R3 PrintWorkflowUserSvc_53d50; C:\WINDOWS\SysWOW64\svchost.exe [35128 2016-12-03] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-26] (Realtek Semiconductor)
R2 SecurityHealthService; C:\WINDOWS\system32\SecurityHealthService.exe [192272 2016-12-03] (Microsoft Corporation)
S3 SEMgrSvc; C:\WINDOWS\system32\SEMgrSvc.dll [1231360 2016-12-03] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3385120 2016-12-03] (Microsoft Corporation)
S3 spectrum; C:\WINDOWS\system32\spectrum.exe [1177600 2016-12-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [349632 2016-12-03] (Microsoft Corporation)
R2 WebUpdate4; C:\WINDOWS\SysWOW64\WebUpdateSvc4.exe [262360 2008-09-15] (Data Perceptions / PowerProgrammer)
S3 WFDSConMgrSvc; C:\WINDOWS\System32\wfdsconmgrsvc.dll [547840 2016-12-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [97032 2016-12-03] (Microsoft Corporation)
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1270784 2016-12-03] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2015-08-27] (Broadcom Corporation.)
R2 CldFlt; C:\WINDOWS\System32\drivers\cldflt.sys [225792 2016-12-03] (Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 mausbhost; C:\WINDOWS\System32\drivers\mausbhost.sys [266000 2016-12-03] (Microsoft Corporation)
S3 mausbip; C:\WINDOWS\System32\drivers\mausbip.sys [45840 2016-12-03] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [104960 2016-12-03] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_16f6c9b501baeb7d\nvlddmkm.sys [13754936 2016-08-24] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 pmem; C:\WINDOWS\System32\drivers\pmem.sys [98304 2016-12-03] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2016-12-03] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [26896 2016-12-03] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-07-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-22] (Synaptics Incorporated)
S3 SpatialGraphFilter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [30480 2016-12-03] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [40768 2016-12-03] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [285968 2016-12-03] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117008 2016-12-03] (Microsoft Corporation)
S3 WinNat; C:\WINDOWS\System32\drivers\winnat.sys [206336 2016-12-03] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
U0 aswVmm; no ImagePath
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X]
S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys B6B5715C00CDAF6EA8FCE10192C0DD60
C:\WINDOWS\System32\drivers\3ware.sys 875409FBC36CA23E29CB374297521777
C:\WINDOWS\System32\drivers\ACPI.sys 95336F4BCB3A656F12EE4416D52C3CE0
C:\WINDOWS\System32\drivers\AcpiDev.sys 3A632ABDB610D7A5F67D6BD9008DADD3
C:\WINDOWS\System32\Drivers\acpiex.sys D8BE8561D707673B733D9F4766E3824B
C:\WINDOWS\System32\drivers\acpipagr.sys D8913EDFFBFAF0A1F0167868059A23AB
C:\WINDOWS\System32\drivers\acpipmi.sys BB6E0D8E9A3CAE0BB3C2EF25F5FF1023
C:\WINDOWS\System32\drivers\acpitime.sys 97589768A7EC21C5774128B285C3F921
C:\WINDOWS\System32\drivers\ADP80XX.SYS 31530EEA17C1014C23C2E33E4292C3FF
C:\WINDOWS\system32\drivers\afd.sys 217DD7520639EF4AD4E15CDA0ECB4A3E
C:\WINDOWS\System32\DRIVERS\ahcache.sys 2776F121DFB81C3894331DF5093736D1
C:\WINDOWS\System32\drivers\amdk8.sys 22D6FDBBF1963C80534EAD13C9F3AE18
C:\WINDOWS\System32\drivers\amdppm.sys 9FC614D6962567A7E1950E136A388678
C:\WINDOWS\System32\drivers\amdsata.sys F2C0602DE431E8AD783F66CD9CEFB728
C:\WINDOWS\System32\drivers\amdsbs.sys 1556369EAEAF5E534CD67D445829925A
C:\WINDOWS\System32\drivers\amdxata.sys A6BAEFC3A4B4AED1F8130F27D4F5E370
C:\WINDOWS\System32\drivers\appid.sys 9A15CB990F7BAA046632DB21AFAA1BC4
C:\WINDOWS\System32\drivers\applockerfltr.sys C3D21A9CE7397931566A7781EB97E5F8
C:\WINDOWS\system32\drivers\AppvStrm.sys 4645CC07F4B2A034384E82CCDA905573
C:\WINDOWS\system32\drivers\AppvVemgr.sys E397604A8B0A5ED7D960C68E618817A4
C:\WINDOWS\system32\drivers\AppvVfs.sys 13D8FEC773D0D3234B5B2789030D6B75
C:\WINDOWS\System32\drivers\arcsas.sys 968443EAC4643519ADFA713B42ED414C
C:\WINDOWS\System32\drivers\asyncmac.sys C11B04E361FCE65D9730B25B4EA86E72
C:\WINDOWS\System32\drivers\atapi.sys BC39F6DF7FD82AD5E8FF5EFBC3882130
C:\WINDOWS\System32\drivers\bxvbda.sys BEC4B9C505737EAFF327CFB5CBD76048
C:\WINDOWS\System32\drivers\BasicDisplay.sys 718C5E816C288B9C426718B9D8A9C883
C:\WINDOWS\System32\drivers\BasicRender.sys 13B89D39D2EBDCC2EDF066BF0EABE2E9
C:\WINDOWS\system32\drivers\bcbtums.sys F8FE7E12F8151E0A17C23CF840599F9A
C:\WINDOWS\system32\DRIVERS\bcmwl664.sys FDE8C8DC07E75347E4C6B455A0964217
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys 4635413B72423030CF6962DCFD078430
C:\WINDOWS\System32\DRIVERS\bowser.sys 9DFD75818DD3FDD3E989BADD749996B0
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys 2536718E0B1D168BC1283032163A97B3
C:\WINDOWS\System32\drivers\BthEnum.sys DDEBAE05DC7AC00B47E8C9F19217AEAE
C:\WINDOWS\System32\drivers\bthhfenum.sys ED60A6ECD139BCEF3DD6170489FD5184
C:\WINDOWS\System32\drivers\BthHFHid.sys E39D84CC157AD271560E83C4C1F0B102
C:\WINDOWS\System32\drivers\bthmodem.sys 8C9492F148DFC92AD1683013CA52EB53
C:\WINDOWS\System32\drivers\bthpan.sys 4B097C3C8300C08875768E0D472AB3CB
C:\WINDOWS\system32\DRIVERS\BTHport.sys 437F5778BF1A0F14E56A4D9892B51950
C:\WINDOWS\system32\DRIVERS\BTHUSB.sys 6351C549E5E41C8C6D77926AFA91EA4C
C:\WINDOWS\system32\DRIVERS\btwampfl.sys BC279FCEE9FC8CBF991D5DE539771AA9
C:\WINDOWS\System32\drivers\buttonconverter.sys 841C2C25A31E1ECCE8D7B808522A8CF6
C:\WINDOWS\System32\drivers\capimg.sys 1534B7D9B3B1459E6D0D7941FB47208B
C:\WINDOWS\System32\DRIVERS\cdfs.sys 00F971E30B396F9B5D93A56828D96917
C:\WINDOWS\System32\drivers\cdrom.sys 3326B6FDAD21619AB0FE860158D01D42
C:\WINDOWS\System32\drivers\cht4sx64.sys 6A4453CD310F86CC34E8F011E8C9D2FA
C:\WINDOWS\System32\drivers\cht4vx64.sys C4AE64F58E33B3F2093002F410388980
C:\WINDOWS\System32\drivers\circlass.sys E24A0C159528B3B0C49212F7971B5723
C:\WINDOWS\System32\drivers\cldflt.sys A8EBE359474FDF6ABBAF81BA62657042
C:\WINDOWS\System32\drivers\CLFS.sys DCF7D8A57B05656A833657E1D1755C30
C:\WINDOWS\System32\drivers\registry.sys 443B5094DEC7EC7FF40B6C326B26A312
C:\WINDOWS\System32\drivers\CmBatt.sys 14E734125C318DC506479E3A5C1BE0F5
C:\WINDOWS\System32\Drivers\cng.sys A6D7985026AE7D9F0B0097E4A3CF6768
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys 06C1D9A26A9F3E02A513CFF40F719C50
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_f06bcc22f978b867\CompositeBus.sys 1DD6C63B2E0FC1A3E455FB529607CD64
C:\WINDOWS\System32\drivers\condrv.sys 023B6318EA32B936155DE481ABA24962
C:\WINDOWS\System32\drivers\csc.sys 46EA67C969153A3BB1BA3928EBEC0995
C:\WINDOWS\System32\drivers\dam.sys C4613B7DAA6FC3CFA7C490BEE247C157
C:\WINDOWS\System32\drivers\dc3d.sys A4700D1F78539C0ED32FA50E64F9C692
C:\WINDOWS\System32\Drivers\dfsc.sys BDBB66C12EF1BE875ACA3AFD4B2ECC72
C:\WINDOWS\System32\drivers\disk.sys 5B365E6526128C5E86DB99B10AB966B6
C:\WINDOWS\System32\drivers\dmvsc.sys 93700A6E954248CAFCF3CCA1C5749867
C:\WINDOWS\system32\DRIVERS\drmkaud.sys 7D6FF0451F078AB756A11509558BCE7C
C:\WINDOWS\System32\drivers\dxgkrnl.sys 549A202BCF0B53B2969EA856E055900C
C:\WINDOWS\System32\drivers\evbda.sys D940068F290A8121A07C8C24A1BB19F1
C:\WINDOWS\System32\drivers\EhStorClass.sys 6B404F92034152BA0B1DC9A55F0649E4
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys 875505AD1ADF8EECA073CCABAAA1526C
C:\WINDOWS\System32\drivers\errdev.sys 4DBA7C262EED0B87AD67771B6DE1E03C
C:\WINDOWS\system32\drivers\mbae64.sys 4D7F3114147C31390262F19F74E5BF07
C:\Windows\System32\Drivers\exfat.sys F7F83B31733860E3E9E34F7C96D291D7
C:\Windows\System32\Drivers\fastfat.sys 1161C5EDFF4BF8A4319FC144172C458E
C:\WINDOWS\System32\drivers\fdc.sys B5F2F1F61B9A8534708F43954D526481
C:\WINDOWS\System32\drivers\filecrypt.sys B3CD1CFC649E1A3298FB8D99D464045D
C:\WINDOWS\System32\drivers\fileinfo.sys 0C75FC03C55CA6D26F6F027EFCC73769
C:\WINDOWS\System32\drivers\filetrace.sys 70EAC8A8C13E69EC5DF6B344B21EA24D
C:\WINDOWS\System32\drivers\flpydisk.sys 627A07E4CF086632BBB325588EDAC0AD
C:\WINDOWS\System32\drivers\fltmgr.sys AC56045957799AC1C8EB9CEC641D6147
C:\WINDOWS\System32\drivers\FsDepends.sys 6F73FE32863AA4F0B9222389D6A8E044
C:\Windows\System32\Drivers\Fs_Rec.sys 3EC807A07934C95077E62C6EA2A06636
C:\WINDOWS\System32\DRIVERS\fvevol.sys BF70A88CCF6DF97DDEFB375C56E8492D
C:\WINDOWS\System32\drivers\vmgencounter.sys B634E32D9894147B5E05DF781BA2EBAA
C:\WINDOWS\System32\drivers\genericusbfn.sys B836FCD5C45BB4B95EE5AF02A75FBDDD
C:\WINDOWS\System32\Drivers\msgpioclx.sys 0014F0AAAF2D666C569DC3AA2FF7DD45
C:\WINDOWS\System32\drivers\gpuenergydrv.sys B085C3B3256463356B1EFB2574173282
C:\WINDOWS\System32\drivers\HDAudBus.sys AD1082CB4FE6AE6D163FE6B92E6B4BC8
C:\WINDOWS\System32\drivers\HidBatt.sys E18BB39E08874EEC7D2B9E34FDA09FF6
C:\WINDOWS\System32\drivers\hidbth.sys FFFC6F090DA53EBD38A0CAC61B0F3FAC
C:\WINDOWS\System32\drivers\hidi2c.sys 8F4B64D8AE358A50B3B31F934ED6A241
C:\WINDOWS\System32\drivers\hidinterrupt.sys 809F0A23BBD32641012953DF5A1CE27A
C:\WINDOWS\System32\drivers\hidir.sys A78FDE4C933EA4C667BA5E42C2E8A1B1
C:\WINDOWS\System32\drivers\hidusb.sys 61C3E77887741C6800A2BB6BC4589909
C:\WINDOWS\System32\drivers\HpSAMD.sys FC822C522317C49CAF67013F2750F17B
C:\WINDOWS\System32\drivers\HTTP.sys B32F5042676694CF6E0411D501EC9B9D
C:\WINDOWS\System32\drivers\hvservice.sys A9F9A493C8C68EA94E607902B28A392D
C:\WINDOWS\System32\drivers\hwpolicy.sys 25DED6F0F6F13B7D97DD1390C7F22774
C:\WINDOWS\System32\drivers\hyperkbd.sys F861829049889EEA6EAFB02D1153732F
C:\WINDOWS\System32\drivers\i8042prt.sys 10E4EFB8E9EB9BC677582CE72FE7C826
C:\WINDOWS\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\WINDOWS\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 5A0E850F8CD17791A3E6A3CF81D0CA28
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 7508F1096803385D6376BFD0BD473AC4
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys 32FEF09BB643359B2DEEECF66F8708A7
C:\WINDOWS\System32\drivers\iaStorV.sys 914AA50F695598D85CD8256FD1AE960C
C:\WINDOWS\System32\drivers\ibbus.sys AF9B316F26E46D0830919CFCD2AB6FC3
C:\WINDOWS\System32\drivers\IndirectKmd.sys C18F478D8EA5BD8487250BCAC6C551B3
C:\WINDOWS\system32\drivers\RTKVHD64.sys 622868E4BAE8FBCD22CB1A5901A2C824
C:\WINDOWS\System32\drivers\intelide.sys A2705BE3B67CCFCF6D28DD5BAE57B5F8
C:\WINDOWS\System32\drivers\intelpep.sys 6F4517610E2889C578759DBDE9C44356
C:\WINDOWS\System32\drivers\intelppm.sys 16CFC91A9A0B11F1116FC72FC41E135A
C:\WINDOWS\System32\drivers\iorate.sys F1D847EFB9543A115911F19956B7BD3C
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 90B5AF4E960EE80F5CFEB43B5F8768E7
C:\WINDOWS\System32\drivers\IPMIDrv.sys 1E0B4530D1E44F4397B4BB1175D2CD70
C:\WINDOWS\System32\drivers\ipnat.sys 1C130E6E94B89DA57B35D20A36F5CC6B
C:\WINDOWS\system32\drivers\irda.sys DEB565D690F5D6F88F02CBCAE31A6E97
C:\WINDOWS\System32\drivers\irenum.sys 8A76A5A0AA00378BAE36A84C914B5BD7
C:\WINDOWS\System32\drivers\isapnp.sys 25F1B9685BB538F53E729882BA0F48B1
C:\WINDOWS\System32\drivers\msiscsi.sys 32E401731761379FC51BA90C7CF35FE3
C:\WINDOWS\System32\drivers\kbdclass.sys C87CEBC21AAB4BFD6B47097D5E94DE18
C:\WINDOWS\System32\drivers\kbdhid.sys AE7D99D84F1A1EB6E32D5BB7229F88C6
C:\WINDOWS\System32\drivers\kdnic.sys 8EA16E8BEC49D6C045C28838CFEE6279
C:\WINDOWS\System32\Drivers\ksecdd.sys BB10E8405232B48A8E9ED82159D7236C
C:\WINDOWS\System32\Drivers\ksecpkg.sys F35B5ADE0858AFC13EB92B09A0536AFC
C:\WINDOWS\system32\drivers\ksthunk.sys 0EB4F71957F4BFB33DE4DEC9453A4E3E
C:\WINDOWS\System32\drivers\lltdio.sys 01752F1B760656EBF1B0C4A80205098F
C:\WINDOWS\System32\drivers\lsi_sas.sys A79C806DF3DAE4A385E63D7DC27D7313
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 0E904AFB58B956D72DDD25FE48545CA2
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 04B6B6746EAD66521F021FA267A0D555
C:\WINDOWS\System32\drivers\lsi_sss.sys E08CD60062BEF59149CDBC579CC3B483
C:\WINDOWS\system32\drivers\luafv.sys 6265EAF9AE76D31C64CED58883EA021B
C:\WINDOWS\System32\drivers\mausbhost.sys B0EF5FCC4237E9FE485BE88257018C50
C:\WINDOWS\System32\drivers\mausbip.sys EBD6159C8F7D9AEC041F74851EF49A44
C:\WINDOWS\System32\drivers\megasas.sys 738A822D8ADC4FF1A2D8911AF08F59B2
C:\WINDOWS\System32\drivers\MegaSas2i.sys A886AA5C5CB14F23CA7ED0D3E497E369
C:\WINDOWS\System32\drivers\megasr.sys 67F7CE18F38F8CA31E7F6A42649ED4F8
C:\WINDOWS\System32\drivers\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\WINDOWS\System32\drivers\mlx4_bus.sys 9B3C67248229D35B2238B1B763A42EA4
C:\WINDOWS\system32\drivers\mmcss.sys 30FC7CA681F154F460BAE577C14F0DB2
C:\WINDOWS\System32\drivers\modem.sys BE1F753C48FC23B93BDABCCA320DE81E
C:\WINDOWS\System32\drivers\monitor.sys 3FC3EFE54A6C2C9F6D3FDD6539C4BB26
C:\WINDOWS\System32\drivers\mouclass.sys A400E64627BC1505EA2F2CDBFC86FAB3
C:\WINDOWS\System32\drivers\mouhid.sys AD5A4D65A968AEBCAAD05454F7BFE96A
C:\WINDOWS\System32\drivers\mountmgr.sys 05840C86A221C2A7E6755AB145366EB2
C:\WINDOWS\System32\drivers\mpsdrv.sys B5D78625FD7DBF065B0C5B1406DC0384
C:\WINDOWS\system32\drivers\mrxdav.sys B9919496D6DCFFAB2A77C929AD287613
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys B572A4275354104AFC02DAB009E5B4F6
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys B04B378637F655DA09F0E23B170D47A4
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 1ABDF9C902B027C2C2E6686FAE96173D
C:\WINDOWS\System32\drivers\bridge.sys 4FB1266788E8E08570655521791466C8
C:\Windows\System32\Drivers\Msfs.sys 0261F991B8FE3BE5864FC0C6BF27CC0C
C:\WINDOWS\System32\drivers\msgpiowin32.sys 6D1E26845AC230E09CBB0B8409072509
C:\WINDOWS\System32\drivers\mshidkmdf.sys 7C095521AE1BD263FF8F2BCF81492C1B
C:\WINDOWS\System32\drivers\mshidumdf.sys A723C5C371495DEF4FBC2BB8826DBEF7
C:\WINDOWS\System32\drivers\msisadrv.sys D2C2193399B1CF395DE8DBC72AFD4762
C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys AF3B513D4AF183DC05DDE30E155AC9D1
C:\WINDOWS\System32\drivers\mslldp.sys 5D82D59B7CB42D5BB7CB90D4E26A37E4
C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys 80940E4E2D69C5F2EC765FF096D27062
C:\WINDOWS\system32\DRIVERS\MSPQM.sys CD1EA1109A70F207EBF2FD2D03314DD9
C:\Windows\System32\Drivers\MsRPC.sys 7F049F7F19F8376FC36D76A64B41A017
C:\WINDOWS\System32\drivers\mssecflt.sys 203F2FB1B247D732B7106239C954E851
C:\WINDOWS\System32\drivers\mssmbios.sys D4922AA75C7022C38D113FD235384A4F
C:\WINDOWS\system32\DRIVERS\MSTEE.sys F79CA7DD2CD9C9D9B91C450F1C7321B2
C:\WINDOWS\System32\drivers\MTConfig.sys 5C5F6CA9C06981C8099F7B299E89CF32
C:\WINDOWS\System32\Drivers\mup.sys 7E1E28C38F1BA8F0C79C29A9E155A90A
C:\WINDOWS\System32\drivers\mvumis.sys 014979DF493D1371FC9AFC8012DC0545
C:\WINDOWS\System32\DRIVERS\nwifi.sys 531A48B861C8F999E9749F4DE0171841
C:\WINDOWS\System32\drivers\ndfltr.sys EAE693008ED94FBF5FE1A73220E9A8C8
C:\WINDOWS\System32\drivers\ndis.sys E03308F839E2753CE6494DFF3BAD500B
C:\WINDOWS\System32\drivers\ndiscap.sys 0DAE7E8D362CE0097CF40DA32283FDB9
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 5B6D6225F69BAA58C765CB65EEF43A1E
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 2EBB613CD5743A6A49236E823F4053AC
C:\WINDOWS\System32\drivers\ndisuio.sys 076A1A0A0F18D6D003BB79F32097412B
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys 7AF21637D3C55524A4D8FE858D9194AA
C:\WINDOWS\System32\drivers\ndiswan.sys BB02978ADE135A9FA5C440577C186BFE
C:\WINDOWS\System32\DRIVERS\ndiswan.sys BB02978ADE135A9FA5C440577C186BFE
C:\WINDOWS\System32\DRIVERS\NDProxy.sys DD0DDA216AFE98F51BB0DCBF68B93063
C:\WINDOWS\System32\drivers\Ndu.sys 2BB247904B1A1A95F77D34E785BFBD49
C:\WINDOWS\System32\drivers\NetAdapterCx.sys 43B86F4F98DC6C6E942304FB360AC316
C:\WINDOWS\System32\drivers\netbios.sys 2E25D3C2E1F3FF75F489009988120CA2
C:\WINDOWS\System32\DRIVERS\netbt.sys 12641C55E0E7C5D2268A9826E362D818
C:\Windows\System32\Drivers\Npfs.sys 92FF25B3FCE4FB33DD4A3B797758E524
C:\WINDOWS\System32\drivers\npsvctrig.sys 1E114C1228585073A23FA11486ACE810
C:\WINDOWS\System32\drivers\nsiproxy.sys E043F6560A2C8C1D1FFD4B51670057F5
C:\Windows\System32\Drivers\NTFS.sys 012905E46BD1FAEDC5DA2DC24CC5865B
C:\Windows\System32\Drivers\Null.sys 08A773F4D6C0C8C1A6E1FD8BB4765BB1
C:\WINDOWS\system32\drivers\nvhda64v.sys 705386E3D1D814B974FFA4BE996C2B19
C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_16f6c9b501baeb7d\nvlddmkm.sys CC2128714FAF80CBE743C2BE2FC8D5DF
C:\WINDOWS\System32\drivers\nvraid.sys 167F46E17590CF61A0BCE89DFFF360A7
C:\WINDOWS\System32\drivers\nvstor.sys 55E3079ACED5A68E845623A2776CDA02
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 60C9EC53F9CFBFBE38E9C79B88A6B19F
C:\WINDOWS\system32\drivers\nvvad64v.sys 35DFC12FD7E44B7CB8CCD7E5A2B3975A
C:\WINDOWS\System32\drivers\parport.sys 2925C723017C8445E8646678C28CFACE
C:\WINDOWS\System32\drivers\partmgr.sys 3E02EEB83F84896E38CC49E2E9588350
C:\WINDOWS\System32\drivers\pci.sys AD6F3A9765BD338CDB650A4BFE2B2CEA
C:\WINDOWS\System32\drivers\pciide.sys D9D3431CCD13BBD40B999EF1831FD665
C:\WINDOWS\System32\drivers\pcmcia.sys 2C7FF889F326AE2CF5010A3AB7D51CC7
C:\WINDOWS\System32\drivers\pcw.sys E2B6F68067142CA8CD72706278CD31CB
C:\WINDOWS\System32\drivers\pdc.sys 4F9E0A266C6CF21006979E4EB9D984EB
C:\WINDOWS\System32\drivers\peauth.sys 8512FBA31C6CFCD5BD27F4E7DD97E885
C:\WINDOWS\System32\drivers\percsas2i.sys FB21E4CE28062F467C763FA9DED65A1A
C:\WINDOWS\System32\drivers\percsas3i.sys F029FE8E9A4CF37AE4A88B6FDC40D7C5
C:\WINDOWS\System32\drivers\pmem.sys 928DB776F95A674E78ECDF73AA69C0F3
C:\WINDOWS\System32\drivers\raspptp.sys E499A4CDF79A43C7859071C2A019ABD9
C:\WINDOWS\System32\drivers\processr.sys 0698E158307B39E789B72F24761EE6BC
C:\WINDOWS\System32\drivers\pacer.sys 1558C63AA19AD27BB4A629A50E6D2608
C:\WINDOWS\system32\drivers\qwavedrv.sys 068B1CF6A6D3B8D056C88887AEC5B282
C:\WINDOWS\System32\DRIVERS\rasacd.sys 20640EE38085414F696581C8D7B365EB
C:\WINDOWS\System32\drivers\AgileVpn.sys 6BED76071338740585A37AF937340934
C:\WINDOWS\System32\drivers\rasl2tp.sys 8F077329CD1A4F6EAD50C9D9D5CD5034
C:\WINDOWS\System32\DRIVERS\raspppoe.sys CACE4D4673E9BA77F2C07E549F2189CB
C:\WINDOWS\System32\drivers\rassstp.sys 9498178B4481D1079D507A3385ED35B4
C:\WINDOWS\System32\DRIVERS\rdbss.sys C04C096DF6E45148C02FA30E1D68FF04
C:\WINDOWS\System32\drivers\rdpbus.sys 6DE67E8A3039E1B64D637B16D114EC95
C:\WINDOWS\System32\drivers\rdpdr.sys 62275196A6C88985F9AC6C107FDB01FF
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 1A3841ED296BB396C66C0A17E6D7DE8C
C:\WINDOWS\System32\drivers\rdyboost.sys 6F0382CEB29982B328F0E0FD7F996872
C:\Windows\System32\Drivers\ReFSv1.sys 599C3BDDF8477106F6E2F88B94C8B9A5
C:\WINDOWS\System32\drivers\rfcomm.sys E0B672E986F8550E3AC6C27510A3F6F6
C:\WINDOWS\System32\drivers\rspndr.sys 43B1CA9B33BDC2F1437F6ADD93516FC5
C:\WINDOWS\System32\drivers\rt640x64.sys AB7C0639DF052528C2CB06D0EAE115EC
C:\WINDOWS\System32\drivers\vms3cap.sys 4CC386DC5C3495BF837368A9D279D562
C:\WINDOWS\System32\drivers\sbp2port.sys E8490BF2C3E83FE8428F6FD5CF8360F1
C:\WINDOWS\System32\DRIVERS\scfilter.sys E280477F80D08A5835F3549DCF561490
C:\WINDOWS\System32\drivers\scmbus.sys 2F71968C12A7AFBEC62285BC9D6E3D55
C:\WINDOWS\System32\drivers\sdbus.sys 6A7433CE0071F0A171456613CBFD2817
C:\WINDOWS\System32\drivers\SDFRd.sys 26D76101B30E33DF3D2ED598776FD942
C:\WINDOWS\System32\drivers\sdstor.sys D8B200F1E1355088F160658261D8E72C
C:\WINDOWS\System32\drivers\SerCx.sys A6ABADF8AFECB9611A057EF53DE0AD8E
C:\WINDOWS\System32\drivers\SerCx2.sys 32F45508C994968075AD9A1B708B3A9C
C:\WINDOWS\System32\drivers\serenum.sys 8EAE634879262ABCA59C3EA6596CD240
C:\WINDOWS\System32\drivers\serial.sys 2B8B5CA027B4B338AD28AA34AD38F69F
C:\WINDOWS\System32\drivers\sermouse.sys 370344596044213E4FA42099B96BAD3B
C:\WINDOWS\System32\drivers\sfloppy.sys 96318788468672BFD67E75FD8C24FB79
C:\WINDOWS\System32\drivers\SiSRaid2.sys 7BC97CD775A4D1C6BB4EF5B657798690
C:\WINDOWS\System32\drivers\sisraid4.sys 8E49013D06FBEB7531B2922206D069F0
C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys C584D941C2F915B27FAEE9B407744641
C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys 8A6571231D93C08434A56E19E33A35CB
C:\WINDOWS\System32\drivers\spaceport.sys 58719C907CEFAA0BE2CFA1423A251FE9
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys 9D32663DDDDA8A8BD717ABFF89093F9A
C:\WINDOWS\System32\drivers\SpbCx.sys 06C9DFCC4E40FBBC0CE2B977BB1000DE
C:\WINDOWS\System32\DRIVERS\srv.sys C68D9F5492A01132B5CA53FE5062128E
C:\WINDOWS\System32\DRIVERS\srv2.sys 5595589455D9F3E4790021F51DB0893C
C:\WINDOWS\System32\DRIVERS\srvnet.sys E77E4A6B29A897A39F97CCBDF81EB700
C:\WINDOWS\System32\drivers\stexstor.sys A132FD7C7339648CF4429EA79BE8346B
C:\WINDOWS\system32\DRIVERS\serscan.sys 57119780A42B5E364065310E94522D2D
C:\WINDOWS\System32\drivers\storahci.sys 2179E507BAF874D7221F1C869A10DE33
C:\WINDOWS\System32\drivers\vmstorfl.sys EB4996D50E108AB4B9F74D14B13205DB
C:\WINDOWS\System32\drivers\stornvme.sys 9EAE58FB4026EC686620D73AC25ED4A1
C:\WINDOWS\System32\drivers\storqosflt.sys 448D59AE6060D1F799738C4E06522243
C:\WINDOWS\System32\drivers\storufs.sys B33FFB7BC1834724CF16C1B27B413ED7
C:\WINDOWS\System32\drivers\storvsc.sys 5F4715C5159296DCE43D6196DBBFDBA7
C:\WINDOWS\System32\drivers\swenum.sys C4B244287121CB158BD674ECCB45F8F5
C:\WINDOWS\System32\drivers\Synth3dVsc.sys 42BB0E1CFE497D09F5758F4FC900573C
C:\WINDOWS\System32\drivers\tcpip.sys 4D9D24AB87B8119CDBED2A12B2A0F095
C:\WINDOWS\System32\drivers\tcpip.sys 4D9D24AB87B8119CDBED2A12B2A0F095
C:\WINDOWS\System32\drivers\tcpipreg.sys 1ADEB608E059B37280C7D17F4F09DA37
C:\WINDOWS\system32\DRIVERS\tdx.sys D508F0FE80E6F59D022B426C60795E49
C:\WINDOWS\System32\drivers\terminpt.sys 0DE58AE90E69A196A7571B875A2AB8DE
C:\WINDOWS\System32\drivers\tpm.sys 8E5712E9D65316D999772EB13415C20F
C:\WINDOWS\System32\drivers\tsusbflt.sys 8DDEA98ACA8E03F71F666466FA17A81A
C:\WINDOWS\System32\drivers\TsUsbGD.sys B99F97056B726D8A9F582020E27861CF
C:\WINDOWS\System32\drivers\tsusbhub.sys 310CC5A9E6FDDD268D6C677B89AAFC2B
C:\WINDOWS\System32\drivers\tunnel.sys 30EC43B7776AF44BB1AFC6BE112EF089
C:\WINDOWS\System32\drivers\uaspstor.sys 0954B446EA35655C9727A8113ADAA1AD
C:\WINDOWS\System32\Drivers\UcmCx.sys 3DBDBFE349B5B577218825C3F52D8168
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 752A47B3F73FA656D11669CCD606D158
C:\WINDOWS\System32\drivers\UcmUcsi.sys AE31318FA016E346EE987BBBDEFA7B57
C:\WINDOWS\System32\drivers\ucx01000.sys 6D6D06DB7D994CCE6DDD968FD1532EFA
C:\WINDOWS\System32\drivers\udecx.sys 9DBCA53B2C2F94DC2C9A806752433923
C:\WINDOWS\System32\DRIVERS\udfs.sys 74F73DE6E9D1EB5AD11E053F2B3FA18B
C:\WINDOWS\System32\drivers\UEFI.sys 7C9B307F84B41692044EFECB5467EF96
C:\WINDOWS\system32\drivers\UevAgentDriver.sys EB2867BF0CBCFE2D74BC0FC70A1606C5
C:\WINDOWS\System32\drivers\ufx01000.sys E6FCBE7C9BD4A0FB2F692F1919D4B8C9
C:\WINDOWS\System32\drivers\UfxChipidea.sys A6A16F7A5AFCEE786460843D536A9F54
C:\WINDOWS\System32\drivers\ufxsynopsys.sys 2719170C42543484884180F832930557
C:\WINDOWS\System32\drivers\umbus.sys 7CB8B57B6523B9065E9DCFA25D83C8CB
C:\WINDOWS\System32\drivers\umpass.sys DAD50661FBF85D0CE3BFE6B89196D4E2
C:\WINDOWS\System32\drivers\urschipidea.sys 45360850AC69499211FD75ADAD91AB1C
C:\WINDOWS\System32\drivers\urscx01000.sys 0125761BEE90D1D6D55A215EDC6E445A
C:\WINDOWS\System32\drivers\urssynopsys.sys EB66E8CFEFBE5D1289CC550CCC01DCD6
C:\WINDOWS\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\WINDOWS\System32\drivers\usbccgp.sys EDB6BA8FEB162B6C5CCE093202473A14
C:\WINDOWS\System32\drivers\usbcir.sys 9B29694B23A00B3F4F57A43BA6505DF8
C:\WINDOWS\System32\drivers\usbehci.sys 7B4FE03651D611CD60489F95D8432524
C:\WINDOWS\System32\drivers\usbhub.sys E073593D0D3B28FEC2B4D38FD9ED5435
C:\WINDOWS\System32\drivers\UsbHub3.sys 9467B95BA82906B8DCA3B056AEE611AA
C:\WINDOWS\System32\drivers\usbohci.sys 6F57F59FAF195FF0EF02C26055AA3E29
C:\WINDOWS\System32\drivers\usbprint.sys A11654FDD04C9411884AFE7D90984921
C:\WINDOWS\System32\drivers\usbser.sys 790CF59C26CAF066C116CE3EB599F77D
C:\WINDOWS\System32\drivers\USBSTOR.SYS F6D95B2B2390ED2081657094740B488D
C:\WINDOWS\System32\drivers\usbuhci.sys 591202AC0B9A95061FC8D5F3E7804758
C:\WINDOWS\System32\drivers\USBXHCI.SYS 9FC9564AE9D24E01F97EFF2FCD52955E
C:\WINDOWS\System32\drivers\vdrvroot.sys 5AB1EBA528554BF6F30E0BB008239B33
C:\WINDOWS\System32\drivers\VerifierExt.sys DBD18035920A8D1E627F889D23E5AD1D
C:\WINDOWS\System32\drivers\vhdmp.sys A36FA9AA3F7E101DB606E73E030FBF7F
C:\WINDOWS\System32\drivers\vhf.sys CA25A82C98DE77B5E49586910F324288
C:\WINDOWS\System32\drivers\vmbus.sys 0C623C4965DC2DF4CC91A037CE5D73EF
C:\WINDOWS\System32\drivers\VMBusHID.sys F9B1D0146C9033D941FB65C9C040CE85
C:\WINDOWS\System32\drivers\vmgid.sys 50C1B4D7B7CE6E8F28E8A5AD931CAC94
C:\WINDOWS\System32\drivers\volmgr.sys 8CC96218A69A62C3B31BE2057B2F41F3
C:\WINDOWS\System32\drivers\volmgrx.sys 49918D35612CCD1C231AED13BEE085DA
C:\WINDOWS\System32\drivers\volsnap.sys D4940069222A8933334E93EEB54DD7C0
C:\WINDOWS\System32\drivers\volume.sys E37562651E0F51E7ECBB89CA4BA21920
C:\WINDOWS\System32\drivers\vpci.sys 55182CDC6521EEC067E675EB43578DE0
C:\WINDOWS\System32\drivers\vsmraid.sys 0F0D4AEFB0AF6657A5FA2794DCB7C058
C:\WINDOWS\System32\drivers\vstxraid.sys CD9097571AF259A21FCB618259F94EB5
C:\WINDOWS\System32\drivers\vwifibus.sys D2C7ADB2D659265C0D96DCED5C89825B
C:\WINDOWS\System32\drivers\vwififlt.sys B8861050E4BB7F448D94AD2F0A6C6833
C:\WINDOWS\System32\drivers\vwifimp.sys ED92C45E0E91BF4F2FCB6F3524404837
C:\WINDOWS\System32\drivers\wacompen.sys F603604F23B6871042238ACDDAD6F6CE
C:\WINDOWS\System32\DRIVERS\wanarp.sys 41FEFED24ECEB5FDC1B0767AC98582F6
C:\WINDOWS\System32\DRIVERS\wanarp.sys 41FEFED24ECEB5FDC1B0767AC98582F6
C:\WINDOWS\system32\drivers\wcifs.sys 14704C95C2B8A5F7EDA9248FD373D509
C:\WINDOWS\system32\drivers\wcnfs.sys 1E2369802053928A0691FEA7EAA53D9E
C:\WINDOWS\System32\drivers\WdBoot.sys 9A1277BABCE45257F71306D6EBF8BB5F
C:\WINDOWS\System32\drivers\wdcsam64.sys A556768CC1FA4F36022BEE2F0EDE2566
C:\WINDOWS\System32\drivers\Wdf01000.sys 128C8DA9796B4E5E662BEA89A50265A0
C:\WINDOWS\System32\drivers\WdFilter.sys 5AACBDEF1A0766DC785300E2D7339E49
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys AE9C1C222016EF8C80A517F08F4FCFEE
C:\WINDOWS\System32\Drivers\WdNisDrv.sys D913F8FD2D4733257F118A1CC0A97A08
C:\WINDOWS\System32\drivers\wfplwfs.sys 9A306B5FA7CBCD427016AC1807B18CEC
C:\WINDOWS\System32\drivers\wimmount.sys 7690DBB9D8D63792A27661F96B91D287
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys A9B63B5B4C5FE7E85BEC9D6180D2A50D
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 7231CBFBBE0F45B8E1D35AE35153DE8E
C:\WINDOWS\System32\drivers\winmad.sys 8098CCE470A942277025E3430EB88B5A
C:\WINDOWS\System32\drivers\winnat.sys 8E80F260BF9F6945815369BBDE0C33DE
C:\WINDOWS\System32\drivers\WinUSB.SYS 2835728D4043921C6DC61E4682803D88
C:\WINDOWS\System32\drivers\winverbs.sys 323B9485CFECAA618AB29D1508E06A22
C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys 3A627A24EAC6CEC3BA59548AA70BAD6E
C:\WINDOWS\System32\drivers\wmiacpi.sys A4597AC92C7355438D612131C2A80A0B
C:\Windows\System32\Drivers\Wof.sys C954CEBD4729419AF33234FC6C982844
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 0013228FB25DBBA6F08DB07D85D71F4C
C:\WINDOWS\system32\drivers\ws2ifsl.sys 573F0549359CB8874F7CB114C8E8C8C9
C:\WINDOWS\System32\drivers\WSDPrint.sys 15A6F04D9FC17804A79BD17BE0EC2A0E
C:\WINDOWS\system32\DRIVERS\WSDScan.sys F778D436DC6D43AE0CFE8C8E1A147E31
C:\WINDOWS\System32\drivers\WudfPf.sys E02FA22B6FF182F8F38A0954A163313F
C:\WINDOWS\System32\drivers\WUDFRd.sys 95B0B2CDC99D6CC345132196A2746F1F
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 95B0B2CDC99D6CC345132196A2746F1F
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 95B0B2CDC99D6CC345132196A2746F1F
C:\WINDOWS\System32\drivers\xboxgip.sys 06417C1742A8087175BF15D74BD7BB33
C:\WINDOWS\System32\drivers\xinputhid.sys E70800BE5C59FB0B6B6797BB3066A27B

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: NaturalAuthentication -> C:\Windows\System32\NaturalAuth.dll (Microsoft Corporation)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 14:05 - 2017-01-24 14:05 - 00899072 _____ C:\Users\nepta\Downloads\RGSA (1).exe
2017-01-24 14:02 - 2017-01-24 14:02 - 00899072 _____ C:\Users\nepta\Downloads\RGSA.exe
2017-01-24 12:06 - 2017-01-24 12:06 - 15309536 _____ C:\Users\nepta\Downloads\Shortcut.txt
2017-01-24 12:04 - 2017-01-24 12:05 - 00000000 ____D C:\Users\nepta\Desktop\Computer Safety
2017-01-24 11:51 - 2017-01-24 12:18 - 00036096 _____ C:\Users\nepta\Downloads\Addition.txt
2017-01-24 11:49 - 2017-01-24 14:27 - 00046031 _____ C:\Users\nepta\Downloads\FRST.txt
2017-01-24 11:48 - 2017-01-24 14:27 - 00000000 ____D C:\FRST
2017-01-24 11:48 - 2017-01-24 11:48 - 02420736 _____ (Farbar) C:\Users\nepta\Downloads\FRST64.exe
2017-01-24 11:46 - 2017-01-24 11:46 - 00000677 _____ C:\Users\nepta\Documents\JRT.txt
2017-01-24 11:43 - 2017-01-24 11:43 - 01663040 _____ (Malwarebytes) C:\Users\nepta\Downloads\JRT.exe
2017-01-24 11:35 - 2017-01-24 11:35 - 00002804 _____ C:\Users\nepta\Documents\AdwCleaner[C0].txt
2017-01-24 11:28 - 2017-01-24 11:28 - 03988944 _____ C:\Users\nepta\Downloads\adwcleaner_6.042.exe
2017-01-24 10:44 - 2017-01-24 10:44 - 00002199 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2017-01-24 10:43 - 2017-01-24 10:43 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-23 18:42 - 2017-01-23 18:42 - 00262980 _____ C:\Users\Default\346FD420--07CA--C4B7--E85FD803--727890ACE0A1.osiris
2017-01-23 18:42 - 2017-01-23 18:42 - 00193119 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--CF90E303--65ED10CF88FB.osiris
2017-01-23 18:42 - 2017-01-23 18:42 - 00008182 _____ C:\Users\Default\OSIRIS-3301.htm
2017-01-23 18:39 - 2017-01-23 18:39 - 29959946 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--BE26AA4B--CF25A2172F96.osiris
2017-01-23 18:39 - 2017-01-23 18:39 - 25213821 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--2B70DB5F--4A70C7AB15DA.osiris
2017-01-23 18:38 - 2017-01-23 18:38 - 41374933 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--AA21D825--B842BA2D897D.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 46018057 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6E4AB255--08D69A25B053.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 41374933 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--DFCC9C66--25198C9FFA5C.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 28953558 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FBD668B4--B751D4DAF8DD.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 28953558 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--70B87FDD--C33F5092EB06.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 25095206 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--82D3F454--210A65AAB9AB.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 23980926 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--56FC4376--79BD00769549.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 07536366 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--2FBF91BD--CCAA1C513BF3.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 41582785 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--9C2A7755--E502C80F6584.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 30744728 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8056258D--A1DE2E690211.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 27298594 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--264D8F57--73AB38580C98.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 09990619 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B8B612EB--35E1302E7A3C.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 09990619 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--5608A18B--DF337B9460EF.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 02460209 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--2F652B9A--25B605136306.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--EE970CC1--C4692A85C1A2.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--D1A7A2E0--565F4C3D1CB4.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6DB08FBA--C0E08A171383.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--3A355786--9BE8644D1A31.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01579410 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--9ABC5C68--665F17091DA5.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 15128434 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--F7291DEC--5E34A385E7A8.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00988737 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--E9D448CF--210F03092E36.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00469638 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--163230B8--D8CA59F41122.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00445405 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--56B7F313--89362D541756.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00044856 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--69A7E0E0--23E844A48EBA.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00007406 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--D8A6E0E8--61AE7785B475.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00007405 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B34CDB5D--8884AD5718CB.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00000858 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--899D6694--EACAB78BEEC1.osiris
2017-01-23 18:33 - 2017-01-23 18:33 - 02520029 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--673FD8FF--12D57944DD6B.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00086254 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--D0FF1078--BD81D0ED6955.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00058504 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--793B4CB0--4AB32B7C2E94.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00053537 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--87C2A923--043B1F1AAD10.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00039681 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--92B20262--7E76A3E4D302.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00039681 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8E5A826F--1F4F7E86E8C3.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00032444 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8BA056DD--34CFA7DE9309.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030384 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A5151F4F--B7D5B4BDECCB.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030384 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--40E6D0A5--68B5DDE2D087.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030379 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--C4D0B96F--B83B9F7AEB80.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030379 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--35A3F77E--FF2FCA20930F.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00024279 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--41435011--A543D335277F.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00015570 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--0902712C--CF3A3457598B.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00012207 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--5BA43B3D--262E7202CD73.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00001949 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--4C3F846F--CFC8C858A588.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00000836 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--AB57ADDA--F04D3A3FD3FE.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00000836 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A0170279--EB8749F5C833.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 03166721 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--DFEF78F6--5E980E2C90C1.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 01943890 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--5B5297EC--95A2C297DE7E.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 01498406 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--B180C704--4A1F6ADE2E3D.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00546681 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--94A3ADEC--2BD0819A41B7.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00526190 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--71DADE63--DC4EFFB80D71.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00362360 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--8BE6B147--FF24103CFB83.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00353810 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--66875EB9--E5E7944079B8.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00296951 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--2D430664--EE1E67387DEE.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00177872 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--497CE82D--962B8C209ECD.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 09043690 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--80FCDCC6--15379852C6D8.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 08623627 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8D5ACE86--5EEA930EBAC5.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 04373426 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--353008E6--A3A4ED90EEDA.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 04172693 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B15C0994--52B597901016.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01798329 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--84153FE5--5BDFE4E012FA.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01578348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--1E955960--7FFD366B5516.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01405762 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--1ECB6F88--FF5B0F7B2C59.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01400156 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FA47FDE0--FF7C2E694589.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01298090 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--52F3871B--148414730D44.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01254210 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--CF2411FD--DA7DD13FFB16.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01182224 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--280F024F--9AE621864DE9.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01146780 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--2FBCC45A--5ECBF4000E96.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00575251 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--D1AD2871--AEACCE67CBC7.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00542165 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--C912F4E0--A03AAA705425.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00420031 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--4527B604--C8AA7B17F17E.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00376783 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--492EE856--0E9EBF0F0482.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00341801 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--55B93532--96FEEDC8E872.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00331443 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--A4B04E44--1C53546520B3.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00327038 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--68F3A070--DE6ABBA895D4.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00322633 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--04E7748D--40965F06C7EA.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00246257 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--21500705--169346388EA0.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00143601 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--C7F3D3C4--23D9BB2A5E6F.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00117474 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--4F24D05D--85A92D0F5DD7.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00105459 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--255AAF14--5220241FC421.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00040341 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FE19C4A7--819D6BE6DF86.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00040341 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--958EB74C--28BB85530583.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00012816 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6F107895--DA13C0DC5328.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00011496 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--DF647321--17973BFB4372.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00011496 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B79D8B73--7DF6C387D76E.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00011496 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--31C144C7--709FF9167980.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00000836 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--347AC254--D41761DBB110.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 08056634 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--35D83685--9F405848E1DC.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 05325636 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--942B9237--8D3D6C0D01BA.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00848265 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--E3B1C311--0CC2650C0A02.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00848264 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--31473CE8--CC738BBBA8CA.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00777576 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--04F5F495--4DB47017250E.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00707871 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A9B80FBB--47C9BA760F23.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00707871 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--63A6FEC3--592AB0170702.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00494283 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--354C0F22--6CAB2FE09158.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00483600 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6B84FB04--942CD40439FD.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00346341 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--213204F3--06B89D58A1CF.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00324030 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--7702C78B--8CCD6F862170.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00279818 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8C2D22C8--D856E9E17B45.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00279818 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--46E053E1--7AE19CECE0D9.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00222237 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--3DA45503--FD3B00CF7E25.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00215019 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--09E359A0--B68F0EE76339.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00125051 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--281F97D7--615AAB8F75B5.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00065348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B07C2A12--78E63110415D.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00065348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--639E9CCF--0B560B94E397.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00065348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--0C490097--241557D592C7.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00008182 _____ C:\ProgramData\OSIRIS-a761.htm
2017-01-23 18:21 - 2017-01-23 18:21 - 00003592 _____ C:\ProgramData\346FD420--07CA--C4B7--4928A8E6--FA91EDB292F1.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00671364 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FB6A95E8--07FA92E86296.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00671362 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A662DF21--ECE0E35B5B26.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00669737 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--396323E0--971D2F1DF23F.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00668258 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--30A92CFA--AFB48099F7A1.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00634590 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--91A2F770--4D5715896E9E.osiris
2017-01-23 18:20 - 2017-01-2

42
Analysis and Malware Removal / Re: File Type Question
« on: January 25, 2017, 04:39:14 PM »
Here is the FIRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by nepta (administrator) on WIN-9VDBKK3EQVE (24-01-2017 14:27:19)
Running from C:\Users\nepta\Downloads
Loaded Profiles: nepta (Available Profiles: nepta)
Platform: Windows 10 Pro Insider Preview Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [670992 2016-12-03] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [Xmarks] => C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe [1178680 2014-11-06] (Xmarks.com)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [*yqxemyqtyq<*>] => "C:\Users\nepta\AppData\Local\f1076\0380a.bat" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\MountPoints2: {edf8497a-1cec-11e5-b697-d0df9ade1364} - "J:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\nepta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-10-26]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6ff00289-07bc-4525-b980-f42fe61bf48b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b032e560-a487-42e4-87fd-5ee82da6afb3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.charter.net/
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001 -> DefaultScope {DC97778D-7A6D-49A2-AD94-DB64E8FCFD01} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001 -> {DC97778D-7A6D-49A2-AD94-DB64E8FCFD01} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-22] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-22] (Google Inc.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default [2017-01-24]
CHR Extension: (Google Slides) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-13]
CHR Extension: (Google Docs) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-13]
CHR Extension: (Google Drive) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-13]
CHR Extension: (YouTube) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-13]
CHR Extension: (Google Search) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-13]
CHR Extension: (Adobe Acrobat) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-20]
CHR Extension: (Google Sheets) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Gmail) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-13]
CHR Extension: (Chrome Media Router) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2255064 2015-08-27] (Broadcom Corporation.)
S3 DevicesFlowUserSvc; C:\WINDOWS\System32\DevicesFlowBroker.dll [785920 2016-12-03] (Microsoft Corporation)
S3 DevicesFlowUserSvc_53d50; C:\WINDOWS\system32\svchost.exe [41856 2016-12-03] (Microsoft Corporation)
S3 DevicesFlowUserSvc_53d50; C:\WINDOWS\SysWOW64\svchost.exe [35128 2016-12-03] (Microsoft Corporation)
R2 DusmSvc; C:\WINDOWS\System32\dusmsvc.dll [289280 2016-12-03] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S3 IpxlatCfgSvc; C:\WINDOWS\System32\IpxlatCfg.dll [67584 2016-12-03] (Microsoft Corporation)
S3 NaturalAuthentication; C:\WINDOWS\System32\NaturalAuth.dll [226304 2016-12-03] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
S3 PrintWorkflowUserSvc; C:\WINDOWS\System32\Windows.Graphics.Internal.Printing.Workflow.dll [164352 2016-12-03] (Microsoft Corporation)
S3 PrintWorkflowUserSvc; C:\WINDOWS\SysWOW64\Windows.Graphics.Internal.Printing.Workflow.dll [122880 2016-12-03] (Microsoft Corporation)
R3 PrintWorkflowUserSvc_53d50; C:\WINDOWS\system32\svchost.exe [41856 2016-12-03] (Microsoft Corporation)
R3 PrintWorkflowUserSvc_53d50; C:\WINDOWS\SysWOW64\svchost.exe [35128 2016-12-03] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-26] (Realtek Semiconductor)
R2 SecurityHealthService; C:\WINDOWS\system32\SecurityHealthService.exe [192272 2016-12-03] (Microsoft Corporation)
S3 SEMgrSvc; C:\WINDOWS\system32\SEMgrSvc.dll [1231360 2016-12-03] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3385120 2016-12-03] (Microsoft Corporation)
S3 spectrum; C:\WINDOWS\system32\spectrum.exe [1177600 2016-12-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [349632 2016-12-03] (Microsoft Corporation)
R2 WebUpdate4; C:\WINDOWS\SysWOW64\WebUpdateSvc4.exe [262360 2008-09-15] (Data Perceptions / PowerProgrammer)
S3 WFDSConMgrSvc; C:\WINDOWS\System32\wfdsconmgrsvc.dll [547840 2016-12-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [97032 2016-12-03] (Microsoft Corporation)
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1270784 2016-12-03] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2015-08-27] (Broadcom Corporation.)
R2 CldFlt; C:\WINDOWS\System32\drivers\cldflt.sys [225792 2016-12-03] (Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 mausbhost; C:\WINDOWS\System32\drivers\mausbhost.sys [266000 2016-12-03] (Microsoft Corporation)
S3 mausbip; C:\WINDOWS\System32\drivers\mausbip.sys [45840 2016-12-03] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [104960 2016-12-03] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_16f6c9b501baeb7d\nvlddmkm.sys [13754936 2016-08-24] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 pmem; C:\WINDOWS\System32\drivers\pmem.sys [98304 2016-12-03] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2016-12-03] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [26896 2016-12-03] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-07-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-22] (Synaptics Incorporated)
S3 SpatialGraphFilter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [30480 2016-12-03] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [40768 2016-12-03] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [285968 2016-12-03] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117008 2016-12-03] (Microsoft Corporation)
S3 WinNat; C:\WINDOWS\System32\drivers\winnat.sys [206336 2016-12-03] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
U0 aswVmm; no ImagePath
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X]
S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys B6B5715C00CDAF6EA8FCE10192C0DD60
C:\WINDOWS\System32\drivers\3ware.sys 875409FBC36CA23E29CB374297521777
C:\WINDOWS\System32\drivers\ACPI.sys 95336F4BCB3A656F12EE4416D52C3CE0
C:\WINDOWS\System32\drivers\AcpiDev.sys 3A632ABDB610D7A5F67D6BD9008DADD3
C:\WINDOWS\System32\Drivers\acpiex.sys D8BE8561D707673B733D9F4766E3824B
C:\WINDOWS\System32\drivers\acpipagr.sys D8913EDFFBFAF0A1F0167868059A23AB
C:\WINDOWS\System32\drivers\acpipmi.sys BB6E0D8E9A3CAE0BB3C2EF25F5FF1023
C:\WINDOWS\System32\drivers\acpitime.sys 97589768A7EC21C5774128B285C3F921
C:\WINDOWS\System32\drivers\ADP80XX.SYS 31530EEA17C1014C23C2E33E4292C3FF
C:\WINDOWS\system32\drivers\afd.sys 217DD7520639EF4AD4E15CDA0ECB4A3E
C:\WINDOWS\System32\DRIVERS\ahcache.sys 2776F121DFB81C3894331DF5093736D1
C:\WINDOWS\System32\drivers\amdk8.sys 22D6FDBBF1963C80534EAD13C9F3AE18
C:\WINDOWS\System32\drivers\amdppm.sys 9FC614D6962567A7E1950E136A388678
C:\WINDOWS\System32\drivers\amdsata.sys F2C0602DE431E8AD783F66CD9CEFB728
C:\WINDOWS\System32\drivers\amdsbs.sys 1556369EAEAF5E534CD67D445829925A
C:\WINDOWS\System32\drivers\amdxata.sys A6BAEFC3A4B4AED1F8130F27D4F5E370
C:\WINDOWS\System32\drivers\appid.sys 9A15CB990F7BAA046632DB21AFAA1BC4
C:\WINDOWS\System32\drivers\applockerfltr.sys C3D21A9CE7397931566A7781EB97E5F8
C:\WINDOWS\system32\drivers\AppvStrm.sys 4645CC07F4B2A034384E82CCDA905573
C:\WINDOWS\system32\drivers\AppvVemgr.sys E397604A8B0A5ED7D960C68E618817A4
C:\WINDOWS\system32\drivers\AppvVfs.sys 13D8FEC773D0D3234B5B2789030D6B75
C:\WINDOWS\System32\drivers\arcsas.sys 968443EAC4643519ADFA713B42ED414C
C:\WINDOWS\System32\drivers\asyncmac.sys C11B04E361FCE65D9730B25B4EA86E72
C:\WINDOWS\System32\drivers\atapi.sys BC39F6DF7FD82AD5E8FF5EFBC3882130
C:\WINDOWS\System32\drivers\bxvbda.sys BEC4B9C505737EAFF327CFB5CBD76048
C:\WINDOWS\System32\drivers\BasicDisplay.sys 718C5E816C288B9C426718B9D8A9C883
C:\WINDOWS\System32\drivers\BasicRender.sys 13B89D39D2EBDCC2EDF066BF0EABE2E9
C:\WINDOWS\system32\drivers\bcbtums.sys F8FE7E12F8151E0A17C23CF840599F9A
C:\WINDOWS\system32\DRIVERS\bcmwl664.sys FDE8C8DC07E75347E4C6B455A0964217
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys 4635413B72423030CF6962DCFD078430
C:\WINDOWS\System32\DRIVERS\bowser.sys 9DFD75818DD3FDD3E989BADD749996B0
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys 2536718E0B1D168BC1283032163A97B3
C:\WINDOWS\System32\drivers\BthEnum.sys DDEBAE05DC7AC00B47E8C9F19217AEAE
C:\WINDOWS\System32\drivers\bthhfenum.sys ED60A6ECD139BCEF3DD6170489FD5184
C:\WINDOWS\System32\drivers\BthHFHid.sys E39D84CC157AD271560E83C4C1F0B102
C:\WINDOWS\System32\drivers\bthmodem.sys 8C9492F148DFC92AD1683013CA52EB53
C:\WINDOWS\System32\drivers\bthpan.sys 4B097C3C8300C08875768E0D472AB3CB
C:\WINDOWS\system32\DRIVERS\BTHport.sys 437F5778BF1A0F14E56A4D9892B51950
C:\WINDOWS\system32\DRIVERS\BTHUSB.sys 6351C549E5E41C8C6D77926AFA91EA4C
C:\WINDOWS\system32\DRIVERS\btwampfl.sys BC279FCEE9FC8CBF991D5DE539771AA9
C:\WINDOWS\System32\drivers\buttonconverter.sys 841C2C25A31E1ECCE8D7B808522A8CF6
C:\WINDOWS\System32\drivers\capimg.sys 1534B7D9B3B1459E6D0D7941FB47208B
C:\WINDOWS\System32\DRIVERS\cdfs.sys 00F971E30B396F9B5D93A56828D96917
C:\WINDOWS\System32\drivers\cdrom.sys 3326B6FDAD21619AB0FE860158D01D42
C:\WINDOWS\System32\drivers\cht4sx64.sys 6A4453CD310F86CC34E8F011E8C9D2FA
C:\WINDOWS\System32\drivers\cht4vx64.sys C4AE64F58E33B3F2093002F410388980
C:\WINDOWS\System32\drivers\circlass.sys E24A0C159528B3B0C49212F7971B5723
C:\WINDOWS\System32\drivers\cldflt.sys A8EBE359474FDF6ABBAF81BA62657042
C:\WINDOWS\System32\drivers\CLFS.sys DCF7D8A57B05656A833657E1D1755C30
C:\WINDOWS\System32\drivers\registry.sys 443B5094DEC7EC7FF40B6C326B26A312
C:\WINDOWS\System32\drivers\CmBatt.sys 14E734125C318DC506479E3A5C1BE0F5
C:\WINDOWS\System32\Drivers\cng.sys A6D7985026AE7D9F0B0097E4A3CF6768
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys 06C1D9A26A9F3E02A513CFF40F719C50
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_f06bcc22f978b867\CompositeBus.sys 1DD6C63B2E0FC1A3E455FB529607CD64
C:\WINDOWS\System32\drivers\condrv.sys 023B6318EA32B936155DE481ABA24962
C:\WINDOWS\System32\drivers\csc.sys 46EA67C969153A3BB1BA3928EBEC0995
C:\WINDOWS\System32\drivers\dam.sys C4613B7DAA6FC3CFA7C490BEE247C157
C:\WINDOWS\System32\drivers\dc3d.sys A4700D1F78539C0ED32FA50E64F9C692
C:\WINDOWS\System32\Drivers\dfsc.sys BDBB66C12EF1BE875ACA3AFD4B2ECC72
C:\WINDOWS\System32\drivers\disk.sys 5B365E6526128C5E86DB99B10AB966B6
C:\WINDOWS\System32\drivers\dmvsc.sys 93700A6E954248CAFCF3CCA1C5749867
C:\WINDOWS\system32\DRIVERS\drmkaud.sys 7D6FF0451F078AB756A11509558BCE7C
C:\WINDOWS\System32\drivers\dxgkrnl.sys 549A202BCF0B53B2969EA856E055900C
C:\WINDOWS\System32\drivers\evbda.sys D940068F290A8121A07C8C24A1BB19F1
C:\WINDOWS\System32\drivers\EhStorClass.sys 6B404F92034152BA0B1DC9A55F0649E4
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys 875505AD1ADF8EECA073CCABAAA1526C
C:\WINDOWS\System32\drivers\errdev.sys 4DBA7C262EED0B87AD67771B6DE1E03C
C:\WINDOWS\system32\drivers\mbae64.sys 4D7F3114147C31390262F19F74E5BF07
C:\Windows\System32\Drivers\exfat.sys F7F83B31733860E3E9E34F7C96D291D7
C:\Windows\System32\Drivers\fastfat.sys 1161C5EDFF4BF8A4319FC144172C458E
C:\WINDOWS\System32\drivers\fdc.sys B5F2F1F61B9A8534708F43954D526481
C:\WINDOWS\System32\drivers\filecrypt.sys B3CD1CFC649E1A3298FB8D99D464045D
C:\WINDOWS\System32\drivers\fileinfo.sys 0C75FC03C55CA6D26F6F027EFCC73769
C:\WINDOWS\System32\drivers\filetrace.sys 70EAC8A8C13E69EC5DF6B344B21EA24D
C:\WINDOWS\System32\drivers\flpydisk.sys 627A07E4CF086632BBB325588EDAC0AD
C:\WINDOWS\System32\drivers\fltmgr.sys AC56045957799AC1C8EB9CEC641D6147
C:\WINDOWS\System32\drivers\FsDepends.sys 6F73FE32863AA4F0B9222389D6A8E044
C:\Windows\System32\Drivers\Fs_Rec.sys 3EC807A07934C95077E62C6EA2A06636
C:\WINDOWS\System32\DRIVERS\fvevol.sys BF70A88CCF6DF97DDEFB375C56E8492D
C:\WINDOWS\System32\drivers\vmgencounter.sys B634E32D9894147B5E05DF781BA2EBAA
C:\WINDOWS\System32\drivers\genericusbfn.sys B836FCD5C45BB4B95EE5AF02A75FBDDD
C:\WINDOWS\System32\Drivers\msgpioclx.sys 0014F0AAAF2D666C569DC3AA2FF7DD45
C:\WINDOWS\System32\drivers\gpuenergydrv.sys B085C3B3256463356B1EFB2574173282
C:\WINDOWS\System32\drivers\HDAudBus.sys AD1082CB4FE6AE6D163FE6B92E6B4BC8
C:\WINDOWS\System32\drivers\HidBatt.sys E18BB39E08874EEC7D2B9E34FDA09FF6
C:\WINDOWS\System32\drivers\hidbth.sys FFFC6F090DA53EBD38A0CAC61B0F3FAC
C:\WINDOWS\System32\drivers\hidi2c.sys 8F4B64D8AE358A50B3B31F934ED6A241
C:\WINDOWS\System32\drivers\hidinterrupt.sys 809F0A23BBD32641012953DF5A1CE27A
C:\WINDOWS\System32\drivers\hidir.sys A78FDE4C933EA4C667BA5E42C2E8A1B1
C:\WINDOWS\System32\drivers\hidusb.sys 61C3E77887741C6800A2BB6BC4589909
C:\WINDOWS\System32\drivers\HpSAMD.sys FC822C522317C49CAF67013F2750F17B
C:\WINDOWS\System32\drivers\HTTP.sys B32F5042676694CF6E0411D501EC9B9D
C:\WINDOWS\System32\drivers\hvservice.sys A9F9A493C8C68EA94E607902B28A392D
C:\WINDOWS\System32\drivers\hwpolicy.sys 25DED6F0F6F13B7D97DD1390C7F22774
C:\WINDOWS\System32\drivers\hyperkbd.sys F861829049889EEA6EAFB02D1153732F
C:\WINDOWS\System32\drivers\i8042prt.sys 10E4EFB8E9EB9BC677582CE72FE7C826
C:\WINDOWS\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\WINDOWS\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 5A0E850F8CD17791A3E6A3CF81D0CA28
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 7508F1096803385D6376BFD0BD473AC4
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys 32FEF09BB643359B2DEEECF66F8708A7
C:\WINDOWS\System32\drivers\iaStorV.sys 914AA50F695598D85CD8256FD1AE960C
C:\WINDOWS\System32\drivers\ibbus.sys AF9B316F26E46D0830919CFCD2AB6FC3
C:\WINDOWS\System32\drivers\IndirectKmd.sys C18F478D8EA5BD8487250BCAC6C551B3
C:\WINDOWS\system32\drivers\RTKVHD64.sys 622868E4BAE8FBCD22CB1A5901A2C824
C:\WINDOWS\System32\drivers\intelide.sys A2705BE3B67CCFCF6D28DD5BAE57B5F8
C:\WINDOWS\System32\drivers\intelpep.sys 6F4517610E2889C578759DBDE9C44356
C:\WINDOWS\System32\drivers\intelppm.sys 16CFC91A9A0B11F1116FC72FC41E135A
C:\WINDOWS\System32\drivers\iorate.sys F1D847EFB9543A115911F19956B7BD3C
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 90B5AF4E960EE80F5CFEB43B5F8768E7
C:\WINDOWS\System32\drivers\IPMIDrv.sys 1E0B4530D1E44F4397B4BB1175D2CD70
C:\WINDOWS\System32\drivers\ipnat.sys 1C130E6E94B89DA57B35D20A36F5CC6B
C:\WINDOWS\system32\drivers\irda.sys DEB565D690F5D6F88F02CBCAE31A6E97
C:\WINDOWS\System32\drivers\irenum.sys 8A76A5A0AA00378BAE36A84C914B5BD7
C:\WINDOWS\System32\drivers\isapnp.sys 25F1B9685BB538F53E729882BA0F48B1
C:\WINDOWS\System32\drivers\msiscsi.sys 32E401731761379FC51BA90C7CF35FE3
C:\WINDOWS\System32\drivers\kbdclass.sys C87CEBC21AAB4BFD6B47097D5E94DE18
C:\WINDOWS\System32\drivers\kbdhid.sys AE7D99D84F1A1EB6E32D5BB7229F88C6
C:\WINDOWS\System32\drivers\kdnic.sys 8EA16E8BEC49D6C045C28838CFEE6279
C:\WINDOWS\System32\Drivers\ksecdd.sys BB10E8405232B48A8E9ED82159D7236C
C:\WINDOWS\System32\Drivers\ksecpkg.sys F35B5ADE0858AFC13EB92B09A0536AFC
C:\WINDOWS\system32\drivers\ksthunk.sys 0EB4F71957F4BFB33DE4DEC9453A4E3E
C:\WINDOWS\System32\drivers\lltdio.sys 01752F1B760656EBF1B0C4A80205098F
C:\WINDOWS\System32\drivers\lsi_sas.sys A79C806DF3DAE4A385E63D7DC27D7313
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 0E904AFB58B956D72DDD25FE48545CA2
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 04B6B6746EAD66521F021FA267A0D555
C:\WINDOWS\System32\drivers\lsi_sss.sys E08CD60062BEF59149CDBC579CC3B483
C:\WINDOWS\system32\drivers\luafv.sys 6265EAF9AE76D31C64CED58883EA021B
C:\WINDOWS\System32\drivers\mausbhost.sys B0EF5FCC4237E9FE485BE88257018C50
C:\WINDOWS\System32\drivers\mausbip.sys EBD6159C8F7D9AEC041F74851EF49A44
C:\WINDOWS\System32\drivers\megasas.sys 738A822D8ADC4FF1A2D8911AF08F59B2
C:\WINDOWS\System32\drivers\MegaSas2i.sys A886AA5C5CB14F23CA7ED0D3E497E369
C:\WINDOWS\System32\drivers\megasr.sys 67F7CE18F38F8CA31E7F6A42649ED4F8
C:\WINDOWS\System32\drivers\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\WINDOWS\System32\drivers\mlx4_bus.sys 9B3C67248229D35B2238B1B763A42EA4
C:\WINDOWS\system32\drivers\mmcss.sys 30FC7CA681F154F460BAE577C14F0DB2
C:\WINDOWS\System32\drivers\modem.sys BE1F753C48FC23B93BDABCCA320DE81E
C:\WINDOWS\System32\drivers\monitor.sys 3FC3EFE54A6C2C9F6D3FDD6539C4BB26
C:\WINDOWS\System32\drivers\mouclass.sys A400E64627BC1505EA2F2CDBFC86FAB3
C:\WINDOWS\System32\drivers\mouhid.sys AD5A4D65A968AEBCAAD05454F7BFE96A
C:\WINDOWS\System32\drivers\mountmgr.sys 05840C86A221C2A7E6755AB145366EB2
C:\WINDOWS\System32\drivers\mpsdrv.sys B5D78625FD7DBF065B0C5B1406DC0384
C:\WINDOWS\system32\drivers\mrxdav.sys B9919496D6DCFFAB2A77C929AD287613
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys B572A4275354104AFC02DAB009E5B4F6
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys B04B378637F655DA09F0E23B170D47A4
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 1ABDF9C902B027C2C2E6686FAE96173D
C:\WINDOWS\System32\drivers\bridge.sys 4FB1266788E8E08570655521791466C8
C:\Windows\System32\Drivers\Msfs.sys 0261F991B8FE3BE5864FC0C6BF27CC0C
C:\WINDOWS\System32\drivers\msgpiowin32.sys 6D1E26845AC230E09CBB0B8409072509
C:\WINDOWS\System32\drivers\mshidkmdf.sys 7C095521AE1BD263FF8F2BCF81492C1B
C:\WINDOWS\System32\drivers\mshidumdf.sys A723C5C371495DEF4FBC2BB8826DBEF7
C:\WINDOWS\System32\drivers\msisadrv.sys D2C2193399B1CF395DE8DBC72AFD4762
C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys AF3B513D4AF183DC05DDE30E155AC9D1
C:\WINDOWS\System32\drivers\mslldp.sys 5D82D59B7CB42D5BB7CB90D4E26A37E4
C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys 80940E4E2D69C5F2EC765FF096D27062
C:\WINDOWS\system32\DRIVERS\MSPQM.sys CD1EA1109A70F207EBF2FD2D03314DD9
C:\Windows\System32\Drivers\MsRPC.sys 7F049F7F19F8376FC36D76A64B41A017
C:\WINDOWS\System32\drivers\mssecflt.sys 203F2FB1B247D732B7106239C954E851
C:\WINDOWS\System32\drivers\mssmbios.sys D4922AA75C7022C38D113FD235384A4F
C:\WINDOWS\system32\DRIVERS\MSTEE.sys F79CA7DD2CD9C9D9B91C450F1C7321B2
C:\WINDOWS\System32\drivers\MTConfig.sys 5C5F6CA9C06981C8099F7B299E89CF32
C:\WINDOWS\System32\Drivers\mup.sys 7E1E28C38F1BA8F0C79C29A9E155A90A
C:\WINDOWS\System32\drivers\mvumis.sys 014979DF493D1371FC9AFC8012DC0545
C:\WINDOWS\System32\DRIVERS\nwifi.sys 531A48B861C8F999E9749F4DE0171841
C:\WINDOWS\System32\drivers\ndfltr.sys EAE693008ED94FBF5FE1A73220E9A8C8
C:\WINDOWS\System32\drivers\ndis.sys E03308F839E2753CE6494DFF3BAD500B
C:\WINDOWS\System32\drivers\ndiscap.sys 0DAE7E8D362CE0097CF40DA32283FDB9
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 5B6D6225F69BAA58C765CB65EEF43A1E
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 2EBB613CD5743A6A49236E823F4053AC
C:\WINDOWS\System32\drivers\ndisuio.sys 076A1A0A0F18D6D003BB79F32097412B
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys 7AF21637D3C55524A4D8FE858D9194AA
C:\WINDOWS\System32\drivers\ndiswan.sys BB02978ADE135A9FA5C440577C186BFE
C:\WINDOWS\System32\DRIVERS\ndiswan.sys BB02978ADE135A9FA5C440577C186BFE
C:\WINDOWS\System32\DRIVERS\NDProxy.sys DD0DDA216AFE98F51BB0DCBF68B93063
C:\WINDOWS\System32\drivers\Ndu.sys 2BB247904B1A1A95F77D34E785BFBD49
C:\WINDOWS\System32\drivers\NetAdapterCx.sys 43B86F4F98DC6C6E942304FB360AC316
C:\WINDOWS\System32\drivers\netbios.sys 2E25D3C2E1F3FF75F489009988120CA2
C:\WINDOWS\System32\DRIVERS\netbt.sys 12641C55E0E7C5D2268A9826E362D818
C:\Windows\System32\Drivers\Npfs.sys 92FF25B3FCE4FB33DD4A3B797758E524
C:\WINDOWS\System32\drivers\npsvctrig.sys 1E114C1228585073A23FA11486ACE810
C:\WINDOWS\System32\drivers\nsiproxy.sys E043F6560A2C8C1D1FFD4B51670057F5
C:\Windows\System32\Drivers\NTFS.sys 012905E46BD1FAEDC5DA2DC24CC5865B
C:\Windows\System32\Drivers\Null.sys 08A773F4D6C0C8C1A6E1FD8BB4765BB1
C:\WINDOWS\system32\drivers\nvhda64v.sys 705386E3D1D814B974FFA4BE996C2B19
C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_16f6c9b501baeb7d\nvlddmkm.sys CC2128714FAF80CBE743C2BE2FC8D5DF
C:\WINDOWS\System32\drivers\nvraid.sys 167F46E17590CF61A0BCE89DFFF360A7
C:\WINDOWS\System32\drivers\nvstor.sys 55E3079ACED5A68E845623A2776CDA02
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 60C9EC53F9CFBFBE38E9C79B88A6B19F
C:\WINDOWS\system32\drivers\nvvad64v.sys 35DFC12FD7E44B7CB8CCD7E5A2B3975A
C:\WINDOWS\System32\drivers\parport.sys 2925C723017C8445E8646678C28CFACE
C:\WINDOWS\System32\drivers\partmgr.sys 3E02EEB83F84896E38CC49E2E9588350
C:\WINDOWS\System32\drivers\pci.sys AD6F3A9765BD338CDB650A4BFE2B2CEA
C:\WINDOWS\System32\drivers\pciide.sys D9D3431CCD13BBD40B999EF1831FD665
C:\WINDOWS\System32\drivers\pcmcia.sys 2C7FF889F326AE2CF5010A3AB7D51CC7
C:\WINDOWS\System32\drivers\pcw.sys E2B6F68067142CA8CD72706278CD31CB
C:\WINDOWS\System32\drivers\pdc.sys 4F9E0A266C6CF21006979E4EB9D984EB
C:\WINDOWS\System32\drivers\peauth.sys 8512FBA31C6CFCD5BD27F4E7DD97E885
C:\WINDOWS\System32\drivers\percsas2i.sys FB21E4CE28062F467C763FA9DED65A1A
C:\WINDOWS\System32\drivers\percsas3i.sys F029FE8E9A4CF37AE4A88B6FDC40D7C5
C:\WINDOWS\System32\drivers\pmem.sys 928DB776F95A674E78ECDF73AA69C0F3
C:\WINDOWS\System32\drivers\raspptp.sys E499A4CDF79A43C7859071C2A019ABD9
C:\WINDOWS\System32\drivers\processr.sys 0698E158307B39E789B72F24761EE6BC
C:\WINDOWS\System32\drivers\pacer.sys 1558C63AA19AD27BB4A629A50E6D2608
C:\WINDOWS\system32\drivers\qwavedrv.sys 068B1CF6A6D3B8D056C88887AEC5B282
C:\WINDOWS\System32\DRIVERS\rasacd.sys 20640EE38085414F696581C8D7B365EB
C:\WINDOWS\System32\drivers\AgileVpn.sys 6BED76071338740585A37AF937340934
C:\WINDOWS\System32\drivers\rasl2tp.sys 8F077329CD1A4F6EAD50C9D9D5CD5034
C:\WINDOWS\System32\DRIVERS\raspppoe.sys CACE4D4673E9BA77F2C07E549F2189CB
C:\WINDOWS\System32\drivers\rassstp.sys 9498178B4481D1079D507A3385ED35B4
C:\WINDOWS\System32\DRIVERS\rdbss.sys C04C096DF6E45148C02FA30E1D68FF04
C:\WINDOWS\System32\drivers\rdpbus.sys 6DE67E8A3039E1B64D637B16D114EC95
C:\WINDOWS\System32\drivers\rdpdr.sys 62275196A6C88985F9AC6C107FDB01FF
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 1A3841ED296BB396C66C0A17E6D7DE8C
C:\WINDOWS\System32\drivers\rdyboost.sys 6F0382CEB29982B328F0E0FD7F996872
C:\Windows\System32\Drivers\ReFSv1.sys 599C3BDDF8477106F6E2F88B94C8B9A5
C:\WINDOWS\System32\drivers\rfcomm.sys E0B672E986F8550E3AC6C27510A3F6F6
C:\WINDOWS\System32\drivers\rspndr.sys 43B1CA9B33BDC2F1437F6ADD93516FC5
C:\WINDOWS\System32\drivers\rt640x64.sys AB7C0639DF052528C2CB06D0EAE115EC
C:\WINDOWS\System32\drivers\vms3cap.sys 4CC386DC5C3495BF837368A9D279D562
C:\WINDOWS\System32\drivers\sbp2port.sys E8490BF2C3E83FE8428F6FD5CF8360F1
C:\WINDOWS\System32\DRIVERS\scfilter.sys E280477F80D08A5835F3549DCF561490
C:\WINDOWS\System32\drivers\scmbus.sys 2F71968C12A7AFBEC62285BC9D6E3D55
C:\WINDOWS\System32\drivers\sdbus.sys 6A7433CE0071F0A171456613CBFD2817
C:\WINDOWS\System32\drivers\SDFRd.sys 26D76101B30E33DF3D2ED598776FD942
C:\WINDOWS\System32\drivers\sdstor.sys D8B200F1E1355088F160658261D8E72C
C:\WINDOWS\System32\drivers\SerCx.sys A6ABADF8AFECB9611A057EF53DE0AD8E
C:\WINDOWS\System32\drivers\SerCx2.sys 32F45508C994968075AD9A1B708B3A9C
C:\WINDOWS\System32\drivers\serenum.sys 8EAE634879262ABCA59C3EA6596CD240
C:\WINDOWS\System32\drivers\serial.sys 2B8B5CA027B4B338AD28AA34AD38F69F
C:\WINDOWS\System32\drivers\sermouse.sys 370344596044213E4FA42099B96BAD3B
C:\WINDOWS\System32\drivers\sfloppy.sys 96318788468672BFD67E75FD8C24FB79
C:\WINDOWS\System32\drivers\SiSRaid2.sys 7BC97CD775A4D1C6BB4EF5B657798690
C:\WINDOWS\System32\drivers\sisraid4.sys 8E49013D06FBEB7531B2922206D069F0
C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys C584D941C2F915B27FAEE9B407744641
C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys 8A6571231D93C08434A56E19E33A35CB
C:\WINDOWS\System32\drivers\spaceport.sys 58719C907CEFAA0BE2CFA1423A251FE9
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys 9D32663DDDDA8A8BD717ABFF89093F9A
C:\WINDOWS\System32\drivers\SpbCx.sys 06C9DFCC4E40FBBC0CE2B977BB1000DE
C:\WINDOWS\System32\DRIVERS\srv.sys C68D9F5492A01132B5CA53FE5062128E
C:\WINDOWS\System32\DRIVERS\srv2.sys 5595589455D9F3E4790021F51DB0893C
C:\WINDOWS\System32\DRIVERS\srvnet.sys E77E4A6B29A897A39F97CCBDF81EB700
C:\WINDOWS\System32\drivers\stexstor.sys A132FD7C7339648CF4429EA79BE8346B
C:\WINDOWS\system32\DRIVERS\serscan.sys 57119780A42B5E364065310E94522D2D
C:\WINDOWS\System32\drivers\storahci.sys 2179E507BAF874D7221F1C869A10DE33
C:\WINDOWS\System32\drivers\vmstorfl.sys EB4996D50E108AB4B9F74D14B13205DB
C:\WINDOWS\System32\drivers\stornvme.sys 9EAE58FB4026EC686620D73AC25ED4A1
C:\WINDOWS\System32\drivers\storqosflt.sys 448D59AE6060D1F799738C4E06522243
C:\WINDOWS\System32\drivers\storufs.sys B33FFB7BC1834724CF16C1B27B413ED7
C:\WINDOWS\System32\drivers\storvsc.sys 5F4715C5159296DCE43D6196DBBFDBA7
C:\WINDOWS\System32\drivers\swenum.sys C4B244287121CB158BD674ECCB45F8F5
C:\WINDOWS\System32\drivers\Synth3dVsc.sys 42BB0E1CFE497D09F5758F4FC900573C
C:\WINDOWS\System32\drivers\tcpip.sys 4D9D24AB87B8119CDBED2A12B2A0F095
C:\WINDOWS\System32\drivers\tcpip.sys 4D9D24AB87B8119CDBED2A12B2A0F095
C:\WINDOWS\System32\drivers\tcpipreg.sys 1ADEB608E059B37280C7D17F4F09DA37
C:\WINDOWS\system32\DRIVERS\tdx.sys D508F0FE80E6F59D022B426C60795E49
C:\WINDOWS\System32\drivers\terminpt.sys 0DE58AE90E69A196A7571B875A2AB8DE
C:\WINDOWS\System32\drivers\tpm.sys 8E5712E9D65316D999772EB13415C20F
C:\WINDOWS\System32\drivers\tsusbflt.sys 8DDEA98ACA8E03F71F666466FA17A81A
C:\WINDOWS\System32\drivers\TsUsbGD.sys B99F97056B726D8A9F582020E27861CF
C:\WINDOWS\System32\drivers\tsusbhub.sys 310CC5A9E6FDDD268D6C677B89AAFC2B
C:\WINDOWS\System32\drivers\tunnel.sys 30EC43B7776AF44BB1AFC6BE112EF089
C:\WINDOWS\System32\drivers\uaspstor.sys 0954B446EA35655C9727A8113ADAA1AD
C:\WINDOWS\System32\Drivers\UcmCx.sys 3DBDBFE349B5B577218825C3F52D8168
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 752A47B3F73FA656D11669CCD606D158
C:\WINDOWS\System32\drivers\UcmUcsi.sys AE31318FA016E346EE987BBBDEFA7B57
C:\WINDOWS\System32\drivers\ucx01000.sys 6D6D06DB7D994CCE6DDD968FD1532EFA
C:\WINDOWS\System32\drivers\udecx.sys 9DBCA53B2C2F94DC2C9A806752433923
C:\WINDOWS\System32\DRIVERS\udfs.sys 74F73DE6E9D1EB5AD11E053F2B3FA18B
C:\WINDOWS\System32\drivers\UEFI.sys 7C9B307F84B41692044EFECB5467EF96
C:\WINDOWS\system32\drivers\UevAgentDriver.sys EB2867BF0CBCFE2D74BC0FC70A1606C5
C:\WINDOWS\System32\drivers\ufx01000.sys E6FCBE7C9BD4A0FB2F692F1919D4B8C9
C:\WINDOWS\System32\drivers\UfxChipidea.sys A6A16F7A5AFCEE786460843D536A9F54
C:\WINDOWS\System32\drivers\ufxsynopsys.sys 2719170C42543484884180F832930557
C:\WINDOWS\System32\drivers\umbus.sys 7CB8B57B6523B9065E9DCFA25D83C8CB
C:\WINDOWS\System32\drivers\umpass.sys DAD50661FBF85D0CE3BFE6B89196D4E2
C:\WINDOWS\System32\drivers\urschipidea.sys 45360850AC69499211FD75ADAD91AB1C
C:\WINDOWS\System32\drivers\urscx01000.sys 0125761BEE90D1D6D55A215EDC6E445A
C:\WINDOWS\System32\drivers\urssynopsys.sys EB66E8CFEFBE5D1289CC550CCC01DCD6
C:\WINDOWS\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\WINDOWS\System32\drivers\usbccgp.sys EDB6BA8FEB162B6C5CCE093202473A14
C:\WINDOWS\System32\drivers\usbcir.sys 9B29694B23A00B3F4F57A43BA6505DF8
C:\WINDOWS\System32\drivers\usbehci.sys 7B4FE03651D611CD60489F95D8432524
C:\WINDOWS\System32\drivers\usbhub.sys E073593D0D3B28FEC2B4D38FD9ED5435
C:\WINDOWS\System32\drivers\UsbHub3.sys 9467B95BA82906B8DCA3B056AEE611AA
C:\WINDOWS\System32\drivers\usbohci.sys 6F57F59FAF195FF0EF02C26055AA3E29
C:\WINDOWS\System32\drivers\usbprint.sys A11654FDD04C9411884AFE7D90984921
C:\WINDOWS\System32\drivers\usbser.sys 790CF59C26CAF066C116CE3EB599F77D
C:\WINDOWS\System32\drivers\USBSTOR.SYS F6D95B2B2390ED2081657094740B488D
C:\WINDOWS\System32\drivers\usbuhci.sys 591202AC0B9A95061FC8D5F3E7804758
C:\WINDOWS\System32\drivers\USBXHCI.SYS 9FC9564AE9D24E01F97EFF2FCD52955E
C:\WINDOWS\System32\drivers\vdrvroot.sys 5AB1EBA528554BF6F30E0BB008239B33
C:\WINDOWS\System32\drivers\VerifierExt.sys DBD18035920A8D1E627F889D23E5AD1D
C:\WINDOWS\System32\drivers\vhdmp.sys A36FA9AA3F7E101DB606E73E030FBF7F
C:\WINDOWS\System32\drivers\vhf.sys CA25A82C98DE77B5E49586910F324288
C:\WINDOWS\System32\drivers\vmbus.sys 0C623C4965DC2DF4CC91A037CE5D73EF
C:\WINDOWS\System32\drivers\VMBusHID.sys F9B1D0146C9033D941FB65C9C040CE85
C:\WINDOWS\System32\drivers\vmgid.sys 50C1B4D7B7CE6E8F28E8A5AD931CAC94
C:\WINDOWS\System32\drivers\volmgr.sys 8CC96218A69A62C3B31BE2057B2F41F3
C:\WINDOWS\System32\drivers\volmgrx.sys 49918D35612CCD1C231AED13BEE085DA
C:\WINDOWS\System32\drivers\volsnap.sys D4940069222A8933334E93EEB54DD7C0
C:\WINDOWS\System32\drivers\volume.sys E37562651E0F51E7ECBB89CA4BA21920
C:\WINDOWS\System32\drivers\vpci.sys 55182CDC6521EEC067E675EB43578DE0
C:\WINDOWS\System32\drivers\vsmraid.sys 0F0D4AEFB0AF6657A5FA2794DCB7C058
C:\WINDOWS\System32\drivers\vstxraid.sys CD9097571AF259A21FCB618259F94EB5
C:\WINDOWS\System32\drivers\vwifibus.sys D2C7ADB2D659265C0D96DCED5C89825B
C:\WINDOWS\System32\drivers\vwififlt.sys B8861050E4BB7F448D94AD2F0A6C6833
C:\WINDOWS\System32\drivers\vwifimp.sys ED92C45E0E91BF4F2FCB6F3524404837
C:\WINDOWS\System32\drivers\wacompen.sys F603604F23B6871042238ACDDAD6F6CE
C:\WINDOWS\System32\DRIVERS\wanarp.sys 41FEFED24ECEB5FDC1B0767AC98582F6
C:\WINDOWS\System32\DRIVERS\wanarp.sys 41FEFED24ECEB5FDC1B0767AC98582F6
C:\WINDOWS\system32\drivers\wcifs.sys 14704C95C2B8A5F7EDA9248FD373D509
C:\WINDOWS\system32\drivers\wcnfs.sys 1E2369802053928A0691FEA7EAA53D9E
C:\WINDOWS\System32\drivers\WdBoot.sys 9A1277BABCE45257F71306D6EBF8BB5F
C:\WINDOWS\System32\drivers\wdcsam64.sys A556768CC1FA4F36022BEE2F0EDE2566
C:\WINDOWS\System32\drivers\Wdf01000.sys 128C8DA9796B4E5E662BEA89A50265A0
C:\WINDOWS\System32\drivers\WdFilter.sys 5AACBDEF1A0766DC785300E2D7339E49
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys AE9C1C222016EF8C80A517F08F4FCFEE
C:\WINDOWS\System32\Drivers\WdNisDrv.sys D913F8FD2D4733257F118A1CC0A97A08
C:\WINDOWS\System32\drivers\wfplwfs.sys 9A306B5FA7CBCD427016AC1807B18CEC
C:\WINDOWS\System32\drivers\wimmount.sys 7690DBB9D8D63792A27661F96B91D287
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys A9B63B5B4C5FE7E85BEC9D6180D2A50D
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 7231CBFBBE0F45B8E1D35AE35153DE8E
C:\WINDOWS\System32\drivers\winmad.sys 8098CCE470A942277025E3430EB88B5A
C:\WINDOWS\System32\drivers\winnat.sys 8E80F260BF9F6945815369BBDE0C33DE
C:\WINDOWS\System32\drivers\WinUSB.SYS 2835728D4043921C6DC61E4682803D88
C:\WINDOWS\System32\drivers\winverbs.sys 323B9485CFECAA618AB29D1508E06A22
C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys 3A627A24EAC6CEC3BA59548AA70BAD6E
C:\WINDOWS\System32\drivers\wmiacpi.sys A4597AC92C7355438D612131C2A80A0B
C:\Windows\System32\Drivers\Wof.sys C954CEBD4729419AF33234FC6C982844
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 0013228FB25DBBA6F08DB07D85D71F4C
C:\WINDOWS\system32\drivers\ws2ifsl.sys 573F0549359CB8874F7CB114C8E8C8C9
C:\WINDOWS\System32\drivers\WSDPrint.sys 15A6F04D9FC17804A79BD17BE0EC2A0E
C:\WINDOWS\system32\DRIVERS\WSDScan.sys F778D436DC6D43AE0CFE8C8E1A147E31
C:\WINDOWS\System32\drivers\WudfPf.sys E02FA22B6FF182F8F38A0954A163313F
C:\WINDOWS\System32\drivers\WUDFRd.sys 95B0B2CDC99D6CC345132196A2746F1F
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 95B0B2CDC99D6CC345132196A2746F1F
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 95B0B2CDC99D6CC345132196A2746F1F
C:\WINDOWS\System32\drivers\xboxgip.sys 06417C1742A8087175BF15D74BD7BB33
C:\WINDOWS\System32\drivers\xinputhid.sys E70800BE5C59FB0B6B6797BB3066A27B

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: NaturalAuthentication -> C:\Windows\System32\NaturalAuth.dll (Microsoft Corporation)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 14:05 - 2017-01-24 14:05 - 00899072 _____ C:\Users\nepta\Downloads\RGSA (1).exe
2017-01-24 14:02 - 2017-01-24 14:02 - 00899072 _____ C:\Users\nepta\Downloads\RGSA.exe
2017-01-24 12:06 - 2017-01-24 12:06 - 15309536 _____ C:\Users\nepta\Downloads\Shortcut.txt
2017-01-24 12:04 - 2017-01-24 12:05 - 00000000 ____D C:\Users\nepta\Desktop\Computer Safety
2017-01-24 11:51 - 2017-01-24 12:18 - 00036096 _____ C:\Users\nepta\Downloads\Addition.txt
2017-01-24 11:49 - 2017-01-24 14:27 - 00046031 _____ C:\Users\nepta\Downloads\FRST.txt
2017-01-24 11:48 - 2017-01-24 14:27 - 00000000 ____D C:\FRST
2017-01-24 11:48 - 2017-01-24 11:48 - 02420736 _____ (Farbar) C:\Users\nepta\Downloads\FRST64.exe
2017-01-24 11:46 - 2017-01-24 11:46 - 00000677 _____ C:\Users\nepta\Documents\JRT.txt
2017-01-24 11:43 - 2017-01-24 11:43 - 01663040 _____ (Malwarebytes) C:\Users\nepta\Downloads\JRT.exe
2017-01-24 11:35 - 2017-01-24 11:35 - 00002804 _____ C:\Users\nepta\Documents\AdwCleaner[C0].txt
2017-01-24 11:28 - 2017-01-24 11:28 - 03988944 _____ C:\Users\nepta\Downloads\adwcleaner_6.042.exe
2017-01-24 10:44 - 2017-01-24 10:44 - 00002199 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2017-01-24 10:43 - 2017-01-24 10:43 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-23 18:42 - 2017-01-23 18:42 - 00262980 _____ C:\Users\Default\346FD420--07CA--C4B7--E85FD803--727890ACE0A1.osiris
2017-01-23 18:42 - 2017-01-23 18:42 - 00193119 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--CF90E303--65ED10CF88FB.osiris
2017-01-23 18:42 - 2017-01-23 18:42 - 00008182 _____ C:\Users\Default\OSIRIS-3301.htm
2017-01-23 18:39 - 2017-01-23 18:39 - 29959946 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--BE26AA4B--CF25A2172F96.osiris
2017-01-23 18:39 - 2017-01-23 18:39 - 25213821 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--2B70DB5F--4A70C7AB15DA.osiris
2017-01-23 18:38 - 2017-01-23 18:38 - 41374933 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--AA21D825--B842BA2D897D.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 46018057 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6E4AB255--08D69A25B053.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 41374933 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--DFCC9C66--25198C9FFA5C.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 28953558 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FBD668B4--B751D4DAF8DD.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 28953558 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--70B87FDD--C33F5092EB06.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 25095206 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--82D3F454--210A65AAB9AB.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 23980926 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--56FC4376--79BD00769549.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 07536366 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--2FBF91BD--CCAA1C513BF3.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 41582785 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--9C2A7755--E502C80F6584.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 30744728 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8056258D--A1DE2E690211.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 27298594 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--264D8F57--73AB38580C98.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 09990619 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B8B612EB--35E1302E7A3C.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 09990619 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--5608A18B--DF337B9460EF.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 02460209 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--2F652B9A--25B605136306.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--EE970CC1--C4692A85C1A2.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--D1A7A2E0--565F4C3D1CB4.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6DB08FBA--C0E08A171383.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--3A355786--9BE8644D1A31.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01579410 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--9ABC5C68--665F17091DA5.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 15128434 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--F7291DEC--5E34A385E7A8.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00988737 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--E9D448CF--210F03092E36.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00469638 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--163230B8--D8CA59F41122.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00445405 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--56B7F313--89362D541756.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00044856 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--69A7E0E0--23E844A48EBA.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00007406 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--D8A6E0E8--61AE7785B475.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00007405 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B34CDB5D--8884AD5718CB.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00000858 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--899D6694--EACAB78BEEC1.osiris
2017-01-23 18:33 - 2017-01-23 18:33 - 02520029 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--673FD8FF--12D57944DD6B.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00086254 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--D0FF1078--BD81D0ED6955.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00058504 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--793B4CB0--4AB32B7C2E94.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00053537 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--87C2A923--043B1F1AAD10.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00039681 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--92B20262--7E76A3E4D302.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00039681 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8E5A826F--1F4F7E86E8C3.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00032444 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8BA056DD--34CFA7DE9309.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030384 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A5151F4F--B7D5B4BDECCB.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030384 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--40E6D0A5--68B5DDE2D087.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030379 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--C4D0B96F--B83B9F7AEB80.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030379 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--35A3F77E--FF2FCA20930F.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00024279 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--41435011--A543D335277F.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00015570 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--0902712C--CF3A3457598B.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00012207 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--5BA43B3D--262E7202CD73.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00001949 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--4C3F846F--CFC8C858A588.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00000836 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--AB57ADDA--F04D3A3FD3FE.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00000836 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A0170279--EB8749F5C833.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 03166721 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--DFEF78F6--5E980E2C90C1.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 01943890 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--5B5297EC--95A2C297DE7E.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 01498406 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--B180C704--4A1F6ADE2E3D.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00546681 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--94A3ADEC--2BD0819A41B7.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00526190 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--71DADE63--DC4EFFB80D71.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00362360 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--8BE6B147--FF24103CFB83.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00353810 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--66875EB9--E5E7944079B8.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00296951 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--2D430664--EE1E67387DEE.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00177872 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--497CE82D--962B8C209ECD.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 09043690 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--80FCDCC6--15379852C6D8.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 08623627 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8D5ACE86--5EEA930EBAC5.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 04373426 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--353008E6--A3A4ED90EEDA.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 04172693 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B15C0994--52B597901016.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01798329 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--84153FE5--5BDFE4E012FA.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01578348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--1E955960--7FFD366B5516.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01405762 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--1ECB6F88--FF5B0F7B2C59.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01400156 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FA47FDE0--FF7C2E694589.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01298090 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--52F3871B--148414730D44.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01254210 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--CF2411FD--DA7DD13FFB16.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01182224 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--280F024F--9AE621864DE9.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01146780 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--2FBCC45A--5ECBF4000E96.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00575251 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--D1AD2871--AEACCE67CBC7.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00542165 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--C912F4E0--A03AAA705425.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00420031 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--4527B604--C8AA7B17F17E.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00376783 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--492EE856--0E9EBF0F0482.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00341801 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--55B93532--96FEEDC8E872.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00331443 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--A4B04E44--1C53546520B3.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00327038 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--68F3A070--DE6ABBA895D4.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00322633 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--04E7748D--40965F06C7EA.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00246257 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--21500705--169346388EA0.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00143601 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--C7F3D3C4--23D9BB2A5E6F.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00117474 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--4F24D05D--85A92D0F5DD7.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00105459 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--255AAF14--5220241FC421.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00040341 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FE19C4A7--819D6BE6DF86.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00040341 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--958EB74C--28BB85530583.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00012816 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6F107895--DA13C0DC5328.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00011496 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--DF647321--17973BFB4372.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00011496 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B79D8B73--7DF6C387D76E.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00011496 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--31C144C7--709FF9167980.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00000836 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--347AC254--D41761DBB110.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 08056634 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--35D83685--9F405848E1DC.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 05325636 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--942B9237--8D3D6C0D01BA.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00848265 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--E3B1C311--0CC2650C0A02.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00848264 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--31473CE8--CC738BBBA8CA.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00777576 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--04F5F495--4DB47017250E.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00707871 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A9B80FBB--47C9BA760F23.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00707871 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--63A6FEC3--592AB0170702.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00494283 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--354C0F22--6CAB2FE09158.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00483600 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6B84FB04--942CD40439FD.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00346341 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--213204F3--06B89D58A1CF.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00324030 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--7702C78B--8CCD6F862170.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00279818 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8C2D22C8--D856E9E17B45.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00279818 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--46E053E1--7AE19CECE0D9.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00222237 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--3DA45503--FD3B00CF7E25.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00215019 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--09E359A0--B68F0EE76339.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00125051 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--281F97D7--615AAB8F75B5.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00065348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B07C2A12--78E63110415D.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00065348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--639E9CCF--0B560B94E397.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00065348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--0C490097--241557D592C7.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00008182 _____ C:\ProgramData\OSIRIS-a761.htm
2017-01-23 18:21 - 2017-01-23 18:21 - 00003592 _____ C:\ProgramData\346FD420--07CA--C4B7--4928A8E6--FA91EDB292F1.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00671364 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FB6A95E8--07FA92E86296.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00671362 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A662DF21--ECE0E35B5B26.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00669737 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--396323E0--971D2F1DF23F.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00668258 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--30A92CFA--AFB48099F7A1.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00634590 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--91A2F770--4D5715896E9E.osiris
2017-01-23 18:20 - 2017-01-23 1

43
Analysis and Malware Removal / Re: File Type Question
« on: January 24, 2017, 06:22:37 PM »
Winchester73, I do have all of my Word documents on an external drive, but evidently it got the virus, too, when I hooked it up to my computer.  During the hectic last few weeks, I have not backed up my files to another external drive I use for that.

44
Analysis and Malware Removal / Re: File Type Question
« on: January 24, 2017, 06:20:12 PM »
I went to the link you posted, MikeW.  However, my computer will not allow the download of Security Analysis.  I did turn off the protection on my computer and tried to download, but again, the computer would not allow download.

45
Analysis and Malware Removal / Re: File Type Question
« on: January 24, 2017, 04:28:05 PM »
I just finished reading the article at that link you posted, and I definitely got that "ransom" notation.  OMG.  I don't understand how I even got this darned thing. 

Pages: 1 2 [3] 4